I've now upgraded to 4.1.9, and so far so good, although I'm slightly nervous, as others on here have said the same thing, only for it to return. Did I read somewhere that 4.1.9 allows 2 separate passwords, 1 for the general forum, 1 for the admin area? How do I change my passwords?
Kokosina.in - Anyone Else Getting This?
Collapse
X
-
but as long as vb dont do nothing to prevent it - theres not much we can do besides thatComment
-
Did that as that file was infected as you suggested, however, since our AdminCP settings are configured to have it hosted by Google !!!
So, given that fact, how does one explain how so many vBulletin sites have had that file become infected?
We've now removed the code from all our Footer Templates and also replaced the connection-min.js file, but I'm still not clear on how it happened given our circumstances.
Anyone with any ideas?
Regards,
Doug
3295 admin 01:40, 20th Dec 2011 template.php updatetemplate style id = 1 91.203.88.106
3294 admin 01:40, 20th Dec 2011 template.php edit style id = 0 91.203.88.106
3293 admin 01:40, 20th Dec 2011 template.php modify 91.203.88.106
3292 admin 01:40, 20th Dec 2011 template.php updatetemplate style id = 1 91.203.88.106
3291 admin 01:40, 20th Dec 2011 template.php edit style id = 0 91.203.88.106
Control Panel Log
[Restart]
Help
Control Panel Log Viewer (page 2/34) | There are 3,390 total log entries.
ID User Name Date Script Action Info IP Address
3290 admin 01:40, 20th Dec 2011 template.php modify 91.203.88.106
3289 admin 01:40, 20th Dec 2011 template.php modify 91.203.88.106
3288 admin 01:10, 20th Dec 2011 template.php updatetemplate style id = 1 91.203.88.106
3287 admin 01:10, 20th Dec 2011 template.php edit style id = 0 91.203.88.106
3286 admin 01:10, 20th Dec 2011 template.php modify 91.203.88.106
3285 admin 01:10, 20th Dec 2011 template.php inserttemplate style id = 3 91.203.88.106
3284 admin 01:10, 20th Dec 2011 template.php add style id = 3 91.203.88.106
3283 admin 01:10, 20th Dec 2011 template.php modify 91.203.88.106
3282 admin 01:10, 20th Dec 2011 template.php modify 91.203.88.106
3281 admin 23:42, 18th Dec 2011 plugin.php kill plugin id = 206 91.203.88.106
3280 admin 23:42, 18th Dec 2011 plugin.php delete plugin id = 206 91.203.88.106
3279 admin 23:42, 18th Dec 2011 plugin.php modify 91.203.88.106
3278 admin 23:42, 18th Dec 2011 plugin.php update 91.203.88.106
3277 admin 23:42, 18th Dec 2011 plugin.php add 91.203.88.106
3276 admin 22:42, 18th Dec 2011 plugin.php kill plugin id = 205 91.203.88.106
3275 admin 22:42, 18th Dec 2011 plugin.php delete plugin id = 205 91.203.88.106
3274 admin 22:42, 18th Dec 2011 plugin.php modify 91.203.88.106
3273 admin 22:42, 18th Dec 2011 plugin.php update 91.203.88.106
3272 admin 22:42, 18th Dec 2011 plugin.php add 91.203.88.106
3271 admin 22:40, 18th Dec 2011 plugin.php kill plugin id = 204 91.203.88.106
3270 admin 22:40, 18th Dec 2011 plugin.php delete plugin id = 204 91.203.88.106
3269 admin 22:40, 18th Dec 2011 plugin.php modify 91.203.88.106
3268 admin 22:40, 18th Dec 2011 plugin.php update 91.203.88.106
3267 admin 22:40, 18th Dec 2011 plugin.php add 91.203.88.106
3266 admin 22:39, 18th Dec 2011 plugin.php kill plugin id = 203 91.203.88.106
3265 admin 22:39, 18th Dec 2011 plugin.php delete plugin id = 203 91.203.88.106
3264 admin 22:39, 18th Dec 2011 plugin.php modify 91.203.88.106
3263 admin 22:39, 18th Dec 2011 plugin.php update 91.203.88.106
3262 admin 22:39, 18th Dec 2011 plugin.php add 91.203.88.106
3261 admin 22:22, 18th Dec 2011 plugin.php kill plugin id = 202 91.203.88.106
3260 admin 22:22, 18th Dec 2011 plugin.php delete plugin id = 202 91.203.88.106
3259 admin 22:22, 18th Dec 2011 plugin.php modify 91.203.88.106
3258 admin 22:22, 18th Dec 2011 plugin.php update 91.203.88.106
3257 admin 22:22, 18th Dec 2011 plugin.php add 91.203.88.106
3256 admin 21:52, 18th Dec 2011 plugin.php kill plugin id = 201 91.203.88.106
3255 admin 21:52, 18th Dec 2011 plugin.php delete plugin id = 201 91.203.88.106
3254 admin 21:52, 18th Dec 2011 plugin.php modify 91.203.88.106
3253 admin 21:52, 18th Dec 2011 plugin.php update 91.203.88.106
3252 admin 21:52, 18th Dec 2011 plugin.php add 91.203.88.106
3251 admin 21:38, 18th Dec 2011 plugin.php kill plugin id = 200 91.203.88.106
3250 admin 21:38, 18th Dec 2011 plugin.php delete plugin id = 200 91.203.88.106
3249 admin 21:38, 18th Dec 2011 plugin.php modify 91.203.88.106
3248 admin 21:38, 18th Dec 2011 plugin.php update 91.203.88.106
3247 admin 21:38, 18th Dec 2011 plugin.php add 91.203.88.106
3246 admin 20:44, 18th Dec 2011 plugin.php kill plugin id = 199 91.203.88.106
3245 admin 20:44, 18th Dec 2011 plugin.php delete plugin id = 199 91.203.88.106
3244 admin 20:44, 18th Dec 2011 plugin.php modify 91.203.88.106
3243 admin 20:43, 18th Dec 2011 plugin.php update 91.203.88.106
3242 admin 20:43, 18th Dec 2011 plugin.php add 91.203.88.106Comment
-
I can confirm someone with a Ukraine IP accessed my AdminCP using the User ID#1 and modified the footer template. It appears as if had something to do with a file called plugin.php - How they got my username and password for this account I have no idea. My very helpful ISP ran a total scan on my site, and checked the logs, and assured me nobody but me has accessed the server. Here are my Admin logs if it helps anyone figure this out. I am using 4.1.3 Patch Level 1
3295 admin 01:40, 20th Dec 2011 template.php updatetemplate style id = 1 91.203.88.106
[snip]Comment
-
So there is still no official explanation for why this is happening?leftunderground.com - Progressive Message Board Open To EveryoneComment
-
Comment
-
Extremely serious. I could have went with countless other message boards when I set up my community but I went with vB because I assumed that the $300 premium would provide the kind of support that would prevent (or atleast minimize) this kind of thing. Yet this thread is now 2 weeks old and still no official word on why this is happening (that I know of, if I am wrong on this my apologies).
The last thing I want is to have my website infecting user computers.leftunderground.com - Progressive Message Board Open To EveryoneComment
-
The majority do seem to be vBulletin sites... http://www.google.com/search?q="koko... by vBulletin"
"kokosina.in" has 405 hits on Google, 233 of them include the phrase "Powered by vBulletin". Give or take a dozen for links pointing to threads on this site and scrapers that repost RSS feeds, it's still quite alarming...- Maurice Workin' in the Jira mine, goin' down, down, downComment
-
The majority do seem to be vBulletin sites... http://www.google.com/search?q="koko... by vBulletin"
"kokosina.in" has 405 hits on Google, 233 of them include the phrase "Powered by vBulletin". Give or take a dozen for links pointing to threads on this site and scrapers that repost RSS feeds, it's still quite alarming...
Has vbulletin officially replied to this?
Other then the normal (we don't support modded forums) answer??Comment
-
Every site that I have looked at appears to have been infected on an exploit that was present in 4.1.3 and the patch levels weren't applied in time and/or passwords weren't changed. The exploiters at that time usually left backdoors in the system that were also not removed. The exploit has been fixed for quite some time now. I have not seen any site where the initial exploit has occurred on a 4.1.8 or 4.1.9 board.
If you have additional information then you need to suppy it.Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
We can't force customers to update to the latest software. We issue notices when patch levels are released but can't force them to be installed. Customers need to maintain their sites on the latest versions of the software or properly apply security patches when they are released.Translations provided by Google.
Wayne Luke
The Rabid Badger - a vBulletin Cloud demonstration site.
vBulletin 5 APIComment
-
We can't force customers to update to the latest software. We issue notices when patch levels are released but can't force them to be installed. Customers need to maintain their sites on the latest versions of the software or properly apply security patches when they are released.Comment
-
Wayne, if that is the case that's fair enough. I was not updated with the latest patches, and yes, that is my fault.
However, I was simply looking for an official word that your team knows exactly what is happening and what needs to be done to fix it. You provided that now, that this was a issue discovered back in 4.1.3. If you had provided that earlier in this thread and I missed it my apologies.leftunderground.com - Progressive Message Board Open To EveryoneComment
Related Topics
Collapse
-
Has anyone noticed this trend in google webmaster tools? Page loading speed is a factor in search result rankings, so this can't be good?...1 Photo
-
Channel: vB Cloud Support & Troubleshooting.
-
Comment