The Arcive of Official vBulletin Modifications Site.

TorGa3iGhT · #1 09-03-2006, 05:18 PM

ok. so for the last two days I have been getting one or more people signing up on my vbulletin who post the following line in the title and body:

Code:

">"">>>><meta http-equiv="Refresh" content="0;url=http://clubplus.pl/"> """" >

once they post this, the website basically redirects to the website in the url.

i have been looking for where to turn the HTML off in the title,but I can't find it. Can someone help me out in stopping this from happening? are there any fixes anywhere out there to prevent this from happening?

I am running vbb 3.5.4. Thanks guys!

#2 09-03-2006, 05:21 PM

Hello,

That is from the following modification:

https://vborg.vbsupport.ru/showthread.php?t=93065

A fix has been applied by staff, so please update to the most recent version.

TorGa3iGhT · #3 09-03-2006, 05:36 PM

thanks....i'll give it a try..reading the thread now. BTW...is this the correct place to list something like this if it should happen again with something different? i couldn't find a place other than in off-topic to post this...

#4 09-03-2006, 05:40 PM

Well currently, this is the correct place.

TorGa3iGhT · #5 09-03-2006, 06:14 PM

ok...so I didn't have top x installed to begin with....i thought I did, but I actually have cyb top poster installed. could it be a similar problem?

Puck 24/7 · #6 09-03-2006, 06:23 PM

This news should be shown on vb.org's main page.

#7 09-03-2006, 06:30 PM

You have html enabled on your forums? Sorry, I didn't read it correctly. But then that may be a vBulletin issue. I would disable HTML on your forums then...and I will take a look at the mod you mentioned right now...

TorGa3iGhT · #8 09-03-2006, 06:38 PM

naw, html wans't enabled. I found the fix for the cyb one as well...top x stats as well as the cyb advanced forum statistics both have this vulnerability. the new version of cyb advanced forum statistics also deals with this issue.

I installed the updated version over my old one, and it appears to have fixed the problem. I undeleted the hacked post, and it doesnt' redirect anymore, so apparently the new version works.

For anyone who has not yet installed the new version of top x stats or cyb advanced forum statistics, I suggest you do so, else your site may be vulnerable to this attack one day in the future.

Thanks for everyone's help!

#9 09-03-2006, 06:43 PM

Okay seems like that modification was patched about a week ago. Thanks for the info.

TorGa3iGhT · #10 09-05-2006, 03:52 PM

ok...well, i thought this fixed it...apparently it didn't. Even after I checked and double-checked the other day to fix it, it still isn't working. my site still redirects, but this time to a hacked page.

I just now deleted the thread and everyone now does not get redirected, EXCEPT my admin screen name. any ideas guys?

it redirected me to this site:
http://walnan.freehostia.com/

ok...i just disabled the cyb advanced forum statistics, and now it does not redirect me. so apparently the new update didn't fix it?

where can I check to see if html is disabled or not?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04140 seconds Memory Usage 2,231KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_code (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (10)post_thanks_box (10)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (10)post_thanks_postbit_info (10)postbit (6)postbit_onlinestatus (10)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!