The Arcive of Official vBulletin Modifications Site.

preemz10314 · #1 05-25-2011, 12:17 PM

I am wondering if anyone else's forum has been attacked recently. And how, if so please state the version and the type of attack / what they did... as my site on 4.0.7 has been attacked a few times and I want to see if anyone else shares this problem.

My first attack was some form of iframe exploit that left a redirect to some page in the uk, the second one a week or so ago, left my forum.php file blank with the words "Xuplena" and nothing else...I am running 4.0.7 with security patch.

I have since, upgraded my server to help protect against SQL injections and have disabled shell scripts from running.

Frosty · #2 05-25-2011, 12:32 PM

Can you write the list of the addons you have installed?

preemz10314 · #3 05-25-2011, 12:45 PM

*Enabled mods are marked as Enabled - All others are disabled* It is a somewhat long list.

Add wibiya Script 1.1 -ENABLED

Article Forum 4.1.2

CT second_post_Ads 2.0.2

Digital Point Position Ads

Digital Point Spy 1.0

Display reputation comments given

DownloadsII 6.0.7 -ENABLED

Easy Mod Tools 4.0.4 -ENABLED

First Post on all pages 1.2

Hide Links From Guests 1.21

Hide Version 1

Inactive User Reminder Emails 2.1.1

MARCO1 Advanced Quick Reply And Edit With Smilies 4.5 -ENABLED

Members who have Visited 4.0.9 -ENABLED

Merge Double Posts 2.8

Minimum number of posts to send pm. 1 _ENABLED

Movie Of The Week 3.0.2

Separate Sticky and Normal Threads 4.0.1 _ENABLED

Show a Poll In FORUMHOME 3.0

today's Top Poster(s) 4.0.RC1 -ENABLED

vb4 Film Strips marquee by Yilmaz 8.5 -ENABLED

vBH - Add new tabs 1.2 1.2 -ENABLED

vBulletin Blog 4.0.7

vBulletin CMS 4.0.7 Content Management System

View signature restriction 1 -ENABLED

VSa - (De)Bump Threads 1.2

VSa - Advanced Forum Statistics 7.0.3

VSa - Advanced Permissions Based on Post Count 5.1

VSa - Advanced Registration 2.0.1

VSa - PayPal Donate 5.0 -ENABLED

Yet Another Mass Private Message System

Frosty · #4 05-25-2011, 12:55 PM

Well, you don't have VSa - Advaned Forum Rules installed, so you're not one of the "Team Animus" victims.

How did they hack you? Did they just edit your index.php or .htaccess file or they edited some style? It's very important since they would need FTP or PHP shell access for editing of php and .htaccess files, and if they just had your admin password they could have uploaded a php shell via plugin system. But I doubt it, so do the following:

- Download the latest database
- Download untouched files of your vBulletin version
- Replace old ones with the new ones.

Delete every file that wasn't overwritten.

nitra1000 · #5 05-26-2011, 07:18 AM

Also uninstall any of the mods that are disabled whats the point of having them there if they aren't turned on?

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.03673 seconds Memory Usage 2,191KB Queries Executed 13 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (5)post_thanks_box (5)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (5)post_thanks_postbit_info (5)postbit (5)postbit_onlinestatus (5)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!