vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   vBulleting hacked by Quiettorture? (https://vborg.vbsupport.ru/showthread.php?t=172382)

HawKe 03-07-2008 05:47 PM
vBulleting hacked by Quiettorture?
 
I'm having a very tough time figuring out exactly whether or not my instance of vBulletin has somehow been compromised or hacked (v3.6.8). Several (more than a few) of my members have alerted me that they are getting redirected to a dead website when visiting our forums with IE7. A few have indicated it happening on other vBulletin sites, but it does not happen anywhere else (non-vBulletin browsing).

The site they are being redirected to is www DOT quiettorture DOT com which appears to be dead. It also seems to be the site of a runescape clan according to a YouTube video.

If you Google it, please watch out for unsavory sites.

Here is what I can dig up so far:

Feedback from the thread on our site: http://forums.audioholics.com/forums...ad.php?t=41997

Another Italian thread that encountered it...

...and so did this site: http://www.e-budo.com/forum/showthread.php?p=460906

I'd love any feedback the community might have...

SEOvB 03-07-2008 07:22 PM
check your templates for redirects

fmntprsv 03-08-2008 09:39 PM
Hi, some users of my forum also talks the same. Curiously i don´t see this. I have vb 3.6.8 Patch 1, and also i have read the same of Hawke.

¿Anybody have this issue? Thanks in advance

Dismounted 03-09-2008 03:05 AM
Did you read FRDS's post?

fmntprsv 03-09-2008 08:32 AM
Yes dismounted i did read it. The template that i have used for more than four months and this issue happens since three days.

Thanks in advance

Dismounted 03-09-2008 10:26 AM
Yes, but if the hacker put arbitrary code into your templates, you wouldn't know but it'd still be there.

fmntprsv 03-09-2008 10:58 AM
Ok, i was search in the template for quiettorture, torture, quiet and only obtain this:

newreply_reviewbit_ignore_global

<phrase 1="$post[username]">$vbphrase[administrator_decided_x_quiet]</phrase>

and

Quote:
postbit_ignore_global

<table id="post$post[postid]" class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="$stylevar[cellspacing]" border="0" width="100%" align="center">
<tr title="<phrase 1="$post[postid]">$vbphrase[post_x]</phrase>">
<td class="thead" style="font-weight:normal" $post[scrolltothis]>
<if condition="$show['inlinemod']">
<input type="checkbox" name="plist[$postid]" id="plist_$postid" style="float:$stylevar[right]; vertical-align:middle; padding:0px; margin:0px 0px 0px 5px" value="$post[checkbox_value]" onclick="inlineMod.toggle(this)" />
</if>
<a style="float:$stylevar[right]" href="showpost.php?$session[sessionurl]p=$post[postid]" target="_blank" rel="nofollow" onclick="return display_post($post[postid]);">$vbphrase[view_post]</a>
<a name="post$post[postid]"><img class="inlineimg" src="$stylevar[imgdir_statusicon]/post_$post[statusicon].gif" alt="$post[statustitle]" border="0" /></a>
$post[postdate]<if condition="!$show['detailedtime']">, $post[posttime]</if> $post[firstnewinsert]
</td>
</tr>
<tr>
<td class="alt2">
<a href="member.php?$session[sessionurl]u=$post[userid]">$post[musername]</a>
</td>
</tr>


<tr>
<td class="alt1">
<if condition="$show['moderated']">
<div style="float:$stylevar[right]"><img src="$stylevar[imgdir_misc]/moderated.gif" alt="$vbphrase[moderated_post]" border="0" /></div>
</if>
<if condition="$show['deletedpost']">
<div style="float:$stylevar[right]"><img src="$stylevar[imgdir_misc]/trashcan.gif" alt="$vbphrase[deleted_post]" border="0" /></div>
</if>
<div class="smallfont">
<phrase 1="$post[username]">$vbphrase[administrator_decided_x_quiet]</phrase>
</div>

</td>
</tr>
</table>
and

Quote:
printthreadbit_ignore

<table class="tborder" cellpadding="$stylevar[cellpadding]" cellspacing="1" border="0" width="100%">
<tr>
<td class="page">

<table cellpadding="0" cellspacing="0" border="0" width="100%">
<tr valign="bottom">
<td style="font-size:14pt">$post[username]</td>
<td class="smallfont" align="$stylevar[right]">$post[postdate] $post[posttime]</td>
</tr>
</table>

<hr />

<if condition="$show['adminignore']">
<div class="smallfont">
<phrase 1="$post[username]">$vbphrase[administrator_decided_x_quiet]</phrase>
</div>
<else />
<div class="smallfont">
<phrase 1="$post[username]" 2="profile.php?$session[sessionurl]do=editlist">$vbphrase[message_hidden_x_on_ignore_list]</phrase></span>
</div>
</if>
</td>
</tr>
</table>
<br />
i thinks these instructions are legitimes of vbulletin...

Thanks in advance.. !

Dismounted 03-09-2008 12:48 PM
Look at your plugin list, is there anything unusual there? Also, look in your .htaccess file.

fmntprsv 03-09-2008 01:58 PM
Thanks for your interest dismounted, i?m going to check my plugins, and my .htaccess it?s correct.

Thanks again, but it?s possible that the problem it?s a new spyware, more info at: www.forospyware.com%2Ft135658.html%23post654024

Phaedrus 03-09-2008 02:18 PM
Check your actual index.php files and home.php files. If somebody gets your FTP password they can upload new php with redirects in them. They are relatively easy to clean up. This happened to my site a while back when my server company was compromised.


All times are GMT. The time now is 02:31 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01035 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete