Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions

Reply
 
Thread Tools Display Modes
  #21  
Old 09-04-2013, 11:53 PM
dawges dawges is offline
 
Join Date: May 2007
Posts: 96
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by snakes1100 View Post
I wasnt suggesting files, i suggested in your db.
I found a table called "settings" in my database that contained only one entry. The iframe. Should i delete the entire table?
Reply With Quote
  #22  
Old 09-05-2013, 12:01 AM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I dunno if I would delete it, maybe rename it to x_settings to make sure it is not supposed to be used by a mod or something. Then check your site and see if the iframe is still in the footer.
Reply With Quote
  #23  
Old 09-05-2013, 12:06 AM
dawges dawges is offline
 
Join Date: May 2007
Posts: 96
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ozzy47 View Post
I dunno if I would delete it, maybe rename it to x_settings to make sure it is not supposed to be used by a mod or something. Then check your site and see if the iframe is still in the footer.
Oops, i didnt mean delete the table just the entry. I did that but the iframe remains. There are no more database entries with this hack that i can see.
Reply With Quote
  #24  
Old 09-05-2013, 12:06 AM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

vb4 uses setting, not settings, if the only entry in that table is the iframe, id nuke it after backing it up.

But he has to be calling that table & setting, you may have more to inspect than just that.
Reply With Quote
  #25  
Old 09-05-2013, 12:11 AM
dawges dawges is offline
 
Join Date: May 2007
Posts: 96
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by snakes1100 View Post
vb4 uses setting, not settings, if the only entry in that table is the iframe, id nuke it after backing it up.

But he has to be calling that table & setting, you may have more to inspect than just that.
Just found it again in the "datastore" table. however its full of other settings. not sure how to remove it from there.
Reply With Quote
  #26  
Old 09-05-2013, 12:12 AM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Try this https://vborg.vbsupport.ru/showthread.php?t=265866

Backup your db first.

Manually editing your datastore can be tricky.
Reply With Quote
  #27  
Old 09-05-2013, 12:24 AM
dawges dawges is offline
 
Join Date: May 2007
Posts: 96
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by snakes1100 View Post
Try this https://vborg.vbsupport.ru/showthread.php?t=265866

Backup your db first.

Manually editing your datastore can be tricky.
I saw this addon many times but ignored it lol. what a dummy. I just installed it and ran it through scheduled tasks and it removed the iframe.

Thanks!

I still have no idea how I was hacked but apparently they couldn't do much. they didnt even edit my config file.

I changed all passwords
Installed admin panel firewall
and ran the hack fix

that seems to have done the trick.
Reply With Quote
Благодарность от:
CAG CheechDogg
  #28  
Old 09-05-2013, 12:26 AM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Welcome
Reply With Quote
  #29  
Old 09-05-2013, 12:28 AM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Glad to hear it is gone for now, hopefully it won't come back. Maybe they got one of the admin passwords or something, or it could have come from one of your mods, make sure hey are all up to date.

--------------- Added [DATE]1378344772[/DATE] at [TIME]1378344772[/TIME] ---------------

I would also recommend installing this mod, https://vborg.vbsupport.ru/showthrea...ght=vbsecurity
Reply With Quote
  #30  
Old 09-05-2013, 12:40 AM
dawges dawges is offline
 
Join Date: May 2007
Posts: 96
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ozzy47 View Post
Glad to hear it is gone for now, hopefully it won't come back. Maybe they got one of the admin passwords or something, or it could have come from one of your mods, make sure hey are all up to date.

--------------- Added [DATE]1378344772[/DATE] at [TIME]1378344772[/TIME] ---------------

I would also recommend installing this mod, https://vborg.vbsupport.ru/showthrea...ght=vbsecurity
This is very troubling. I just dont see how they got in. However, if you do a search on those hackers nicknames on Google you will see other admin suffering the same fate today. I hope they find this thread.

--------------- Added [DATE]1378345346[/DATE] at [TIME]1378345346[/TIME] ---------------
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:25 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04180 seconds
  • Memory Usage 2,247KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (1)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete