vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   ibProArcade Archive (https://vborg.vbsupport.ru/forumdisplay.php?f=174)
-   -   Very old version of this plugin (https://vborg.vbsupport.ru/showthread.php?t=300286)

jesus likes pie 07-20-2013 03:34 AM
Very old version of this plugin
 
Hi, I have an expired vBulletin license and am stuck at 3.8.2.

My forum has been compromised a few times in the past 5 months. Nothing has been defaced but its obviously still worrying. The first time this happened, all of my .js files were edited to include some extra iframe/call or something (can't quite recall).

The second time, I remember index.php and global.php were both edited to have some sort of strange code added at the very top (before the vB copyright comment). I assume it was some sort of shell (!!).

I've researched the release notes for vB 3.8.3 - 3.8.7 as well as the bugs in their tracker website (forgot the name). It seems to me that vB 3.8.2 is itself safe. There was some sort of scary exploit regarding the FAQ but it seems to have only been for 3.8.6 - so I should be safe.

This means the exploit has to be caused by some plugin. It seems I'm running a very old version of ibProArcade: 2.6.5. Is this likely the cause of my problems? Can someone PM me details of how an attacker can compromise my site with this version of the arcade? (If you look at my vb.org history hopefully you'll see that I'm not trying to phish details in order to exploit other forums!).

Finally, in order to fix this, is it enough to turn the Arcade "OFF" in the Main settings and then disable the product through the ACP Product Manager? Or should I remove the .php file(s) associated with it as well? (Is it only arcade.php?)

Thanks!


All times are GMT. The time now is 03:52 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00966 seconds
  • Memory Usage 1,704KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (1)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete