Strange Problem

**karlm** · Sat 2 Sep '06, 9:40pm

Disable HTML in the forum.
AdminCP / Forum & Moderators / Forum Manager -> Edit Forum

**Marco van Herwaarden** · Sun 3 Sep '06, 1:16am

Standard vBulletin don't evaluate HTML codes in thread titles. It sounds like the software you are using for your frontpage does however evaluate this. Not much vBulletin can do about this, i suggest you contact the author of your frontpage to have this fixed.

PS Also see the following thread: http://www.vbulletin.com/forum/showt...34#post1202934

**karlm** · Sun 3 Sep '06, 6:16am

Very coincidently, after a posting my above comment to disable html, my board got hacked this very day!!!
I've read the thread and i'm not using either of the softwares listed.

The site that my members & guests are being redirected to is

http://turksecurity.org/forum/index.php

Can the team behind vbulletin do something with these guys as they're using hacks and corrupting other folks' boards?

**karlm** · Sun 3 Sep '06, 7:17am

I moved the last one to a hidden forum (junk) and that sorted it.
Now I got a NEW one already, from http://clubplus.pl/ which proudly states itself as a hack-site.

I'm not using the software (flashchat) etc. Hmmmm

**karlm** · Sun 3 Sep '06, 7:31am

I'm not using topxstats, but I was using cyb advanced stats..
I disabled that alone

I see someone tried it here, too.

vBulletin Community Forum

http://www.vbulletin.com/forum/showthread.php?t=198958

**Crow** · Sun 3 Sep '06, 10:50am

Originally posted by karlm

I'm not using topxstats, but I was using cyb advanced stats..
I disabled that alone

I see someone tried it here, too.

http://www.vbulletin.com/forum/showthread.php?t=198958

I just had this happen to my sites, I'm glad it didn't work for them tho

**Danecookie** · Sun 3 Sep '06, 11:24am

Well what should i do thennn?????

**The Finman** · Sun 3 Sep '06, 12:38pm

Originally posted by Danecookie

Well, some users are using cheap hacking techniques to hack the front page of my forums. Like i get many hits per day, and many of them use html codes in the new thread "Title" area.. many of the peoples i got, did that and they were not sucessful, i just removed the thread.

But yesterday a guy placed an html code in a new thread in my General Section and it worked, and due to that my front page started to get redirected to > http://srsrxxx.kayyo.com/

Is this a flaw in vb? or what should i do to avoid this?

Thanks

We got hit with it yesterday.

It's a really lame trick (more like an annoyance), but here is a very simple fix.

Go into you AdminCP and under vB Options choose Censorship Options.

In the Censored Words window add this.

Code:

{meta} >>>> {http-equiv} "Refresh" """"

That will put an end this nonsense.

**karlm** · Sun 3 Sep '06, 4:05pm

Thanks... I'll try it now

**Scott MacVicar** · Sun 3 Sep '06, 5:48pm

I suggest you remove all third party modifications since this is where the flaw happens, we ensure that our own stock code isn't affected and can only assume that its a flaw within their code.

Much more serious issues than a meta redirect can occur so its within your best interest to remove the offending plugin.

**karlm** · Sun 3 Sep '06, 8:58pm

Thought I comprehend what you're saying, you have to admit if everyone retained the vanilla vbulletin - most forums would lack any personality or unique appeal. I'm generally careful on what I allow to be used on the forums, and I select the plugins carefully prior to eventually transferring from test-board to live-board status..

Strange Problem

Strange Problem

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment