View Full Version : Emergency: Malware injection
lycheepassion
04-03-2012, 03:25 AM
As of Weds my forum has been injected with directmarketingprompt.in malware
. I did an upgrade to 4.11 patch 1 from 4.1.0 (er I mean the last version before the latest with the patch) and then did a scan on Sucuri and it showed clean now it's not anymore. How can I fix this?
Here's the google diagnostic page
http://preview.tinyurl.com/gdiagno
Here's the sucuri report:
http://preview.tinyurl.com/sucscan
Here's my site:
http://preview.tinyurl.com/d4maq8n
Just disabled mods, ran suspect files, not sure what to do.> Thanks
borbole
04-03-2012, 03:05 PM
Search the db for any trace of the injected code and remove them if found. Run a check of your server space as well and then contact your host so they can check things on their end as well.
lycheepassion
04-03-2012, 10:46 PM
thanks VB May have fixed it. How would I run a db search?
santi00
04-04-2012, 12:00 AM
I have a big problem. I think is the same.
If i clean the cookies and cache on the browser, then i go on my forum by google (searcing one of my keywords) and when i click on my site from google serp. I went redirect on http://file2store.info.
VB 4.1.11 and vbseo 3.5
Another italian friend has tried to upload vbseo and remove all plugin but the problem is the same.
Whitch is the solution?
gazza2008
04-04-2012, 06:51 AM
I am having the same problem
I think if you upgrade to the vb 4.1.11 patch that might do it
If anyone else has any ideas let me know
santi00
04-04-2012, 12:08 PM
Incredible that a vbulletin has this bug..... there'wes in a last version (vb 3.X) but i hope with the 4.x version the bug was resolved. Now i can see that the bug is always....incredible.
K a M a L
04-04-2012, 01:16 PM
santi00 and gazza2008
if you have any of these mods installed (vBActivity, vBShout, Forumon RPG, vBDownloads and vBQuiz)
there is an XSS vulnerability on them
if not there is an Xss vulnerability on Ckeditor , and you should upgrade to latest Patch level
santi00
04-04-2012, 01:39 PM
I haven't these mods installed and ckeditor.
The proble are in a lot of forum. Incredible because vbulletin is a commercial software.
INCREDIBLE.
Pandemikk
04-04-2012, 01:44 PM
I.n.c.r.e.d.i.b.l.e
K a M a L
04-04-2012, 01:52 PM
Could you give me an infected site url , to check for the reason ?
Brandon Sheley
04-04-2012, 02:58 PM
This is how you fix the exploits.
http://www.theadminzone.com/forums/showpost.php?p=597122&postcount=81
Follow these steps and your site will be clean, I've done it on a number of sites.
This isn't a "vb issue" stop trying to blame them.. ;)
Stop adding poorly developed hacks and secure your sites.
gazza2008
04-04-2012, 05:04 PM
santi00 and gazza2008
if you have any of these mods installed (vBActivity, vBShout, Forumon RPG, vBDownloads and vBQuiz)
there is an XSS vulnerability on them
if not there is an Xss vulnerability on Ckeditor , and you should upgrade to latest Patch level
I have VB shout Shall I uninstall it or just upgrade to latest patch VB
--------------- Added 1333610394 at 1333610394 ---------------
seems after doing this it is fine
so touch wood lol
vBulletin® v3.8.12 by vBS, Copyright ©2000-2025, vBulletin Solutions Inc.