I'll update :)

Thanks for Updates

v3.9.2 - Apr 21. 2009.
-New: Drop-down menu with the rule set list on Rules page
-New: General Rules always shown at the top of table, requested Rules below it
-New: 'Forum Rules' link at the bottom of forumdisplay will lead user to that forum's rule set
-Fixed bug: Navbar link is not disabled when you disable product in options
-Fixed bug: Quick Reply hidden for users who have not accepted Rules even if forum is excluded from restrictions
-Forums better sorted on the list, now linked and some more details are shown

To upgrade:
-Import XML, allow overwrite
-Revert product templates if modified before

Note:
I've also updated screenshots in this thread.

A few rules are set in secret/hidden sections. Any possible way that those rules cannot be displayed by usergroups that don't have the permission to view the section in the first place?

Awesome! I'll update asap.

A few rules are set in secret/hidden sections. Any possible way that those rules cannot be displayed by usergroups that don't have the permission to view the section in the first place?
I was concerned about the same issue~ Users can access those rules simply by changing the rule's number in the URL to view the other rules.

Great update, by the way! Thank you for your hard work.

Where is the actual Forum Rules boxes the three that you use to be able to type into. I have installed it on a mirror site of mine to check first and they aren't showing up it stops at the option just above there. "Reset acceptance status for all registered members"

As it makes hard to edit the rules this new way if that is what way you are going.

v3.9.3 - Apr 25. 2009.
-New: User can not view Rule sets applied to no-permissions-to-view forums
-Above works also with 'Cyb - Advanced Permissions Based on Post Count' add-on
-New: Choose if General Rules will be Always shown, Collapsed if there is another rule set requested, or Disabled when there are other rules shown
-'Forum Rules' links in showthread, newthread, and newreply are also now redirected to the Cyb Forum Rules
-New: "Rules NOT accepted" shown in user profiles when they have this status

Upgrade instructions:
-Import product XML, allow overwrite
-IMPORTANT: Check product settings and update if needed (some settings are changed, some added)
-Revert hack templates if you modified any earlier

This update was perfection~ Thank you.

Cybernetec,

I asked above, where are the three input boxes that were there in previous versions, that you could type into there the rules ? They seem to be missing now.

Under the words "Reset acceptance status for all registered members" it is now just save options. Where do you set up these rules that you mention in the update ?

Click on 'Rules' in NavBar, then 'Manage Rules' in table header.

There you can edit, add, delete rule sets, and apply them to your forums.

'For breaking above rules you may be warned/banned appropriately.' was moved to Phrases.

Its working like a charm. Many thanks for adding this. It will save my staff a lot of work.
Cyb; could you please PM me your paypal account details for a donation.

v4.0 - Apr 28. 2009.
-New: User must accept Rules to be able to view thread content
-New: User must accept Rules to be able to send e-mails ('contact us' or 'e-mail user')
-New: Different Rule sets are accepted individually
-New: Reset acceptance status for individual Rule sets
-New: Rules acceptance date/time info shown in member profile
-Fixed bug: Quotes can not be used in Rule Set name
-Some minor bugs fixed

Upgrade Info:
-Import product XML, allow overwrite
-Check product options and update new settings if needed

v4.0.1 - Apr 28. 2009.
-Fixed bug: Reply w/quote switches to basic reply after redirection
-Fixed bug: Forums exclusion does not work properly in v4.0
-New: When PM restrictions are enabled Quick Reply is hidden in ShowPM until General Rules are accepted

To upgrade:
-Import XML, allow overwrite
-Check product options and update if needed

why jelsoft don't hire you to be a developer?

How do I change the color of the "Forum Rules" link in the navbar? The bright green clashes with my style :/ Other than that, fantastic mod :)

EDIT - nevermind, I'm blind. Found it :)

v4.0.2 - May 08. 2009.
-Fixed bug: In some cases wrong items are listed in 'Accepted Rules' drop-down
-Fixed bug: 'Reset user acceptance status when infraction received' does not work properly

To upgrade:
-Import XML, allow overwrite

@ Cybernetec, Thanks for putting those links at the bottom makes it much easier for the novice to get to where they need to be.

Hi Cyb,

I installed the latest version of this Mod (4.0.2) but i think i have problem:

when i check my profile page (i'm Admin) i see this (Forum Rules NOT accepted) and it doesn't show like the pic here with the drop menu for Force user to accept the rules again:

https://vborg.vbsupport.ru/attachment.php?attachmentid=98432&d=1240922230

How can i fix it please?

* Clicked Installed and Nominate

I'm having big problems with the newest version. I have successfully installed the hack and copied the previous forum rules but all I get is a blank page like so:

http://img41.imageshack.us/img41/2333/rulesnotworking.png

I am certain though that I have entered the forum rules where they should be and you can see this by the next image:

http://img198.imageshack.us/img198/3501/rulesdisplayed.png

What's going on? Help please!

Revert hack templates.

Hi Cyb,

I installed the latest version of this Mod (4.0.2) but i think i have problem:

when i check my profile page (i'm Admin) i see this (Forum Rules NOT accepted) and it doesn't show like the pic here with the drop menu for Force user to accept the rules again:

https://vborg.vbsupport.ru/attachment.php?attachmentid=98432&d=1240922230

How can i fix it please?

* Clicked Installed and Nominate

Hi,

I'm still waiting for your help ; ;

Thank you.

It shows rules acceptance status.

You have not accepted rules so there are no options to reset status.

Great Mod Cybernetec, and is Working Really Well. :up::up::up:

https://vborg.vbsupport.ru/external/2011/07/3.gif I'd like to Propose an Idea that Would be Very Useful, Cybernetec: Could You Please Include the Possibility to List the Users that Have Accepted Each Rule? (Perhaps a Combo Box to Select the Rule and a Button to Proceed to List the Users that have Accepted that Rule). This Would be Very Nice to be able to Control the Rules Acceptances. https://vborg.vbsupport.ru/external/2011/07/3.gif

https://vborg.vbsupport.ru/external/2011/07/3.gif I'd like to Propose Other Idea, that is Also Very Useful, Cybernetec: Could You Please Include on the User's Profile Statistics Tab the List of the Rules that the User has Accepted (if possible with the Date and Time where each Rule was accepted)? This is Very Useful for Users to Know what They and Other Users Have Accepted. It'd be Really Good if You Can Also Provide a Link on Each Rule's Title to the Description of the Rule so that the User can Read Again and Remember what has Accepted on Each Rule. https://vborg.vbsupport.ru/external/2011/07/3.gif

I Hope You Can Include those Options on Your Next Update, Cybernetec. ;)

(Note for Admins: Be careful Not to Include Character " in the Text for the Accept Rules Button that Appears when User don't Accept the Rules, because that Disables the Button and also the Use of the Acceptance Check Box.)

My Best Regards and Thank You Very Much For Sharing This Very Useful Mod. :up:

:)

One Small Detail: I noticed that when I Use a Created by me BBCode on the General Rules, (in particular one for Spoiler), and I see the General Rules as Guest (Not Logged), the BB Code Spoiler don't Work but the Spoiler Tags ([SPOILER ][ /SPOILER]) are Displayed in the Rules Text, but if I see the same General Rules as a Registered User the Spoiler BB Code is Displayed Fine on the General Rules. Perhaps is a Small Detail with some Permissions Set for Registered Users and Not for Guests that is Affecting the Display of the General Rules (I guess the Other Created Rules should have this Issue too).

I Hope You Can Fix that Small Detail on Your Next Update, Cybernetec. ;)

My Best Regards.

:)

You must have a fun board. Not only do you want users to accept each rule individually, you include spoilers in the rules???

I'm not even going to ask why you would put spoilers in your forum rules. But what's the point of tracking which rules users have accepted? If I didn't accept your rule against pr0n, does that mean I can post all the pr0n I want?

You must have a fun board. Not only do you want users to accept each rule individually, you include spoilers in the rules???

I'm not even going to ask why you would put spoilers in your forum rules. But what's the point of tracking which rules users have accepted? If I didn't accept your rule against pr0n, does that mean I can post all the pr0n I want?

I Place a Spoiler on the Steps of the Registration on My Board on the General Rules, which Occupy like 20 Lines and I wish to Focus the Attention of my Forumers to the Behaviour Rules but to Allow them to Read the Steps and Conditions for Registering, (in case a New Non Registered Guest Decides to Read the Forum Registration Steps which are in the Spoiler), in the Registration Rules of my Board this Steps and Conditions are not Hidden because in that Registration Process is Necessary for them to Read those Steps (and if are not Accepted then I Specifically Ask Not to Register in my Forums), but not by Reading the Forum Rules Provided by this Mod where I Like to Focus the Attention of the Readers to other Aspects of the Forum's Rules.

Also, you're not Picturing the Complete Panorama, if you Create a YouTube BBCode Tag and you Include it in the General Forum Rules and a Guest Reads them then All the Guest Will see will be

CodeOfMovie

instead of the Video, and that for ALL the BBCodes You Created and Include in the Text; (as I mentioned the Registered Users will see the HTML that the BBCode Replaces so in that case they'll see the YouTube Video and not the BBCode Tag). That's where I'm Focusing my Post Directed to Cybernetec so that He Can Check the Code and Correct it. :cool:

I Expresed My Case as an Example Not to be Questioned for it; each one Decides what to do on each one's Board, and each one has a Criteria to do Things on His/Her Boards.

My Best Regards.

:)

Cybernetec, the Custom BBCodes are also not Displayed on the Rules for Users that are on Usergroups 3 and 4, as well as for Usergroup 1 (Guests); I've just checked that on a Testing Account, when the General Rules got Displayed when Trying to Access a Forum. :(

My Best Regards.

:)

i think that it should be made that when "strangers" or non logged in members read the rules the two green bars at the top/bottom do not appear. (basically the same result as if an admin/mod/super mod were to read the rules), since it doesn't matter or make a difference. (..or does it ?) ...and i think it would look better that way. (i guess i could add the unregistered group to the hack control panel and that would do this, but is it safe?)

also i would like to change some of the text strings. ie: I have read, and agree to abide by the {1} rules. should i edit this in the xml file and re-upload it or via the admincp ? (if via the admnicp which phrase or where can i change this and others)
because i want to remove the "the" before {1}, because otherwise with my forums it will "sound" not quite right. ..i also want to slightly modify the pop up text that shows if a user wants to submit the rules but does not click the box. as it is it shows: You have chosen not to accept the Forum Rules. Select the checkbox and then Submit the form. Until you accept the Forum Rules you will not be able to use some forum functions.


thanks,

hello cyb,

currently have version 3.8 installed and want to upgrade to latest version...

you mentioned reverting template edits, but do not know if there were any with the 3.8 version...how do i know if i need to revert anything?

thanks for your help and a great product :)

Just ensure that templates named cyb_frules_X are not shown in red in template list.

Red means modified. When you select modified template you'll get Revert button on the right side.

oh, ok, so lisa gets an answer but not ralph ? nice....

anyway i guess i answered myself.

Suiram,

You can allow guests to view or post. Then why not ask them to accept rules as other people do?

However you can exclude them from restrictions and they will never know that this product is installed.

And Phrase Manager is the place to modify/translate text strings. You don't need to edit XML at all.

thank you...

Hi ,

Could You Please Include the Possibility to List the Users that Have Accepted Each Rule?
This is very usefull for the admins

Thanks

There will be a vb4 version?

Installed ok ... thanks Cyb ... :up:

Now, How do I actually edit or ad the rules?

When I select "Edit Rules" under the AdminCP option for the mod, it takes me to a page of smilies? :confused:

Thanks for any help ... :)

Regards,
Badge

Yes, has anyone tried this in vb4?

this version was last updated may 2009

I would love to see a version for vb4.0 too

Installed ok ... thanks Cyb ... :up:

Now, How do I actually edit or ad the rules?

When I select "Edit Rules" under the AdminCP option for the mod, it takes me to a page of smilies? :confused:

Thanks for any help ... :)

Regards,
Badge
I approved this... for me is too
what should we doing?

Posted by mistake.

"Choose between BB codes and HTML in rules" When did that happen? I can use HTML? That's great news. I was using 3.8 version and never knew. Thanks.

Installed ok ... thanks Cyb ... :up:

Now, How do I actually edit or ad the rules?

When I select "Edit Rules" under the AdminCP option for the mod, it takes me to a page of smilies? :confused:

Thanks for any help ... :)

Regards,
Badge

same here.

this hack sucks.

uninstalled.

I tried to find answer but couldn't do it. Problem is - I have 2 languages on forum (English and Russian) in English language counter at bottom or rules works perfect and allow to agree with rules, BUT in russian langauge it's not working at all and giving java-script error. what can create such a problem?

I imported it into my 4.0.7 forum and it doesn't work. The manage rules page is displayed incorrectly, with the following errors above the forum header:

Warning: array_merge() [function.array-merge]: Argument #1 is not an array in [path]/includes/class_bootstrap.php(1280) : eval()'d code on line 72

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: navbar in [path]/includes/functions.php on line 3984

Parse error: syntax error, unexpected T_STRING in /home/foo/www/forum/misc.php(89) : eval()'d code(176) : eval()'d code on line 1

Warning: fetch_template() calls should be replaced by the vB_Template class. Template name: cyb_frules_mng in [path]/includes/functions.php on line 3984

I'd REALLY like to see this for vB 4.x. I'd even be willing to pay something for it!

I'd REALLY like to see this for vB 4.x. I'd even be willing to pay something for it!Okay, send $20 to your fave charity: VSa - Advanced Forum Rules (https://vborg.vbsupport.ru/showthread.php?t=236069)

Heh. I found it after posting, and you beat me to the post with the link to the 4.x version, for others that stumble across it like I did.

:D

Just installed! It works perfectly. :) Thank you for creating this! :up:

Is there a max amount of characters in the rule field? I'm trying to copy my rules from an existing thread and they are getting cut off each time.

If there is a limit, how can I expand it?

A large number of websites have been hacked today. Its possible that this was caused by an issue with this addon. It may be a good idea to deactivate the addon until this is cleared up.

http://www.vbulletin.com/forum/showthread.php/379072-Site-hacked-can-someone-please-help

Reviewed the code for Cyb - Advanced Forum Rules and this can be the culprit as I see an exploit.........

Uh, will this also affect the vb4 version? VSa - Advanced Forum Rules (https://vborg.vbsupport.ru/showthread.php?t=236069)

Yes, it does affect the vb4 version. It affects the 3.7, 3.8 and 4.x versions.

I see this is no longer quarantined. Thanks for the quick fix. What is the procedure for updating? Specifically should allow overwrite be set to yes, and will that cause data to be lost?

Also what is the db query to set acceptance to yes?

I installed the latest update, and now I'm "Hacked by Team Animus", so this is NOT fixed.

I'm just uninstalling it completely. Nevermind disabled anymore. This mod is too risky, especially with my forum. It's too important to too many people.

Maybe disable ALL Cyb mods until they've been thoroughly checked?

guys relax

the reasons have hacked one website is many.... maybe fault VB software (have any flaw or security bug) or maybe fault VB HACK MOD.

if your are fear dont hacked your sites

dont use any mod hack (clean VB Software) this advice from VB Support Staff.

disable all or uninstalled

and have one not usefull (like for anyone) vb payment software on your site.

or pay other website/forum software.

or try other open source website/forum software.

this is my personal opinion.

I also installed this newest version earlier today..........and now my website has been hacked. :(

Rules page demo: http://www.bihforum.com/misc.php?do=cfrules <= this site is hacked.

How do I unistall serverside? I have no forum access

To restore your admin access you will need to go into the database and update in the user table your usergroup ID - this hack switched us from admins to regular users. Change your usergroup and you will be able to get back in to update all the usertitles and disable the addon.

done, thank you!

How do I mass change all user titles? they all say "Hacked by Team Animus"

Since this mod was quarantined and then restored, (with the claim to have been fixed) does that mean someone here (vbulletin.org) went thru the code line by line to verify the fix and see if the rest of the code is safe? Someone very clever. Was it in fact the mod or something else? Is 4.0.3 safe?

Is 4.0.3 safe?Not really, since it's an older version. But whatever vulnerability they've recently discovered seems to be in a lot of different versions.

People found a possible exploit in this mod, but it is now fixed. If sites are still being hacked then the exploit probably lies elsewhere. Nevertheless, this mod has now become tainted and I've got it disabled for now.

BTW, if you've got vb4 you shouldn't have this version installed anyway as it's for vb3.7.

Several people report that their site was hacked after installing the latest version of AFR. However, its unclear if this is related to this addon or not.

Not really, since it's an older version. But whatever vulnerability they've recently discovered seems to be in a lot of different versions.

People found a possible exploit in this mod, but it is now fixed. If sites are still being hacked then the exploit probably lies elsewhere. Nevertheless, this mod has now become tainted and I've got it disabled for now.

