vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Fatal error: adminfunctions.php (HACKED!) (https://vborg.vbsupport.ru/showthread.php?t=170426)

cuphongle 02-13-2008 08:18 PM

Fatal error: adminfunctions.php (HACKED!)
 
Code:

Fatal error: Invalid forum parenting setup. Contact vBulletin support. in /includes/adminfunctions.php on line 3164

I'm getting that error whenever I'm trying to delete, edit, move (moderation actions on threads / posts), and also when trying to edit permissions, titles, descriptions of forums/sections.

Line 3164 is basically the code to recalculates forum parent and child lists.

PHP Code:

// #############################################################################
/**
* Recalculates forum parent and child lists, then saves them back to the forum table
*/
function build_forum_genealogy()
{
    global 
$vbulletin;

    if (empty(
$vbulletin->forumcache))
    {
        return;
    }

    
// build parent/child lists
    
foreach ($vbulletin->forumcache AS $forumid => $forum)
    {
        
// parent list
        
$i 0;
        
$curid $forumid;

        
$vbulletin->forumcache["$forumid"]['parentlist'] = '';

        while (
$curid != -AND $i++ < 1000)
        {
            if (
$curid)
            {
                
$vbulletin->forumcache["$forumid"]['parentlist'] .= $curid ',';
                
$curid $vbulletin->forumcache["$curid"]['parentid'];
            }
            else
            {
                global 
$vbphrase;
                if (!isset(
$vbphrase['invalid_forum_parenting']))
                {
                    
$vbphrase['invalid_forum_parenting'] = 'Invalid forum parenting setup. Contact vBulletin support.';
                }
                
trigger_error($vbphrase['invalid_forum_parenting'], E_USER_ERROR);
            }
        }

        
$vbulletin->forumcache["$forumid"]['parentlist'] .= '-1';

        
// child list
        
$vbulletin->forumcache["$forumid"]['childlist'] = $forumid;
        
fetch_forum_child_list($forumid$forumid);
        
$vbulletin->forumcache["$forumid"]['childlist'] .= ',-1';
    }

    
$parentsql '';
    
$childsql '';
    foreach (
$vbulletin->forumcache AS $forumid => $forum)
    {
        
$parentsql .= "    WHEN $forumid THEN '$forum[parentlist]'
        "
;
        
$childsql .= "    WHEN $forumid THEN '$forum[childlist]'
        "
;
    }

    
$vbulletin->db->query_write("
        UPDATE " 
TABLE_PREFIX "forum SET
            parentlist = CASE forumid
                
$parentsql
                ELSE parentlist
            END,
            childlist = CASE forumid
                
$childsql
                ELSE childlist
            END
    "
);



Number of Categories: 8
Number of sections: 133 (Including sub-sections)
vBulletin: v3.6.8

Anyone knows how to fix this?

--------------- Added [DATE]1202942610[/DATE] at [TIME]1202942610[/TIME] ---------------

I figured out the problem, somehow my forum was hacked, when I edited forums in "Forum Manager", Title, description.. everything showed as:

Quote:

r3dsoldier her ++++ you alll usa + isreal and ....... contact irlande@live.ie
How is that possible though? v3.6.8 is not stable? and why its only showing in forum manager?

Full Message (From /Archive/):

Quote:

r3dsoldier her ( muslim h4ck3r) all your data ++++ing admin is with me if you want help contact me

snakes1100 02-13-2008 09:25 PM

This is something you need to check in the server logs, there are no known security issues in vbulletin.

cuphongle 02-17-2008 02:56 AM

1 Attachment(s)
Ok any news on how to fix this? and how to prevent it from happening again? I have a big board, and I can't just start over again.

As you can see in the attachment I posted, a lot of my sections has the same title and description, but it only appears in the forum manager, not the forum index it self, in the forum index it shows as normal (with the real title and description).

Also in Categories the same thing.

I am frustrated about this, and I need to find a fix for it ASAP.

Hacks installed:
- Add Header/Footer per forum 1.0
- AJAX REG 3.1.1
- AnyMedia BBCode 3.0.8.1
- Display reputation comments in user post 2.31
- nCode Image Resizer 1.0.1
- New posts and reputation comments 3.23
- Post Once Per Thread 1.01
- Separate Sticky and Normal Threads 1.0.5
- vbBux / vbPlaza 1.5.8
- vbBux / vbPlaza - ibProArcade Addon 1.0.0
- vBookie 1.0.7
- vBShout 2.0
- vS-Hide Hack Resurrection (Expanded Edition) 2.8.1

Dismounted 02-17-2008 03:30 AM

Any modification could have caused it.

Boofo 02-17-2008 04:07 AM

Yes, I was going to say the same thing. Have you downloaded any mods from anywhere other than here?

cuphongle 02-17-2008 05:18 AM

No, all the modifications are from here, also in my previous post, all the modifications I have installed are listed.

Boofo 02-17-2008 05:38 AM

Could you have a rogue admin?

cuphongle 02-17-2008 07:10 AM

Not possible.. only close friends, and no permissions given (basically just a name color), and even so, how would an admin do that?

The forum index is ok... that issue is in forum manager.. and because of it, I can't edit, move, change.. any of the sections.

My guess is, it was an SQL Injection (because the database it self was effected).

Anyone knows how to fix this?

Marco van Herwaarden 02-17-2008 08:19 AM

Did you ever do what the original message asked you to: Contact vBulletin Support?

cuphongle 02-17-2008 08:55 AM

Ummm isn't that what I'm doing now?


All times are GMT. The time now is 03:54 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.02565 seconds
  • Memory Usage 1,764KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)bbcode_php_printable
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete