Yes. The only time I get this is after a manual run and when I check for "infections" using other methods the datastore is clean.

I would not recommend removing that as it looks like it is the copyright notice for a mod you have installed. If you remove it, you can get in trouble with the mod author. Most mods with copyrights say if you don't want the copyright shown, pay to remove it or uninstall the mod.

Two blank emails tonight, twenty minutes apart
In the logs it showed pluginlist being hit

Looks like it was either this mod that set it off
https://vborg.vbsupport.ru/showthread.php?t=258158

Soon as I uninstalled the mod, the warnings stopped

Envolve does have the string "base64" in plugin code, but they are encoding data not php code.

Just installed like a charm on 3.8x.
The demo worked well, now hopefully nothing is going to happen....
Thanks, simple but looks very useful.

I installed this mod and I'm getting a blank email everytime the cron runs. Any thoughts?

This is from the demo plugin. Disable it and you will get no more emails.

does it helps with file2store exploit as well ?

I'm getting a blank email once a day. Is this normal? Demo disabled.

It should. The file2store exploit does exactly what this mod is designed to delete.

Perfect for file2store exploit. Traffic went up. Thanks a lot ;)

Hi, when click on run now the email is: The following modules were infected: pluginlist.

demo is disabled. Why?

Thanks

This seemed to fix my issue with the file2store exploit. But do I need to rebuild my templates too once in a while I wonder if I had that problem?

Once I disabled a couple of old plug ins I did not get any more security warnings by email. :D I can't thank the coder of this app enough!

If anyone knows: does rebuilding the datastore slow down my forum for those visitors who visit immediately after it is rebuilt?

thanks for creating this. been having issues with file2store.info - those bastards.

thanks for the detailed instructions for newbies.
https://vborg.vbsupport.ru/showpost....5&postcount=26

The following modules were infected:

pluginlist

what do we do now?

Did you enable the demo plugin to test it?

Great Mod.
Thankyou for taking the time to create this.
Works perfectly as expected.

Here is something interesting.

I know I am 100% affected by the file2store exploit, however I am getting blank e-mails.

How is this possible?

D.

Arent blank emails only for the bebug mode?
I thought if it was running properly you get no emails?

I think That I found how happen the INJECTION SQL .. I'm testing on a Client and not have problem since 2 days (the day that I do the patch)

I am trying to install the xml file but after there's nothing active, only the name of the file under the plugins area. Any help?

Any help please?

Check 4 Hacking

Warning: include_once([path]/./includes/cron/check4hack.php) [function.include-once]: failed to open stream: No such file or directory in [path]/admincp/cronadmin.php on line 113

Warning: include_once() [function.include]: Failed opening '[path]/./includes/cron/check4hack.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in [path]/admincp/cronadmin.php on line 113

Terminado

Anyone help?

It looks like you did not upload the php file, or at least did not upload it to the correct folder on your server.

It goes in your /includes/cron/ folder.

Oh, I didn't know I had to... I don't know how to do it but thank you very much.

For the very first time, this mod has started sending me emails indicating a threat ...

They started after installing Lancerforhire's "Live Topic" mod....

Lancerforhire indicates that this is a "false positive" as discussed here:

https://vborg.vbsupport.ru/showpost....&postcount=117

I don't know how to tell Hoffi's Check 4 Hacking mod to stop sending emails if it's related to the "Live Topic" mod? Is there an exclusion list capability?

Regards,
Doug

The following modules were infected:

pluginlist

vB 4.2.0 PL 2

i get this when the plugin demo is disabled. ie. [s]demo[/s]

i know it is disabled from the install. ran the task and i get pluginlist infected. i enable the demo and i get pluginlist- infected.

There is only one file to upload to the server (a php file into cron), right? I did that and installed the xml and all seems fine. I do not show any demo version under the real one. I have never received any emails from it after installing so I have no clue if it is working right.

I am running 4.1.12p2. Any suggestions on how to get the demo to display under products?

Uninstalled ... too many false positives ... ;)

Thanks anyway ... :)

Regards,
Doug

The following modules were infected:

pluginlistadmin

can anyone please help with this

If not already in this,
Make it check the checksum of login.php.
http://newinhacking.blogspot.com.au/...rtutorial.html
I made a small thing in BASH a while ago to do it.
But in general, this mod is good, and hopefully I can help you out with coding this in the future ;)

Anyone can help?

I've found pluginlistadmin in the datastore. Not sure exactly what I'm looking for though.

Can anyone please help?

this is not possible for 4.2.0 :(
non of those codes exist

This hack should check for '%logincache%' too.

Hmm, "Check 4 Hacking" isn't showing on my scheduled tasks at all. vb 3.8.7 patch level 3.

Have disabled the "demo" now, but I can't see any sign that the plugin is active. Fingers crossed?

hello dear
thank you for this mod

any one can confirm that this mod working on vb 4.2.pl2 ?
thanks

Installed and running fine on VB 4.2.1 :)

The mod is running but it doesn't seem to show up in the scheduled task log. I have toggled logging on/off but it doesn't show up. Other scheduled tasks show up in the log if enabled, can someone please verify if logging works.

Anyone knows how to get this to work for 4.2.1?

very important to several users