BTW, if you've got vb4 you shouldn't have this version installed anyway as it's for vb3.7.

I think you misunderstood. The current version for this mod is 4.0.3. You are thinking about the forum.

I expect an official reply from someone on these forums. I'm more interested in a generic reply to what they do when they "restore" a mod. You would think they would inspect the code and approve it to be re-released. Is that what happens?

Several people report that their site was hacked after installing the latest version of AFR. However, its unclear if this is related to this addon or not.

I've read this too. What's it mean exactly? How long after the update? Minutes? Hours?
And do they get hacked if they fix the breach and uninstall the mod?

Because this is the way I read their claims:


their vb forum was using this mod @v4.0.2
the forum was breached
they read it may be the mod at fault
they regain/clean their server/forums (one assumes!)
they install the "fixed" 4.0.3 mod
shortly after (minutes/hours?) they are hacked again
they still blame the mod.


To them I say redo step 4 and then disable/uninstall the mod.
See if you get hacked again.
Yes? ==> Most likely not the mod.
No? ==> Hmmmmm.... ==> Enable/install the mod and now see.

(Unless their server is still compromised because it wasn't "cleaned" properly.)

v4.0.3 - May 04. 2011.
-Security bug fixed

To update:
-Import XML, allow overwrite


If your site has been hacked please check out this post:
http://www.vbulletin.com/forum/showthread.php/379072-Site-hacked-can-someone-please-help?p=2154415#post2154415

I installed the latest update, and now I'm "Hacked by Team Animus", so this is NOT fixed.

Is the bug now definitely fixed? Or did the second hack happened over the installed backdoor? The current situation is a bit confusing.

They have added some files, created new user,...

To properly remove hacking traces please check link posted above.

I wasn't hacked, the situation is only a bit confusing since other people report that they was hacked (again) even after they upgraded the addon.

Thank you Valter for your efforts.

I've read this too. What's it mean exactly? How long after the update? Minutes? Hours?
And do they get hacked if they fix the breach and uninstall the mod?

Because this is the way I read their claims:

their vb forum was using this mod @v4.0.2
the forum was breached
they read it may be the mod at fault
they regain/clean their server/forums (one assumes!)
they install the "fixed" 4.0.3 mod
shortly after (minutes/hours?) they are hacked again
they still blame the mod.
To them I say redo step 4 and then disable/uninstall the mod.
See if you get hacked again.
Yes? ==> Most likely not the mod.
No? ==> Hmmmmm.... ==> Enable/install the mod and now see.

(Unless their server is still compromised because it wasn't "cleaned" properly.)
Good point!

Here is what I found. This may not be a complete list and I encourage others to chime in if I missed anything:

I have removed the following malicious files:

[******@gator**** /home/**********/public_html]# stat forums/includes/xml/vba.php
File: `forums/includes/xml/vba.php'
Size: 257983 Blocks: 512 IO Block: 4096 regular file
Device: 807h/2055d Inode: 38740597 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 837/ *****) Gid: ( 837/ ******)
Access: 2011-05-04 17:44:26.000000000 -0500
Modify: 2011-05-04 18:39:39.000000000 -0500
Change: 2011-05-04 18:39:39.000000000 -0500
[*****@gator******* /home/******/public_html]# stat forums/includes/vba.php
File: `forums/includes/vba.php'
Size: 257983 Blocks: 512 IO Block: 4096 regular file
Device: 807h/2055d Inode: 33064053 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 837/ subaru) Gid: ( 837/ subaru)
Access: 2011-05-04 17:44:26.000000000 -0500
Modify: 2011-05-04 18:39:39.000000000 -0500
Change: 2011-05-04 18:39:39.000000000 -0500

Hacked by Team Animus?

Please read this thread:
https://vborg.vbsupport.ru/showthread.php?t=263202

v4.0.3 - May 04. 2011.
-Security bug fixed

To update:
-Import XML, allow overwrite


If your site has been hacked please check out this post:
http://www.vbulletin.com/forum/showthread.php/379072-Site-hacked-can-someone-please-help?p=2154415#post2154415

Unfortunately, I did just that and allowed over write. Lost all my rules and now if I click on the rules link, it takes me to FAQs about smileys!

Is the bug now definitely fixed? Or did the second hack happened over the installed backdoor? The current situation is a bit confusing.

