The Arcive of Official vBulletin Modifications Site.

Gas Man · #1 11-17-2012, 08:27 PM

First off, I'm very new to website stuff. I have ran many forum's before but only as moderator and admins, doing stuff only in the vb admin panel. Last year I purchased a local site from a friend that was getting out of it. With lots of help from some friends I got the site transfered to a new hosting company and upgraded it a bunch. Recently I haven't been able to have my old friend help, he's been busy, so I'm tackling things by myself.

I have been battling this over and over for a long time. Somehow my forum gets hacked so that when you click on a link from google or yahoo it gets redirected to some short url spam site. Sometimes from google, my avast will say it blocks a trojan.

The site is fine if I just use a bookmark, but once you try to go from a search engine, all heck breaks loose. I have the hosting company scan the site and they always find something like the following..

Quote:

It appears that the vbulletin database was injected with malicious code by the use of a commonly know vbadvance exploit:

I have 4.2.0 PL3 installed.

I do have 4 plug ins installed that I didn't install
https://vborg.vbsupport.ru/showthread.php?t=174381
https://vborg.vbsupport.ru/showthread.php?t=180651
http://www.vbadvanced.com/products.p...fo&productid=4

And as of yesterday (it's been happening way longer)
https://vborg.vbsupport.ru/showthread.php?t=248042

I do see that the CMPS is out of date, but they want to install it themselves, not just let me download it. They want lots of important info, that I'm not sure about handing out. Is that ok to give them for this, then just change passwords later???

Any other suggestions?? This is a horrible ridiculous thing and I'm sick of just having it cleaned to just have it back later.

Thanks in advance!!

--------------- Added [DATE]1353193292[/DATE] at [TIME]1353193292[/TIME] ---------------

Ok vbadvance only wants admin access to vb and ftp setup for the install. Guess that's not so bad.

snakes1100 · #2 11-17-2012, 11:23 PM

I assume you do NOT have vbseo installed as i dont see it in your list of installed programs?

Ive fixed this in the past for some one that had this issue.

1. Move/Delete all current file related to the account.

2. Upload a new .htaccess file & place a deny all in it, w/ the exception of your IP.

3. Upload all new files for all programs installed.

4. Update all the programs on your site.

5. Verify proper permissions on said files.

6. Verify that you have no plugins or hacks that you didnt install in your forums.

Give google 1 or 2 days to reset, you should be all set.

Gas Man · #3 11-18-2012, 03:31 AM

I will have to do some research on that. That is all above my knowledge base...

Thanks for the input. All of that is needed to just stop hacks into my plug ins?

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.06790 seconds Memory Usage 2,179KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (3)post_thanks_box (3)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (3)post_thanks_postbit_info (3)postbit (3)postbit_onlinestatus (3)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!