vb.org Archive
Page 4 of 13 « First 23 4 56 Last »
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Administrative and Maintenance Tools - Check 4 Hack - Finds infected Datastore Entries (https://vborg.vbsupport.ru/showthread.php?t=265866)

djbaxter 07-01-2011 05:02 PM
Quote:
Originally Posted by MentaL (Post 2215503)
I got no infected email just 3 blanks.
Did you enable the demo plugin to test it? If not, manually running the cron job will send the blank email unless you have a real infection somewhere.

MentaL 07-01-2011 05:48 PM
Im on vb3 and cannot find no place to enable the demo.

/EDIT
Corrupt Datastore found!


The following modules were infected:

vbindex_config

/edit , decoded and it says

Quote:
<div class="smallfont" style="text-align: center">vBindex Copyright &copy; MMII - MMIV Winter Systems.</div>

djbaxter 07-01-2011 05:58 PM
Then you need to delete that file: vbindex_config - what is that, anyway? That's not part of vBulletin, as far as I know.

Adrian Schneider 07-01-2011 06:21 PM
Simply checking for "base64" seems like it would give a lot of false positives... There are lots of legitimate uses for encoding data.

It's a good idea, but I think the implementation needs to be refined a lot, otherwise users will end up confused and scared.

Hoffi 07-03-2011 08:12 AM
I did not use any AddOn that use the base64 Code in a plugin, so it works for me. If you know a plugin which uses this code, I can add some extra functionality that looks in which plugin the code is used.

If you got a blank email, I assume that some phrases are missing. eMails were only send, if base64 is found in the datastore.

onealien 07-03-2011 08:25 PM
installed and working....3.8.x

THANKS...

djbaxter 07-03-2011 09:03 PM
Quote:
Originally Posted by onealien (Post 2216360)
installed and working....3.8.x
Hmmm... it installed and tests fine on a 3.8.3 forum where I am a tech admin, but that forum was re-infected with the filestore123.info redirect without triggering this add-on.

Cleared the datastore (you can do this by disabling and then re-enabling any product/plug-in) so the redirect is gone again. Will continue to monitor.

Added: see below https://vborg.vbsupport.ru/showpost....2&postcount=39

CBrown 07-04-2011 02:44 PM
Ok...

I ran this, and it's telling me: pluginlist is infected?

Exactly how would I go about double checking if this is correct or a false positive?

This seems odd.

Great add-on... Now just to wrap my head about what I got going on here.

djbaxter 07-04-2011 03:15 PM
Quote:
Originally Posted by djbaxter (Post 2216374)
Hmmm... it installed and tests fine on a 3.8.3 forum where I am a tech admin, but that forum was re-infected with the filestore123.info redirect without triggering this add-on.

Cleared the datastore (you can do this by disabling and then re-enabling any product/plug-in) so the redirect is gone again. Will continue to monitor.
Ignore this. I checked further and discovered that the cron job wasn't running. Somehow it was set to run only on the 11th of the month instead of daily.

It does on fact work as it should in vBulletin 3.8.3.

CBrown 07-11-2011 04:56 PM
Just to be clear...

If you get a blank email -> Does that mean nothing was found?


All times are GMT. The time now is 04:54 PM.
Page 4 of 13 « First 23 4 56 Last »
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01058 seconds
  • Memory Usage 1,739KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete