Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #51  
Old 05-14-2011, 10:04 AM
fxwoody's Avatar
fxwoody fxwoody is offline
 
Join Date: Jun 2010
Location: On Earth
Posts: 291
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok so they can hack the plugin to find a whole and get into the SQL or so....yes??
I was checking Valter's plugin and now it's quarantine, what happened now with it????

Should we disable it or is there a way that Valter will fix it ?!?!?

Can't post in the thread for news

Cheers
Reply With Quote
  #52  
Old 05-14-2011, 12:13 PM
madshark's Avatar
madshark madshark is offline
 
Join Date: Oct 2009
Posts: 32
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes essentially thats what I understood reading the posts.

It was quarantined yesterday because someone seems to have found another exploit (a few pages back on this thread I think) even with the latest update. I'd suggest disabling it in the least if you have a large/well known board. I just copied over my rules and uninstalled it completely for now. That dumps the SQL tables as well as I didn't want to risk it.

He will fix it no doubt. The first time around the fix came within a few hours. But there doesn't seem to be any Valter activity yet. He could just be busy elsewhere.

Yeah once its quarantined it gets locked. I ended up here for the same reason.
Reply With Quote
  #53  
Old 05-14-2011, 12:16 PM
AusPhotography's Avatar
AusPhotography AusPhotography is offline
 
Join Date: Nov 2007
Location: Hobart & Adelaide .au
Posts: 521
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

[S]I'm not convinced Advanced Forum Rules is the attack vector for the latest round. Sites that have never used it have reportedly been attacked.[/S]

Retracted.

I found a hole in the cookie handling code due to the use of the PHP eval function.
I.e. the hacker pre-sets a cookie to contain malicious code, and the eval function runs it when it picks up the cookie content (that it was expecting to be something else).


Kym
Reply With Quote
  #54  
Old 05-14-2011, 12:32 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by madshark View Post
He will fix it no doubt. The first time around the fix came within a few hours. But there doesn't seem to be any Valter activity yet. He could just be busy elsewhere.
Valter responded to my PM this morning, it's been fixed and it's awaiting reactivation (or whatever they call it). But yeah, if you have the latest installed it should be disabled now I would think. I don't think you'd actually have to uninstall it because when you disable it the plugins are inactive.

Quote:
Originally Posted by snoopytas View Post
I'm not convinced Advanced Forum Rules is the attack vector for the latest round. Sites that have never used it have reportedly been attacked.
That's right, I haven't seen any evidence that this mod was actually used for any attack (not that I've looked that hard - maybe on vbulletin.com?).

As for the "uninstall all mods" person, if you want your server to be safe from hacking unplug it from the internet (and keep it in a locked room).
Reply With Quote
  #55  
Old 05-14-2011, 12:54 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Not a single site i have done repair work on was missing the specific mod in question. Not a single site i repaired had no modifications.
Reply With Quote
  #56  
Old 05-14-2011, 12:58 PM
kh99 kh99 is offline
 
Join Date: Aug 2009
Location: Maine
Posts: 13,185
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, fair enough - that's a pretty strong argument.
Reply With Quote
  #57  
Old 05-14-2011, 02:30 PM
Disasterpiece's Avatar
Disasterpiece Disasterpiece is offline
 
Join Date: Apr 2007
Location: GER
Posts: 765
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by fxwoody View Post
Ok so they can hack the plugin to find a whole and get into the SQL or so....yes??
I was checking Valter's plugin and now it's quarantine, what happened now with it????

Should we disable it or is there a way that Valter will fix it ?!?!?

Can't post in the thread for news

Cheers
I reported the mod yesterday because I found the exploit.

And with the user table info on the 3rd page I even know how they got in there
interesting. It feels like solving a murder case ^^
Reply With Quote
  #58  
Old 05-14-2011, 02:40 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Disasterpiece View Post
It feels like solving a murder case ^^
Gut gemacht Inspector Derrick
Reply With Quote
  #59  
Old 05-14-2011, 04:15 PM
Frosty Frosty is offline
 
Join Date: Apr 2011
Posts: 166
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Nickbe View Post
Would that allow them to upload outside of the forum directory? That is what they did to me. The forum directory resides withing my public_html (user/public_html/forums) they uploaded files to (user/public_html). I suspect this issue goes deeper than everybody thinks.
Hey Nickbe,
They could have firstly uploaded the shell to the forum dir, and then upload another one (because php shells allow browsing of the directories on a certain web hosting account) in another writeable directory.

So yeah, even if they manage to get into your admin panel, and if you have no writeable directories you're pretty much safe.
Reply With Quote
  #60  
Old 05-14-2011, 04:56 PM
Zachery's Avatar
Zachery Zachery is offline
 
Join Date: Jul 2002
Location: Ontario, Canada
Posts: 11,440
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That is not completely true, really depends on the servers setup and configuration.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:38 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04746 seconds
  • Memory Usage 2,262KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete