Miscellaneous Hacks - Rotating Banner System

With the Rotating Banner System software, you may publish literally anywhere standard banners and advertising, with no restriction but your imagination. Unlike many other products, it allows to show an unlimited amount of banners and advertising, which are randomly shown at the places you choose, and you may refer generically to an Ad by using specific placeholders.

Also the management is straight-forward and simple to use. Forum administrators with maintenance rights may add, edit and delete records from the Administration Control Panel (ACP), one of each representing a banner. After saving the new banner settings, they are immediately visible at your board.

Compatibility: from vBulletin 3.6.5 onwards

By the way, I do also install the hack on your boards, but since I am very, very busy, it may take some time (weeks) until it gets done.


Tutorials:

• How-to create my first banner (Flash).

Updates:

• 2.0.1: Simple click tracker added, HTML help included.
• 2.0.3: Small bug fixes; additional banner list, navigation bar, E-Mail field for banner event notifications and automatic save on scroll setting; absolute URL to rbs_banner.php in order to allow click tracking on non-standard pages; supported languages: English, Italian; Help file clean-up.
• 2.0.5: Small bug fixes; additional details in banner list; email notification for epired banners.
• 2.0.6: vbCMS compatibility bug fix; additional banner lists.
• 2.0.7: Usergroups filter: now it is possible to define a list of usergroups which may show a banner; additional vbCMS compatibility bug fix.
• 2.0.8: Various fixes and most of all, inclusion of the right files: admin_rbs.php, cpnav_rbs.xml
• 2.0.9: Extra comma fix in new record creation.
• 2.1.0: Fix for an occasional banner type selection bug, when the sample banners have been deleted or disabled.
• 2.2.0 (Major upgrade): Up to 10 different banner locations. Requires changes to your existing placeholders in your templates, since a more generic format has been chosen. If you don't need more than 2 different locations, you don't need to upgrade. Changed files: rbs_banner.php, admin_rbs.php
• 2.2.1: Minor bug fix in files: admin_rbs_h_banner_list.php, admin_rbs_v_banner_list.php
• 2.2.1: Hotfix for Max Clicks saving bug.
• 2.2.2: More listings and less files. PDF Help. Separate Italian add-ons and help. Duplicate button.
• 2.2.3: Minor bug fixes. Changed files: product-rbs.xml
• 2.2.4: Flash Banner support (beta). Changed files: product-rbs.xml, rbs_wrapper.swf, admin_rbs.php, English Help.
• 2.2.5: Hotfix for vBulletin 4.0.2 compatibility bug.
• 2.2.6: Checking for installed Flash Wrapper rbs_wrapper.swf; A few English FAQ; Help files. Changed files: product-rbs.xml
• 2.3.0 (Major upgrade): New modules: Delete Expired Banners, Disable Expired Banners; Detail Banner Statistics with unique access key for your customers; Updated help; Changed files: all.
• 2.3.1: Hotfix for missing field in rbs_hist table. Changed files: none, just update product.
• 2.3.2: Added: Unsupported option for setting any number of available positions between 1 and big bang. Fixed: Small bug and speed issues. Removed: Italian translation. Italians may now request support at www.vbulletin.it. Changed files: admin_rbs.php.
• 2.3.3: Fix: Copy selected forum ID's during banner duplication. Changed: start and end hours for new banners are set to 0:00 and 23:59 respectively. Changed files: admin_rbs.php.
• 2.3.4: Option: Send Mail Before. This option allows to schedule expiring banners differently. New variables for emails: $rbs_enddate: This variable holds the formatted banner ending date and time based on the standard formats for date and time in vBulletin settings; $rbs_name: This variable holds the banner name. EMail Notifications option description: Added direct links to the email phrases for quick changes. Changed files: rbs_mail_cron.php.
• 2.4.0 (Major upgrade): Removed: Option to enable or disable mailing. Banners with email addresses to notify are handled. Setting to reset mailing in single banners. Now, if mailing should be repeated, you will have to edit the banner from phpMyAdmin. Added: Order links in lists. The initial state is ordered by ID, as before. By clicking the titles, the other voices can be ordered. Clicking twice inverts the order. This works in all lists. Options to prevent counting and reducing thus a tiny bit of load. A new bunch of demo banners for new installations. Demo banners are locked into database in order to avoid 30% of the questions because of the 'experts' deleting them before trying the product. They can be disabled and modified though. The true experts can delete them after all testing from the database by using phpMyAdmin without side effects. Changes: Phrase for emailing about expiring banners, now also with direct links to the phrases. Demo banners. Our old publisher ID is replaced with the new ones, and old demo banners are updated with the new ones, if found. The functions have been exported to includes/functions_rbs.php. This makes the product code smaller and easier to maintain, and runs faster on sites where caching/acceleration is enabled. Changed Files: all *.php
• 2.4.1: Option Likelihood. This new option adds a weight to banners and allows thus to show one banner more often than another. The default weight is 100%. We also make sure that the final date of the default banners falls into a valid range. Changed files: includes/functions_rbs.php and rbs_stats.php.
• 2.4.2: Workaround for update sequence problems.

Hacks and unsupported add-ons:

• Banner Rotator Widget To CMS
• Rotate banners in-place
• Italian Translation

[y2ksw]

Quote:

Originally Posted by zackw

It seem this script may have been hacked.

Maybe it's not this script, but something else? In any case, there is a script injected into my template in the code where RBS is supposed to be. This screenshot shows a bad script in my template where it was never supposed to be. I deleted RBS and all its files.

To anybody else with RBS, please check the template location, and also check page source for the phrase "lovehouse" to confirm. Maybe it was just me, or maybe the hack was injected through some other means, I just don't know.

http://www.mediafire.com/view/jv5ekliv2ibkocj/hack.png

It isn't!

Your templates are your templates and all what happens to them is entirely up to you. This modification does not make any changes to existing templates and template modifications as suggested in the help file, are made by you or your software.

[y2ksw]

Quote:

Originally Posted by Greta@CPF

Ok - this has to be done for each individual banner in the Position 2 pool. There is no way to do this through "Manage Ads" under the Advertising tab in vBulleitn?

Yes, you can eventually do it from there, if there is such as a negation option.

[zackw]

Quote:

Originally Posted by y2ksw

It isn't!

Your templates are your templates and all what happens to them is entirely up to you. This modification does not make any changes to existing templates and template modifications as suggested in the help file, are made by you or your software.

I didn't make the changes. That's why it's called a hack. But seemed to be connected with this script if that's how the hacker gained entrance.

When I run the suspect file version tool, the ONLY files that it complains about are RBS files.

[y2ksw]

Quote:

Originally Posted by zackw

I didn't make the changes. That's why it's called a hack. But seemed to be connected with this script if that's how the hacker gained entrance.

When I run the suspect file version tool, the ONLY files that it complains about are RBS files.

Yeah I'm sure you didn't change in the way it is now, but I'm sure you created the part which follows the "hack". Because this script dows not make changes to the templates. Else, you could also say it is related to vBulletin or any other script you may have.

The WORM you got in your forums is changing whatever it pleases, it has nothing to do with any other legit script. Remove it (and the changes it made) and your forum behaves well.

[zackw]

Quote:

Originally Posted by y2ksw

Yeah I'm sure you didn't change in the way it is now, but I'm sure you created the part which follows the "hack". Because this script dows not make changes to the templates. Else, you could also say it is related to vBulletin or any other script you may have.

The WORM you got in your forums is changing whatever it pleases, it has nothing to do with any other legit script. Remove it (and the changes it made) and your forum behaves well.

"Remove it..." How does one find "it"? VB file checker only shows RBS files as suspicious. Should I delete them? Reinstall RBS?

I realize RBS doesn't change templates. And you know, html forms don't delete databases, but people have used insecure forms to do just that with SQL injection.
I doesn't matter what RBS "does" in normal operation, the question is whether things were hacked through it.

In any event, I edited the templates to remove the payload, but what other means can tell me where some worm is hiding?

I know this is probably not the thread to continue this, but if someone has a link to a method of validating the whole install, that would help.

[squidsk]

You have to trace the changes. Find out when and who changed the template from the logs and go from there. It's a painstakingly slow process to find when and who changed it. As for vbulletin reporting rbs files as suspect it will do that for almost all products since most product do not supply the xml file that vb requires to know if the file is the original file for the mod.

[y2ksw]

Quote:

Originally Posted by zackw

"Remove it..." How does one find "it"? VB file checker only shows RBS files as suspicious. Should I delete them? Reinstall RBS?

I realize RBS doesn't change templates. And you know, html forms don't delete databases, but people have used insecure forms to do just that with SQL injection.
I doesn't matter what RBS "does" in normal operation, the question is whether things were hacked through it.

In any event, I edited the templates to remove the payload, but what other means can tell me where some worm is hiding?

I know this is probably not the thread to continue this, but if someone has a link to a method of validating the whole install, that would help.

This particular WORM enters via XSS your admin panel and installs itself into the plugin cache. Some versions keep also a plugin you never installed, but most of them just have the cached code, which may be found by extracting all plugin code from the datastore table. It has a suspiciously long white space line (to move out of sight) and some eval/base64_decode sequences which install and quirk the templates in order to show their links.

You can get rid of the cache-only version by saving a single plugin, but usually there is also an infected script (tampered image) which then reinstalls the WORM once again. I found that Avast makes a good job to find infected scripts, but also a global search on files for some pattern may work as well.

Please note, that this WORM is carefully designed and not as stupid as most of their kind. It is hard to remove and usually requires to check all files on your installation, including plugins where it may hide (appended or prepended, rarely inserted). There also may be some templates which attempt to load external files in order to reinfect the whole.

[cloferba]

Hi!

Thank you so much for your plugin.

Could you please let me know if PHP code can be inserted?

Quote:

Text
This field may hold any kind of script (e.g. Google AdSense) and/or HTML which will be inserted in your pages. Please make sure it works and that all tags are closed properly.

Thank you

[y2ksw]

Quote:

Originally Posted by cloferba

Hi!

Thank you so much for your plugin.

Could you please let me know if PHP code can be inserted?


Thank you

No. PHP isn't executed at the browser level.

[Scream And Fly]

Hello! I've been using your product for years at www.screamandfly.com
On the left side, we have four 140x200px banners managed by the individual locations, which is great.
I wanted to add additional banners, however when I add another banner to a 5th location, it won't show up. It seems only the 4 locations can be visible. Is there an easy way to add more locations on the left side?

Thank you!