Its definately not fixed. I had the email from vBulletin to say a plugin I had (this one) had an exploit and was in quarantine. I never had a hack before, and when I looked at the thread linked earlier, it was stated the vulnerability was resolved and to download the latest version.
This I did, and then my forum was hacked in a short while after (maybe 15ish minutes?).

Now considering I hadn't been hacked on the previous version, then I upgrade to the latest version, resulting in the issue that other people have posted - I'd definately point my finger to this!

Its definately not fixed. I had the email from vBulletin to say a plugin I had (this one) had an exploit and was in quarantine. I never had a hack before, and when I looked at the thread linked earlier, it was stated the vulnerability was resolved and to download the latest version.
This I did, and then my forum was hacked in a short while after (maybe 15ish minutes?).

Now considering I hadn't been hacked on the previous version, then I upgrade to the latest version, resulting in the issue that other people have posted - I'd definately point my finger to this!
You may be right, but it is also possible that the hack attempt was already in progress before you upgraded to the latest version. So the hacker was already in. And he continued the hacking after you upgraded, because your system was already infected. 15 minutes is quite a short time frame.

I would go through the procedure that Valter posted to get your site in order. After that you can always decide whether or not you want to activate this addon or not.

v4.0.4 - May 06. 2011.
-Fixed: vbseo users not able to switch rules

To update:
-Import XML, allow overwrite

Unfortunately, I did just that and allowed over write. Lost all my rules and now if I click on the rules link, it takes me to FAQs about smileys!

I have the same thing going on. I disabled the hack, and now new registered members are receiving their confirmation e-mail sending them to the smilies page. Did you figure out how to fix this?

No. I had to uninstall all plugins because my host was having issues and I was trying to find if my products were the reason..any way long story short..I had to uninstall it..but I am sure on my new host, I'll install it again.

Valter, thank you for working so fast and putting out an updated version with the security patch. Your very quick attention to this is appreciated. :)

i was just hacked. i have no doubt it was this mod. why? because it was the only mod i was using. plain vanilla vbulletin v3.8.6 pl1 and this mod - nothing else. i was not hacked with v4.0.2, i was not hacked when i updated to v4.0.3 but a few days after the initial hack reports by others and then i was on v4.0.4. and yes, i did tick the overwrite box. i almost deserve this for not uninstalling it right there and then, when people were reporting their sites hacked. like another guy said in the other forums, thank God it was a "friendly" hack. never again. i'll stick to vanilla forums from now - lesson learned.

i'm here to find out why i still have a link to http://forums.(mydomain).com/misc.php?do=cfrules which goes to the icons faq question. how do i get rid of this "portal to hacking" completely? i want any and all traces removed.

Check out this thread: https://vborg.vbsupport.ru/showthread.php?t=263202

It's well possible that you have been hacked before you updated, Hackers tend to install a backdoor, so they can get back inside, even if the exploit they used to get in has been fixed already. It's not always super obvious that you have been hacked, it can happen very subtly, without you ever noticing.

I'm not quite sure what your question is though, do you mean, that you still have a link labeled "Rules" in your navbar? If so, I'm sure you can get rid of it by examining whether there are any active template modifications on the navbar template, if not, you may be able to remove the link by making a template modification of your own.

And if your question is why http://forums.(mydomain).com/misc.php?do=cfrules is still leading somewhere, that's because misc.php is a file which implements many many features, like your FAQ. The Smiley thing seems to just be the default and since cfrules doesn't exist anymore it displays the default.

It's well possible that you have been hacked before you updated, Hackers tend to install a backdoor, so they can get back inside, even if the exploit they used to get in has been fixed already. It's not always super obvious that you have been hacked, it can happen very subtly, without you ever noticing.



i don't think so. the file was uploaded on the 9th. i updated to to the "fixed" version 4.0.3 on the 5th. i don't know. i'm still unsure what exactly went down.

https://vborg.vbsupport.ru/external/2011/05/45.jpg

I also was using this mod and updated to the latest files attached here and was hacked and locked out, I gained access, removed the fake admin, re-did the titles etc and since that my whole forums files (the lot) has been deleted by someone.

This was 3 years plus worth of work gone down the pan because the developer of this hack didnt check his work.

Now Im stuffed and hoping my host can restore the site or its gone for good.

Thanks.

Per my above post. My host has carried out a check of the logs and says the following:


I scoured your logs to find no indication of an account breach. However, I did pin-point when this occurred by the error logs and have reason to believe your scripts was exploited to allow your files to be deleted.

Here is the log entries (our helpdesk may strip these - see the raw email):


[Tue May 10 03:32:41 2011] [error] [client 94.143.240.103] malformed header from script. Bad header=Fxxxxxxx%2Fpublic_html%2Femail: vbseo.php, referer: http://www. xxxxxxx. co. uk/includes/vba.php?x=ls&d=%2Fhome2%2Fxxxxxxx%2Fpublic_html&sort=0a
[Tue May 10 03:33:30 2011] [error] [client 94.143.240.103] malformed header from script. Bad header=Fxxxxxxx%2Fpublic_html%2Femail: vbseo.php, referer: http://www. xxxxxxx. co. uk/includes/vba.php?x=ls&d=%2Fhome2%2Fxxxxxxx%2Fpublic_html&sort=0a
[Tue May 10 03:36:46 2011] [error] [client 94.143.240.103] File does not exist: /home2/xxxxxxx/public_html, referer: http://www. xxxxxxx. co. uk/includes/vba.php?

As you can see, there is a script that was either uploaded through an exploit or it is a script you are using that was exploited. The "hacker" was attempting to view your files and 3 minutes later the file was gone. These logs show the unsuccessful attempts and also show they were reworking the exploit to be successful. So whatever includes/vba.php was/is, it contains a nasty exploit or was a shell that was uploaded through an exploit of your scripts. You may want to ensure vbseo is updated.

While these do not give solid evidence of the exploit as these was logged in the error log, it's almost for certain due to the calls and time frames. Your raw access logs have already rotated, and would have gave us the solid evidence needed as it would have shown the successful attempt, but it's not needed after concluding the above. I'm 99% sure they was trying to list your files to test the exploit. Once they was able to list them, they carried out the intentions by removing all files.

As you already noticed, your database is intact. All you need to do is reupload your files and plug in the DB information. Just be sure to update all scripts and audit your files.



Make sure you have backups because this hack can delete your whole forum.

Regards

My forum was hacked again after a recent attack on my site a few days ago. We did a full restore, patched this mod to the current one which says that it was patched and yet a few minutes ago, my forum was hacked.

Add me to the list saying that this updated patch is not yet secure.

I'm watching this closely.

It would be very helpful if someone can find in their server logs the original attack, or any accesses related to the attack. (The error log info above wasn't quite helpful enough for me to work with.)

I found a security hole in the script code which allowed me to execute php script code. (v4.0.4)

@Author/s/whoever is in charge: Plz contact me ASAP per PM

if we only disable the product will be safe ? or have to uninstall it till a good update ?

v4.0.5 - May 18. 2011.
-Fixed: Security bug
-Improved rule acceptance check

To upgrade:
Import XML, allow overwrite

Quarantined, restored, re-quaratined, re-restored...

I uninstalled all my Cyb mods and will never use them again. Nothing against the coder. It was an honest mistake I'm sure that caused the problems. But regardless, I don't have the time to spend restoring entire forums from backups if they get hacked.

Quarantined, restored, re-quaratined, re-restored...

I uninstalled all my Cyb mods and will never use them again. Nothing against the coder. It was an honest mistake I'm sure that caused the problems. But regardless, I don't have the time to spend restoring entire forums from backups if they get hacked.

Congratulations on your new thoughtful safety measures. The next time problems develop in PHP, Mysql or default vBulletin then make sure to uninstall those and never use them again as well.

if we only disable the product will be safe ? or have to uninstall it till a good update ?
Disabeling it will be quite enough. Disabeling is basically uninstalling without deleting the database entries, so no user will be able to interact with the plugin while the data of your rules and who has already accepted the rules will be preserved.

Has anyone been hacked since installing 4.0.5?

been up going good since the fix.

Do we have an update for 4.1 ?

My users are telling me that this has started interfering with our TapaTalk integration.

Users are getting errors accessing the site telling them that access is being denied.

TapaTalk looked into this and they said:

When Tapatalk trying to access your forum, it is forced to a page to agree your forum rules page. You may need to investigate on how to remove that restriction.

Any ideas how I can fix this? I love this mod and really don't want to give it up.

D.