vb.org Archive - Administrative and Maintenance Tools - Check 4 Hack

Page 10 of 13

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)

- - Administrative and Maintenance Tools - Check 4 Hack - Finds infected Datastore Entries (https://vborg.vbsupport.ru/showthread.php?t=265866)

whodah

09-21-2013 09:33 PM

So for now, I changed check4hack.php from:

Code:

vbmail($recipent,$vbphrase['c4h_subject'],construct_phrase($vbphrase['c4h_body'], implode(", ",$storages)));

to:

Code:

vbmail($recipent,"Something Wrong in forum dB!".$vbphrase['c4h_subject'],"Run Check 4 Hacking in Scheduled Task Manager. This auto-email messes up, but it runs OK 'by hand'.\n\n".construct_phrase($vbphrase['c4h_body'], implode(", ",$storages)));

It isn't a fix, and it isn't perfect. But at least instead of blank emails, you'll get a little guidance on what to do or what the email means.

BirdOPrey5

09-22-2013 03:46 AM

I'm not sure it will make a difference but I would try commenting out the line

Code:

echo $infect['title']."-";

(make it)

Code:

//echo $infect['title']."-";

instead.

echo will post data to the browser, it isn't something you usually want to do when running a scheduled task automatically, if used there should be a check to make sure it is being run manually.

The thing is, while it shouldn't be used best I can tell, I don't see why it would result in blank emails- but it's the only thing that sticks out at me right now.

Wolver2

09-24-2013 01:26 PM

I get this note as an email from the plugin:

The following modules were infected:

pluginlist

what do I do now? or how do I remove it

whodah

09-24-2013 02:04 PM

Quote:

Originally Posted by Wolver2 (Post 2447689)

I get this note as an email from the plugin:

The following modules were infected:

pluginlist

what do I do now? or how do I remove it

Try post #88 in this thread.

whodah

09-24-2013 02:26 PM

Quote:

Originally Posted by BirdOPrey5 (Post 2447211)

I'm not sure it will make a difference but I would try commenting out the line

Code:

echo $infect['title']."-";

(make it)

Code:

//echo $infect['title']."-";

Heya BirdOPrey5,

Thanks for the idea, but it didn't fix it.
:(

Wolver2

09-24-2013 03:26 PM

@whodah thanks for pointing it out.

Code:

After ....

if (strpos($_SERVER['PHP_SELF'],"subscriptions.php")) {



eval(gzinflat

e(base64_decode('HJ3HkqNQEkU/Zzq

....

What do I do to remove it completely?

Btw below that code you posted a link to an exploit regarding /install folder.. but I never had an install folder there after installing

whodah

09-24-2013 04:34 PM

Quote:

Originally Posted by Wolver2 (Post 2447712)

@whodah thanks for pointing it out.

Code:

After ....

if (strpos($_SERVER['PHP_SELF'],"subscriptions.php")) {



eval(gzinflat

e(base64_decode('HJ3HkqNQEkU/Zzq

....

What do I do to remove it completely?

Btw below that code you posted a link to an exploit regarding /install folder.. but I never had an install folder there after installing

Heya,

Interesting on the install thing. For me, that is what I saw all the log files hit.

For removal: this thread helped a ton:
http://www.vbulletin.com/forum/forum...i-e-p0wersurge

In particular, post number 4.

And secondly, although a lot of it is the same, the 2nd post here:
http://www.vbulletin.com/forum/forum...madnet-edition

Especially bullet point #6 as the infected plugin was by author 'vbulletin'. (fake of course, and removed of course.)

Wolver2

10-13-2013 02:06 AM

@Whodah I tried the post nr. 4:

Atm trying to clean.. but im a newbie in this.. will report

KHALIK

10-13-2013 12:49 PM

I am also getting the following message on my vb 4.2.2 when I manually run cron job.

Quote:

Check 4 Hacking

pluginlist-

Done.

Is this a standard message, indicating no infected files found?

Or is it saying pluginlist- is infected ?

Please help

whodah

10-14-2013 04:53 PM

Quote:

Originally Posted by KHALIK (Post 2452901)

I am also getting the following message on my vb 4.2.2 when I manually run cron job.

Is this a standard message, indicating no infected files found?

Or is it saying pluginlist- is infected ?

Please help

Try post #88 in this thread.

All times are GMT. The time now is 09:00 AM.

Page 10 of 13

« First

Last »

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01250 seconds Memory Usage 1,756KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (8)bbcode_code_printable (5)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (4)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: