I'm currently running 4.2.2 and am trying to setup Paid Subscriptions. Unfortunately I just get a password prompt instead of any options when I click anything under the Paid Subscrptions submenu.

https://vborg.vbsupport.ru/external/2014/10/17.jpg

The default page would not just have a screen like that asking for a password. Try disabling your modifications/plugins and see if you still have this problem.
Note: To temporarily disable the plugin system, edit includes/config.php and add this line right under <?php

define('DISABLE_HOOKS', true);

I disabled all of them earlier to no avail :(

You disabled them via the config.php file or you turned off all your products via the Manage Products page?

Are any files listed as Not Containing Expected Contents in Maintenance > Diagnostics > Suspect File Version

Hi Lynne,

Thanks for the quick replies. I saw your message on the other forums as well. Sorry for the cross-post was just really looking for answers and digging for help anywhere I can find it.

Disabling them in the config allows it function again. Now comes the task of figuring out where the culprit is.

There are quite a few files listed under Maintenance > Diagnostics > Suspected File version.

They say they are not recognized as part of Vbulletin. This particular install is heavily modded.

Can you paste a screenshot of the mods you have installed?

Do you have anything in .htaccess that could prompt you for a password?

Here is a list of the plugins I have. Pretty certain it's not .htaccess because when I disabled the plugins per Lynne's instructions I was able to access the subscription menu.

https://vborg.vbsupport.ru/external/2014/10/15.jpg

Just disable each mod one by one till you find out which one is causing the conflict.

I would say one of these could be the culprit.

Supercharged, Panjo or Single Sign-on. Could be wrong but do what ozzy said first.

I doubt it's Panjo, or that would cause many people problems since it is stock in vB now.

I did disable one by one yesterday and it didn't make a difference till disabled from the config. Will try again today.

Disable plugins via config if this fixes the problem enable plugins again via config, then disable one plugin at a time until you find the problem one

To temporarily disable the plugin system, edit includes/config.php and add this line right under <?php

define('DISABLE_HOOKS', true);To enable plugins again just comment out the line
//define('DISABLE_HOOKS', true);Use notepad++ (http://notepad-plus-plus.org/download/v6.6.8.html) to edit any files

That was already covered Force.

@plumwd, do you have any plugins running under vBulletin?

That was already covered Force.

@plumwd, do you have any plugins running under vBulletin?
I was putting it up there not just for the op but so others as well if needed

That's admirable, but the original post was not how to disable hooks via the config, and the OP already knew how to do this. So all your post is doing is taking the thread off topic. :)

Going to try disabling each again and see if I can catch it. Maybe it was a weird caching issue.

FWIW I'm a programmer and completely understand how to edit code. I'm just new to vbulletin development.

That's admirable, but the original post was not how to disable hooks via the config, and the OP already knew how to do this. So all your post is doing is taking the thread off topic. :)

Reading post 11 says my post was on topic but this was not the only reason for posting it. Enough said this get back to helping the op

Right, it was stated that by disabling plugins via config solved the problem, then you come and say to disable plugins via config, makes no sense. :)

Anyway.... you've already tried disabling the products and that didn't fix it. My guess is the hackers created a single plugin that will show up in your Plugin Manager.

As I asked in post #13

That was already covered Force.

@plumwd, do you have any plugins running under vBulletin?

As I asked in post #13
Yes but that was after I made the post. Enough said this get back to helping the op

How can I determine if the installation has been compromised by hackers?

--------------- Added 1413478591 at 1413478591 ---------------

What else does disabling the hooks turn off? Is it more than just plugins? I have combed through all the plugins in this board and no luck. The subscriptions are only available if I disable via the config.

How can I determine if the installation has been compromised by hackers?

--------------- Added 1413478591 at 1413478591 ---------------

What else does disabling the hooks turn off? Is it more than just plugins? I have combed through all the plugins in this board and no luck. The subscriptions are only available if I disable via the config.
I told you what to do here:

Anyway.... you've already tried disabling the products and that didn't fix it. My guess is the hackers created a single plugin that will show up in your Plugin Manager.

You need to go to Plugins & Products > Plugin Manager, not Manage Plugins. Look at the plugins listed at the very top under the heading "vbulletin". Those are single plugins that won't be disabled when you disable your products.

Thanks! I assumed that Manage Plugins and Plugin Manager were the same thing. Just looked and found some encrypted code that is probably the culprit.

Thanks! I assumed that Manage Plugins and Plugin Manager were the same thing. Just looked and found some encrypted code that is probably the culprit.
Can you show a screenshot of it

I deleted it from vbulletin, but in the Plugin Manager is was listed as VBulletin.

I do have a copy of the code, it also existed as a file named zasdfe.php.

When I unencrypted it, it showed it as a backdoor called FilesMan.

I deleted it from vbulletin, but in the Plugin Manager is was listed as VBulletin.

I do have a copy of the code, it also existed as a file named zasdfe.php.

When I unencrypted it, it showed it as a backdoor called FilesMan.
I had this on an old install. did it look like this?

http://pastebin.com/pQAkDrY1

I deleted it from vbulletin, but in the Plugin Manager is was listed as VBulletin.

I do have a copy of the code, it also existed as a file named zasdfe.php.

When I unencrypted it, it showed it as a backdoor called FilesMan.

That is what I asked in post #13, but it seems it was overlooked.

Now you need to clean up the site.

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hacked
http://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-site