vb.org Archive - Cannot Setup Paid Subscriptions

Page 3 of 3

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)

- - Cannot Setup Paid Subscriptions (https://vborg.vbsupport.ru/showthread.php?t=314886)

ForceHSS

10-15-2014 06:01 PM

Quote:

Originally Posted by ozzy47 (Post 2518929)

As I asked in post #13

Yes but that was after I made the post. Enough said this get back to helping the op

plumwd

10-16-2014 10:43 AM

How can I determine if the installation has been compromised by hackers?

--------------- Added [DATE]1413478591[/DATE] at [TIME]1413478591[/TIME] ---------------

What else does disabling the hooks turn off? Is it more than just plugins? I have combed through all the plugins in this board and no luck. The subscriptions are only available if I disable via the config.

Lynne

10-16-2014 04:17 PM

Quote:

Originally Posted by plumwd (Post 2519012)

I told you what to do here:

Quote:

Originally Posted by Lynne (Post 2518922)

Anyway.... you've already tried disabling the products and that didn't fix it. My guess is the hackers created a single plugin that will show up in your Plugin Manager.

You need to go to Plugins & Products > Plugin Manager, not Manage Plugins. Look at the plugins listed at the very top under the heading "vbulletin". Those are single plugins that won't be disabled when you disable your products.

plumwd

10-16-2014 06:49 PM

Thanks! I assumed that Manage Plugins and Plugin Manager were the same thing. Just looked and found some encrypted code that is probably the culprit.

ForceHSS

10-16-2014 07:02 PM

Quote:

Originally Posted by plumwd (Post 2519089)

Thanks! I assumed that Manage Plugins and Plugin Manager were the same thing. Just looked and found some encrypted code that is probably the culprit.

Can you show a screenshot of it

plumwd

10-17-2014 09:52 AM

I deleted it from vbulletin, but in the Plugin Manager is was listed as VBulletin.

I do have a copy of the code, it also existed as a file named zasdfe.php.

When I unencrypted it, it showed it as a backdoor called FilesMan.

Black Snow

10-17-2014 10:00 AM

Quote:

Originally Posted by plumwd (Post 2519149)

I had this on an old install. did it look like this?

http://pastebin.com/pQAkDrY1

ozzy47

10-17-2014 10:27 AM

Quote:

Originally Posted by plumwd (Post 2519149)

That is what I asked in post #13, but it seems it was overlooked.

Now you need to clean up the site.

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site

All times are GMT. The time now is 02:20 PM.

Page 3 of 3

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01119 seconds Memory Usage 1,737KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (6)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (8)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: