I've posted numerous times what is happening and how to fix it. However I will post it again.
Replace the connection-min.js file in your clientscript/yui/connection folder. Revert your footer template.
To check your site for embedded exploits run the following steps. You'll find these steps in my first post in this thread as well. Post #11.
1) Run Suspect File Diagnostics under Maintenance -> Diagnostics. Replace any files not containing the expected contents. Delete any files that are not part of vBulletin and that you can't identify as belonging to your addons.
2) Check the config.php for any suspicious code. It isn't checked by the suspect file diagnostic.
3) Search all templates for iframe tags. They should only appear in the following templates: bbcode_video, editor-ie.css, member.css, stylegenerator.css, vbcms.css, vbulletin.css, help_bbcodes, humanverify_recaptcha, search_common, and search_common_select_type
4) Check all your plugins for rogue include, require, include_once, or require_once code. All files should come from your server and be known to you.
5) Check your plugins for any base64 code. I recommend using against using any plugins or products that include base64 code in them. However some "lite" or branded addons will include this as a means to prevent you from cheating the author. You'll have to make a personal call on these if you use them. This is often a sign of a hacked site.
6) Make sure that your plugins do not include calls to exec(), system(), or pass_thru() or iframes. These are also often signs of a hacked site.
Query for step 4 and 5 -
SELECT title, phpcode, hookname, product FROM plugin WHERE phpcode LIKE '%base64%' OR phpcode LIKE '%exec%' OR phpcode LIKE '%system%' OR phpcode like '%pass_thru%' OR phpcode like '%iframe%';
7) Run this query: SELECT styleid, title, template FROM template WHERE template LIKE '%base64%' OR template LIKE '%exec%' OR template LIKE '%system%' OR template like '%pass_thru%' OR template like '%iframe%';
It checks the templates for compromising code.
8) Check .htaccess to make sure there are no redirects there. This isn't a vBulletin issue but customers really don't understand that.
I've been posting these steps since the very first post on this issue. To be basically called incompetent by you is very annoying to say the least.
Replace the connection-min.js file in your clientscript/yui/connection folder. Revert your footer template.
To check your site for embedded exploits run the following steps. You'll find these steps in my first post in this thread as well. Post #11.
1) Run Suspect File Diagnostics under Maintenance -> Diagnostics. Replace any files not containing the expected contents. Delete any files that are not part of vBulletin and that you can't identify as belonging to your addons.
2) Check the config.php for any suspicious code. It isn't checked by the suspect file diagnostic.
3) Search all templates for iframe tags. They should only appear in the following templates: bbcode_video, editor-ie.css, member.css, stylegenerator.css, vbcms.css, vbulletin.css, help_bbcodes, humanverify_recaptcha, search_common, and search_common_select_type
4) Check all your plugins for rogue include, require, include_once, or require_once code. All files should come from your server and be known to you.
5) Check your plugins for any base64 code. I recommend using against using any plugins or products that include base64 code in them. However some "lite" or branded addons will include this as a means to prevent you from cheating the author. You'll have to make a personal call on these if you use them. This is often a sign of a hacked site.
6) Make sure that your plugins do not include calls to exec(), system(), or pass_thru() or iframes. These are also often signs of a hacked site.
Query for step 4 and 5 -
SELECT title, phpcode, hookname, product FROM plugin WHERE phpcode LIKE '%base64%' OR phpcode LIKE '%exec%' OR phpcode LIKE '%system%' OR phpcode like '%pass_thru%' OR phpcode like '%iframe%';
7) Run this query: SELECT styleid, title, template FROM template WHERE template LIKE '%base64%' OR template LIKE '%exec%' OR template LIKE '%system%' OR template like '%pass_thru%' OR template like '%iframe%';
It checks the templates for compromising code.
8) Check .htaccess to make sure there are no redirects there. This isn't a vBulletin issue but customers really don't understand that.
I've been posting these steps since the very first post on this issue. To be basically called incompetent by you is very annoying to say the least.
Comment