Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-03-2006, 05:18 PM
TorGa3iGhT TorGa3iGhT is offline
 
Join Date: Jun 2005
Posts: 26
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default My vbb Site getting hacked...help

ok. so for the last two days I have been getting one or more people signing up on my vbulletin who post the following line in the title and body:

Code:
">"">>>><meta http-equiv="Refresh" content="0;url=http://clubplus.pl/"> """" >
once they post this, the website basically redirects to the website in the url.

i have been looking for where to turn the HTML off in the title,but I can't find it. Can someone help me out in stopping this from happening? are there any fixes anywhere out there to prevent this from happening?

I am running vbb 3.5.4. Thanks guys!
Reply With Quote
  #2  
Old 09-03-2006, 05:21 PM
Guest190829
Guest
 
Posts: n/a
Default

Hello,

That is from the following modification:

https://vborg.vbsupport.ru/showthread.php?t=93065

A fix has been applied by staff, so please update to the most recent version.
Reply With Quote
  #3  
Old 09-03-2006, 05:36 PM
TorGa3iGhT TorGa3iGhT is offline
 
Join Date: Jun 2005
Posts: 26
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks....i'll give it a try..reading the thread now. BTW...is this the correct place to list something like this if it should happen again with something different? i couldn't find a place other than in off-topic to post this...
Reply With Quote
  #4  
Old 09-03-2006, 05:40 PM
Guest190829
Guest
 
Posts: n/a
Default

Well currently, this is the correct place.
Reply With Quote
  #5  
Old 09-03-2006, 06:14 PM
TorGa3iGhT TorGa3iGhT is offline
 
Join Date: Jun 2005
Posts: 26
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ok...so I didn't have top x installed to begin with....i thought I did, but I actually have cyb top poster installed. could it be a similar problem?
Reply With Quote
  #6  
Old 09-03-2006, 06:23 PM
Puck 24/7 Puck 24/7 is offline
 
Join Date: Aug 2006
Posts: 7
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This news should be shown on vb.org's main page.
Reply With Quote
  #7  
Old 09-03-2006, 06:30 PM
Guest190829
Guest
 
Posts: n/a
Default

You have html enabled on your forums? Sorry, I didn't read it correctly. But then that may be a vBulletin issue. I would disable HTML on your forums then...and I will take a look at the mod you mentioned right now...
Reply With Quote
  #8  
Old 09-03-2006, 06:38 PM
TorGa3iGhT TorGa3iGhT is offline
 
Join Date: Jun 2005
Posts: 26
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

naw, html wans't enabled. I found the fix for the cyb one as well...top x stats as well as the cyb advanced forum statistics both have this vulnerability. the new version of cyb advanced forum statistics also deals with this issue.

I installed the updated version over my old one, and it appears to have fixed the problem. I undeleted the hacked post, and it doesnt' redirect anymore, so apparently the new version works.

For anyone who has not yet installed the new version of top x stats or cyb advanced forum statistics, I suggest you do so, else your site may be vulnerable to this attack one day in the future.

Thanks for everyone's help!
Reply With Quote
  #9  
Old 09-03-2006, 06:43 PM
Guest190829
Guest
 
Posts: n/a
Default

Okay seems like that modification was patched about a week ago. Thanks for the info.
Reply With Quote
  #10  
Old 09-05-2006, 03:52 PM
TorGa3iGhT TorGa3iGhT is offline
 
Join Date: Jun 2005
Posts: 26
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

ok...well, i thought this fixed it...apparently it didn't. Even after I checked and double-checked the other day to fix it, it still isn't working. my site still redirects, but this time to a hacked page.

I just now deleted the thread and everyone now does not get redirected, EXCEPT my admin screen name. any ideas guys?

it redirected me to this site:
http://walnan.freehostia.com/

ok...i just disabled the cyb advanced forum statistics, and now it does not redirect me. so apparently the new update didn't fix it?

where can I check to see if html is disabled or not?
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:18 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06742 seconds
  • Memory Usage 2,242KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (6)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete