The Arcive of Official vBulletin Modifications Site.

gsmlover4u · #1 03-17-2010, 06:35 AM

is there any black hole in vbulletin 4.0.2 ?
who is this hacker ?
chek it
*** Link removed, probably infected with virus ***

--------------- Added 17 Mar 2010 at 09:25 ---------------

how i fix it any solution ?

TimberFloorAu · #2 03-17-2010, 07:50 AM

Reupload your index.php

Check you havent got any files chmodded to 777

gsmlover4u · #3 03-17-2010, 08:26 AM

i upload index php
but same

pant · #4 03-17-2010, 09:05 AM

Quote:

Originally Posted by TimberFloorAu

Reupload your index.php

Check you havent got any files chmodded to 777

Our styles folder thing is 777 but that's because VB instructions said to do so, is that going to be a problem?

borbole · #5 03-17-2010, 10:46 AM

Quote:

Originally Posted by gsmlover4u

is there any black hole in vbulletin 4.0.2 ?
who is this hacker ?
chek it
*** Link removed, probably infected with virus ***

--------------- Added 17 Mar 2010 at 09:25 ---------------

how i fix it any solution ?

I can''t load the page. How were you hacked?

gsmlover4u · #6 03-17-2010, 11:12 AM

Quote:

Originally Posted by borbole

I can''t load the page. How were you hacked?

chek page is loading

borbole · #7 03-17-2010, 11:22 AM

Quote:

Originally Posted by gsmlover4u

chek page is loading

Replace all your vb files with a fresh set from the vb package (your version). This will take care of cleaning up all your forum files. Then scan all the other files in your server space and look if they have been injected with malicous codes and clean them up if they have been. Look also for anything out of the ordinary, like files that shouldn''t be there etc. Then scan your pc for any malware programs and change all your passwords (for your forum, ftp, cp of your host etc). And upgrade your forum to the latest version if you are running an older version. And as last but not least, inform your host so they can check their access logs and see how the hacker got in. Hope it helps.

gsmlover4u · #8 03-17-2010, 11:32 AM

sir thanks for help
i will need upload all new data (overwrite) ?
or i will need to delete old folder and then upload new ?

borbole · #9 03-17-2010, 11:39 AM

Quote:

Originally Posted by gsmlover4u

sir thanks for help
i will need upload all new data (overwrite) ?
or i will need to delete old folder and then upload new ?

Well, have you installed mods that required uploading of files? Anyway, I don''t think that deleting of the forum folder will necessary. Overwritting them will be more than enough, however check the forum folder for any suspicious files. i.e. files that shouldn''t be there.

TheLastSuperman · #10 03-17-2010, 11:40 AM

DO NOT CLICK THAT LINK IN POST #1

It has been reported, the hacker embedded a Virus into that index page.

--------------- Added [DATE]1268829981[/DATE] at [TIME]1268829981[/TIME] ---------------

gsmlover4u

Run scans on your PC now and make sure your not infected, same for anyone else who did not see an alert by their anti-virus or other software used to prevent such, active x exploit etc.

I had no-script running however it bypassed that luckily AVG caught the little demon.

Edit: Thanks Marco for the quick edit - You DA MAN

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04222 seconds Memory Usage 2,256KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (5)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (10)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!