Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
  #1  
Old 11-26-2020, 08:12 PM
hunter1985 hunter1985 is offline
 
Join Date: Oct 2012
Location: Dundee, Scotland
Posts: 33
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default [4.2.5] Clientscript Malware

Hello my website appears to have security issues from using vBulletin 4.2.5, those javascript files appears to be needing updated or fixed before things gets worse

https://sitecheck.sucuri.net/results/apg-clan.org
Reply With Quote
  #2  
Old 11-26-2020, 09:27 PM
yilmaz's Avatar
yilmaz yilmaz is offline
 
Join Date: Sep 2004
Posts: 751
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Re-upload files in clientscript folder to ftp
Reply With Quote
  #3  
Old 12-01-2022, 01:13 PM
marikko marikko is offline
 
Join Date: Jul 2020
Posts: 5
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I have the same issue. Somebody is altering files like /clientscript/vbulletin_md5.js
with some redirecting / malware code.

Any tipps on how to fix this? How can they even access my files?

I did reupload all the clientscript files and this fixes it, but one or two weeks later the malware stuff is back and the files were altered again by some hacker...

Already changed all passwords, added htaccess etc. but it does not help.
Reply With Quote
  #4  
Old 12-01-2022, 03:32 PM
Hostboard's Avatar
Hostboard Hostboard is offline
 
Join Date: May 2002
Location: CT
Posts: 843
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You really should re-upload ALL the vBulletin files, change all your passwords (vBulletin, hosting, FTP, etc.) Also check who belongs to the admin group and make sure no one is there that is not supposed to be.
Reply With Quote
  #5  
Old 12-03-2022, 03:22 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There is some code more than likely, hidden within one of your plugins or within a template, it may link out to something (that then renders the malicious code) making it harder to find.

Edit each of your plugins, then scroll down to the bottom, if you see a large gap in space or anything that looks like added code, paste it here for review.

You can use this guide:
https://forum.vbulletin.com/blogs/mi...vbulletin-site

There was also another guide by Zachery or Trevor I believe from back then, that is also relevant and useful but I couldn't locate the link, you may wish to search for that one (I believe it's a forum post versus a blog post etc). Edit: Found it - https://forum.vbulletin.com/blogs/za...ve-been-hacked
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:22 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03769 seconds
  • Memory Usage 2,188KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (5)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete