I just upgraded to 4.2.2 and now I'm getting this error:

Database error in vBulletin 4.2.0:

Invalid SQL:

SELECT *
FROM navigation
WHERE state & = 0
ORDER BY navtype, displayorder;

MySQL Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= 0
ORDER BY navtype, displayorder' at line 3

Disable your plugins/mods and see if you still have the problem. If you no longer have the error then you have a plugin/mod that needs to be upgraded.

I deleted the old install due to the C99madShell v. 2.0 madnet edition hack.

I deleted the old install due to the C99madShell v. 2.0 madnet edition hack.

Are you saying this is a new install? In your first post you said you upgraded. Sorry, I am a bit confused. :)

Well i ran the upgrade script. perhaps I need to go back and run the full install script?

Well i ran the upgrade script. perhaps I need to go back and run the full install script?

You run the upgrade script when you are upgrading a database to the next version.
You run the install script on a new installation, blank database.

will i be able to restore my back up of the data base to the new install?

If you are trying to use the same database. You really need to fix your current installation first, before you upgrade. Upgrading will not clear out problems in a modified database due to the malware.

Make sure you follow all the recommended steps. I will re-post links to them if you do not know them.

--------------- Added 07 Nov 2013 at 03:18 ---------------
will i be able to restore my back up of the data base to the new install?
No, you cannot restore your database to a new install.

OK, so basically because of the extent of this hack and malware, I really need to start from scratch, as this would be the most effective way of cleaning the site up.

I just took this forum over and from what I can tell this "backdoor" in has been there for quite a while. a good number of things like the admincp had not been secured against intrusion.

You made a backup ... good job! :)

The following guides and best practices should get you up and running again. Be thorough when using them, and sorry you were hacked.

http://www.vbulletin.com/forum/blogs...vbulletin-site (http://www.vbulletin.com/forum/blogs/michael-miller/3934768-recovering-a-hacked-vbulletin-site)
http://www.vbulletin.com/forum/blogs...ve-been-hacked (http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hacked)
http://www.vbulletin.com/forum/blogs...vbulletin-site (http://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-site)
http://www.vbulletin.com/forum/forum...-1-vbulletin-5 (http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-vbulletin-install-system-exploit-vbulletin-4-1-vbulletin-5)

The error I listed is from the upgrade attempt. So i think the database is pretty much trash. I fear it has some (read as a lot of) bad code left from the hackers, and i don't know much about mysql to be able to fix that.

I think my best bet is to start from scratch, and properly set up vb so it is secure from the get go.

OK, so basically because of the extent of this hack and malware, I really need to start from scratch, as this would be the most effective way of cleaning the site up.

I just took this forum over and from what I can tell this "backdoor" in has been there for quite a while. a good number of things like the admincp had not been secured against intrusion.

Most sites can be restored unless the database is corrupted or deleted. For most people starting over is really not a choice as the existing threads to a forum is everything.

If this is overwhelming for you, you might want to seek paid help to get you healthy and secured.

Well I can't afford "paid" help, so I have to fix it. Fortunately The forum was small and we've only had vb for a year or so. In the previous incarnation different bulletin board products had been used and had to been started over from scratch.

My users were told by the previous owner he was shutting it down for good, until I told him I'd take it over. I should have expected that the problems behind the curtain were greater than I had anticipated.

Since so many boards were hacked recently there is a ton of information on vb.org to assist you. Resolving your issues is not that difficult, but you must be thorough. In your case just concentrate getting the board up and running and keep all plugins disabled. Make backups at every step if you can. Ask for help here when you do not know what you are doing. Do not miss steps when following the guidelines.

You do have my sympathy, you have a bit of work to do. This is not the fun part of running a forum.

WEll i posted on FB to a page that my main users are on asking them their opinion, whether or not to start from scratch or risk my missing a piece of potentially malicious code.

I ran the upgrade script again and still getting the same database error as in the op.

--------------- Added 1383825115 at 1383825115 ---------------

this is what I'm getting in my browser when I try to login to the admincp.


Warning: Function split() is deprecated in ..../includes/functions_login.php(204) : eval()'d code on line 10

Warning: Function split() is deprecated in ..../includes/functions_login.php(204) : eval()'d code on line 11
Unable to add cookies, header already sent.
File: /home/bonifer/public_html/includes/class_core.php
Line: 5755

As I said before, do not try to upgrade. Restore your backup and follow the guidelines I posted. All you will have if you try to upgrade is a corrupted forum, with no known state.

The copy of the forum I have is of the hacked forum. I don't think a clean backup copy exists.

WEll i posted on FB to a page that my main users are on asking them their opinion, whether or not to start from scratch or risk my missing a piece of potentially malicious code.

I ran the upgrade script again and still getting the same database error as in the op.

--------------- Added 07 Nov 2013 at 03:51 ---------------

this is what I'm getting in my browser when I try to login to the admincp.


Warning: Function split() is deprecated in ..../includes/functions_login.php(204) : eval()'d code on line 10

Warning: Function split() is deprecated in ..../includes/functions_login.php(204) : eval()'d code on line 11
Unable to add cookies, header already sent.
File: /home/bonifer/public_html/includes/class_core.php
Line: 5755

Those errors are caused by plugins/mods that need to be upgraded or patched for v4.2.2. There are quite a few differences between v4.2.1 and v4.2.2 and it will definitely complicate you restoring your board.

What version of vBulletin are you running before you upgraded? What version of PHP?

4.2.1 patch level 3
And all the pluguns have been removed

--------------- Added 1383826071 at 1383826071 ---------------

Thinking about it I'm betting it's one of the login mods the previous owner had installed being referenced by the database.

They may have been removed, but they are currently not disabled. Disable your hooks from "includes/config.php." That error you are receiving is from hook
"login_verify_failure_username".

If we are still talking about the upgrade process. The php command 'split' would not be used in v4.2.2. under php5.4 (at least it should not be) except in an old plugin/mod.

It is possible that it is still stored in the datastore. In that case make sure you turn on debug mode in the "includes/config.php" file also.

ok, disabled the hooks and got in to the admin cp. Forum is upgraded and clean. Now i need to remove all the old plug ins and get the new versions---- after I secure everything.

--------------- Added 1383827507 at 1383827507 ---------------

Oh, thank you very much for your help and patience with the newb.

Glad to help. Thanks for letting me know. :)

Np, I'm guessing getting the newest versions of the plugins will over write any of the old versions data in the db. correct?

Make sure you read through the mod's thread and the instructions on the MOD -- just in case you did not. Usually reading through the thread will provide you the most insight, but remember v4.2.2 is fairly new and many boards have not upgraded to this version. Rreports of incompatibility of a particular modification may not be posted as of yet. :)