Hi,
I had several errors on my vbulletin forum.
Then i decided to upgrade my forum from 4.2.1 to 4.2.2

And now i see these errors in middle of every page of my forum :

vBulletin Message
Unable to add cookies, header already sent.
File: /home4/abc/public_html/includes/class_core.php
Line: 5755

And i see these errors on top of every page :

Warning: Non-static method VBCREDITS::user() should not be called statically in ..../includes/functions.php(1851) : eval()'d code on line 1

Warning: Non-static method VBCREDITS::templates() should not be called statically, assuming $this from incompatible context in ..../includes/class_bootstrap.php(1419) : eval()'d code on line 2

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at ..../includes/class_core.php:5755) in ..../includes/facebook/facebook.php on line 49

Warning: Non-static method VBCREDITS::verify() should not be called statically, assuming $this from incompatible context in ..../includes/class_bootstrap.php(430) : eval()'d code on line 1

Warning: Non-static method VBCREDITS::process() should not be called statically, assuming $this from incompatible context in ..../dbtech/credits/credits_core.php on line 72

Warning: Non-static method VBCREDITS::init() should not be called statically, assuming $this from incompatible context in ..../dbtech/credits/credits_core.php on line 94

Warning: Only variables should be passed by reference in ..../includes/class_bootstrap.php(561) : eval()'d code on line 434

Warning: Only variables should be passed by reference in ..../includes/class_bootstrap.php(561) : eval()'d code on line 434

Warning: Non-static method VBCREDITS_VBULLETIN::navtabs() should not be called statically in ..../includes/functions_navigation.php(826) : eval()'d code on line 1

I upgraded to 4.2.2 but still new upgrade has not helped me and these errors are coming again and again.

Vbulletin.org has helped me each time when i had any problems with my forum. I am sure that this time also you people will help me.

Please help guys.

Edit your includes/config.php and add the following line, under the <?php at the top:
define('SKIP_ALL_ERRORS', true);

Edit your includes/config.php and add the following line, under the <?php at the top:
define('SKIP_ALL_ERRORS', true);

Thanks a lot for helping sir.
Everything now works fine except one thing.

When i go to paid subscription link in my admincp, i do not see original paid subscription links and menu in my admincp. instead i see this :



!C99madShell v. 2.0 madnet edition!

Software: Apache. PHP/5.2.17

uname -a: Linux gator3553.hostgator.com 3.2.54 #9 SMP Thu Feb 13 08:17:11 CST 2014 x86_64

uid=32357(abc) gid=32286(abc) groups=32286(abc)

Safe-mode: OFF (not secure)

/home4/abc/public_html/ drwxr-x---
Free 199.34 GB of 1833.28 GB (10.87%)
HOME <= => UPDIR Search Buffer Tools Proc. FTP brute Sec. SQL PHP-code Self remove Logout


Owned by root

Listing folder (131 files and 43 folders):

And below this, i see list of many files and boxes to execute commands etc...



Please help me sir.

You've been hacked. First, you should let your host know, then you need to secure your site.

There are four steps to securing your site. If you don't do them all or you do them in the wrong order than you're still susceptible to being attacked again.

Close the hole...
This has three subparts in this instance.
1. Delete your install folder
2. Review your admin users and delete any that don't belong. Don't ban them. Don't make them regular users. Delete them.
3. Close access to your AdminCP using .htaccess. Use either user authorization with a different username and password or IP address restrictions.

Fill the Hole...
There are seven subparts in this instance.
1. Review your files for changes. You can do this under Maintenance -> Diagnostics.
2. Delete any Suspect Files.
3. Replace any files marked as "Does not contain expected contents"
4. Scan your plugins for malicious code (exec, base64, system, pass_thru, iframe are all suspect keywords). Delete any you find.
5. Repair any templates. Any templates that you don't have notes on changing, you need to revert. If you're using a custom style, it is best to delete your existing style and reimport from a fresh download.
6. Update your Addon Products.
7. Rebuild your datastores. You can use tools.php in the "do not upload" folder to do this. Upload it to your admincp directory, delete when done.

Secure the Hole
Parts of this were done by closing the hole but there are still things to do here.
1. Keep notes of all changes you make to the system - what templates and phrases you change, what files belong to which addons, what plugins do the addons install.
2. Consider using a separate Super Admin who has access to admin logs in the AdminCP. There should be only one Super Admin.
3. Create a lower permission Administrator for every day use.
4. Review your permissions in the system.
5. Block off access to the includes, modcp, packages and vb folders via .htaccess. Deny All can work here, unless you use the ModCP. You need user authorization there.
6. Move your attachments outside the forum root directory.
7. Create a complete backup of your site. Make database backups weekly.

Vigilance
You need to keep active on the security of the site.
1. Give out the fewest permissions necessary for anyone to do their job
2. Make sure your hosting provider updates the software.
3. Update to the latest vBulletin when it is released.
4. Make sure your addons are always up to date.

This error is strange :(
I have done all this, but still not able to get rid of this bad error :(

Is there any other way to get rid of this ?
I am planning of deleting everything from my public_html folder and then reuploading all the files from freshly downloaded 4.2.2 version of vbulletin.

And then installing fresh vbulletin by going to www.forum.com/install/install.php

And then giving old database username and password to the new config.php file.

I know that i will loose all my plugins and custom styles and all, but all my members, threads, my paying subscribers who pay me yearly for vip membership will be still there. Am i right ? Correct me please if i am wrong.

If you delete all files and reinstall you lose everything

Does the subscription page still looked hacked if you disable all your plugins via the config.php file?

Note: To temporarily disable the plugin system, edit includes/config.php and add this line right under <?php

define('DISABLE_HOOKS', true);

If it is not still hacked after you disable them via the line, then you have NOT gone through all your plugins in the Plugin Manager.