vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Cannot Setup Paid Subscriptions (https://vborg.vbsupport.ru/showthread.php?t=314886)

plumwd 10-14-2014 07:47 PM
Cannot Setup Paid Subscriptions
 
I'm currently running 4.2.2 and am trying to setup Paid Subscriptions. Unfortunately I just get a password prompt instead of any options when I click anything under the Paid Subscrptions submenu.

https://vborg.vbsupport.ru/external/2014/10/17.jpg

Lynne 10-14-2014 07:54 PM
The default page would not just have a screen like that asking for a password. Try disabling your modifications/plugins and see if you still have this problem.
Note: To temporarily disable the plugin system, edit includes/config.php and add this line right under <?php

PHP Code:
define('DISABLE_HOOKS'true); 

plumwd 10-14-2014 08:09 PM
I disabled all of them earlier to no avail :(

Lynne 10-14-2014 08:29 PM
You disabled them via the config.php file or you turned off all your products via the Manage Products page?

Are any files listed as Not Containing Expected Contents in Maintenance > Diagnostics > Suspect File Version

plumwd 10-15-2014 09:52 AM
Hi Lynne,

Thanks for the quick replies. I saw your message on the other forums as well. Sorry for the cross-post was just really looking for answers and digging for help anywhere I can find it.

Disabling them in the config allows it function again. Now comes the task of figuring out where the culprit is.

There are quite a few files listed under Maintenance > Diagnostics > Suspected File version.

They say they are not recognized as part of Vbulletin. This particular install is heavily modded.

Black Snow 10-15-2014 10:05 AM
Can you paste a screenshot of the mods you have installed?

Do you have anything in .htaccess that could prompt you for a password?

plumwd 10-15-2014 10:59 AM
Here is a list of the plugins I have. Pretty certain it's not .htaccess because when I disabled the plugins per Lynne's instructions I was able to access the subscription menu.

https://vborg.vbsupport.ru/external/2014/10/15.jpg

ozzy47 10-15-2014 11:01 AM
Just disable each mod one by one till you find out which one is causing the conflict.

Black Snow 10-15-2014 11:15 AM
I would say one of these could be the culprit.

Supercharged, Panjo or Single Sign-on. Could be wrong but do what ozzy said first.

ozzy47 10-15-2014 11:19 AM
I doubt it's Panjo, or that would cause many people problems since it is stock in vB now.

plumwd 10-15-2014 11:45 AM
I did disable one by one yesterday and it didn't make a difference till disabled from the config. Will try again today.

ForceHSS 10-15-2014 11:47 AM
Disable plugins via config if this fixes the problem enable plugins again via config, then disable one plugin at a time until you find the problem one

To temporarily disable the plugin system, edit includes/config.php and add this line right under <?php

PHP Code:
define('DISABLE_HOOKS'true); 
To enable plugins again just comment out the line
PHP Code:
//define('DISABLE_HOOKS', true); 
Use notepad++ to edit any files

ozzy47 10-15-2014 12:04 PM
That was already covered Force.

@plumwd, do you have any plugins running under vBulletin?

ForceHSS 10-15-2014 12:05 PM
Quote:
Originally Posted by ozzy47 (Post 2518892)
That was already covered Force.

@plumwd, do you have any plugins running under vBulletin?
I was putting it up there not just for the op but so others as well if needed

ozzy47 10-15-2014 12:12 PM
That's admirable, but the original post was not how to disable hooks via the config, and the OP already knew how to do this. So all your post is doing is taking the thread off topic. :)

plumwd 10-15-2014 01:32 PM
Going to try disabling each again and see if I can catch it. Maybe it was a weird caching issue.

FWIW I'm a programmer and completely understand how to edit code. I'm just new to vbulletin development.

ForceHSS 10-15-2014 02:29 PM
Quote:
Originally Posted by ozzy47 (Post 2518896)
That's admirable, but the original post was not how to disable hooks via the config, and the OP already knew how to do this. So all your post is doing is taking the thread off topic. :)
Reading post 11 says my post was on topic but this was not the only reason for posting it. Enough said this get back to helping the op

ozzy47 10-15-2014 02:33 PM
Right, it was stated that by disabling plugins via config solved the problem, then you come and say to disable plugins via config, makes no sense. :)

Lynne 10-15-2014 03:44 PM
Anyway.... you've already tried disabling the products and that didn't fix it. My guess is the hackers created a single plugin that will show up in your Plugin Manager.

ozzy47 10-15-2014 05:27 PM
As I asked in post #13

Quote:
Originally Posted by ozzy47 (Post 2518892)
That was already covered Force.

@plumwd, do you have any plugins running under vBulletin?

ForceHSS 10-15-2014 06:01 PM
Quote:
Originally Posted by ozzy47 (Post 2518929)
As I asked in post #13
Yes but that was after I made the post. Enough said this get back to helping the op

plumwd 10-16-2014 10:43 AM
How can I determine if the installation has been compromised by hackers?

--------------- Added [DATE]1413478591[/DATE] at [TIME]1413478591[/TIME] ---------------

What else does disabling the hooks turn off? Is it more than just plugins? I have combed through all the plugins in this board and no luck. The subscriptions are only available if I disable via the config.

Lynne 10-16-2014 04:17 PM
Quote:
Originally Posted by plumwd (Post 2519012)
How can I determine if the installation has been compromised by hackers?

--------------- Added [DATE]1413478591[/DATE] at [TIME]1413478591[/TIME] ---------------

What else does disabling the hooks turn off? Is it more than just plugins? I have combed through all the plugins in this board and no luck. The subscriptions are only available if I disable via the config.
I told you what to do here:

Quote:
Originally Posted by Lynne (Post 2518922)
Anyway.... you've already tried disabling the products and that didn't fix it. My guess is the hackers created a single plugin that will show up in your Plugin Manager.
You need to go to Plugins & Products > Plugin Manager, not Manage Plugins. Look at the plugins listed at the very top under the heading "vbulletin". Those are single plugins that won't be disabled when you disable your products.

plumwd 10-16-2014 06:49 PM
Thanks! I assumed that Manage Plugins and Plugin Manager were the same thing. Just looked and found some encrypted code that is probably the culprit.

ForceHSS 10-16-2014 07:02 PM
Quote:
Originally Posted by plumwd (Post 2519089)
Thanks! I assumed that Manage Plugins and Plugin Manager were the same thing. Just looked and found some encrypted code that is probably the culprit.
Can you show a screenshot of it

plumwd 10-17-2014 09:52 AM
I deleted it from vbulletin, but in the Plugin Manager is was listed as VBulletin.

I do have a copy of the code, it also existed as a file named zasdfe.php.

When I unencrypted it, it showed it as a backdoor called FilesMan.

Black Snow 10-17-2014 10:00 AM
Quote:
Originally Posted by plumwd (Post 2519149)
I deleted it from vbulletin, but in the Plugin Manager is was listed as VBulletin.

I do have a copy of the code, it also existed as a file named zasdfe.php.

When I unencrypted it, it showed it as a backdoor called FilesMan.
I had this on an old install. did it look like this?

http://pastebin.com/pQAkDrY1

ozzy47 10-17-2014 10:27 AM
Quote:
Originally Posted by plumwd (Post 2519149)
I deleted it from vbulletin, but in the Plugin Manager is was listed as VBulletin.

I do have a copy of the code, it also existed as a file named zasdfe.php.

When I unencrypted it, it showed it as a backdoor called FilesMan.
That is what I asked in post #13, but it seems it was overlooked.

Now you need to clean up the site.

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site


All times are GMT. The time now is 04:59 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01148 seconds
  • Memory Usage 1,779KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_php_printable
  • (9)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (28)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete