vb.org Archive - Emergency: Malware injection

Page 1 of 2

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)

- - Emergency: Malware injection (https://vborg.vbsupport.ru/showthread.php?t=281042)

lycheepassion

04-03-2012 03:25 AM

Emergency: Malware injection

As of Weds my forum has been injected with directmarketingprompt.in malware

. I did an upgrade to 4.11 patch 1 from 4.1.0 (er I mean the last version before the latest with the patch) and then did a scan on Sucuri and it showed clean now it's not anymore. How can I fix this?

Here's the google diagnostic page
http://preview.tinyurl.com/gdiagno

Here's the sucuri report:

http://preview.tinyurl.com/sucscan

Here's my site:

http://preview.tinyurl.com/d4maq8n

Just disabled mods, ran suspect files, not sure what to do.> Thanks

borbole

04-03-2012 03:05 PM

Search the db for any trace of the injected code and remove them if found. Run a check of your server space as well and then contact your host so they can check things on their end as well.

lycheepassion

04-03-2012 10:46 PM

thanks VB May have fixed it. How would I run a db search?

santi00

04-04-2012 12:00 AM

I have a big problem. I think is the same.
If i clean the cookies and cache on the browser, then i go on my forum by google (searcing one of my keywords) and when i click on my site from google serp. I went redirect on http://file2store.info.
VB 4.1.11 and vbseo 3.5
Another italian friend has tried to upload vbseo and remove all plugin but the problem is the same.

Whitch is the solution?

gazza2008

04-04-2012 06:51 AM

I am having the same problem

I think if you upgrade to the vb 4.1.11 patch that might do it

If anyone else has any ideas let me know

santi00

04-04-2012 12:08 PM

Incredible that a vbulletin has this bug..... there'wes in a last version (vb 3.X) but i hope with the 4.x version the bug was resolved. Now i can see that the bug is always....incredible.

K a M a L

04-04-2012 01:16 PM

santi00 and gazza2008
if you have any of these mods installed (vBActivity, vBShout, Forumon RPG, vBDownloads and vBQuiz)
there is an XSS vulnerability on them
if not there is an Xss vulnerability on Ckeditor , and you should upgrade to latest Patch level

santi00

04-04-2012 01:39 PM

I haven't these mods installed and ckeditor.
The proble are in a lot of forum. Incredible because vbulletin is a commercial software.
INCREDIBLE.

Pandemikk

04-04-2012 01:44 PM

I.n.c.r.e.d.i.b.l.e

K a M a L

04-04-2012 01:52 PM

Could you give me an infected site url , to check for the reason ?

All times are GMT. The time now is 11:30 PM.

Page 1 of 2

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.06463 seconds Memory Usage 1,727KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: