Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Check 4 Hack - Finds infected Datastore Entries Details »»
Check 4 Hack - Finds infected Datastore Entries
Version: 1.00, by Hoffi Hoffi is offline
Developer Last Online: Mar 2016 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 4.1.4 Rating:
Released: 06-26-2011 Last Update: Never Installs: 152
Uses Plugins
Additional Files Translations  
No support by the author.

Many Users have Problems with infected Webservers.

I wrote a small Cron-Job that searches the datastore for possible infects and tried to repair them.

1.0 Initial relase with one check:
Checks if a base64 Code resists in the Datastore. If it's found in the pluginlist, the Datastore will be rebuild.

For more Checks, tell them. I'll add them.

The Cron Job will be started every 20 Min, and sends a Mail to the entered Mailadress, or if non entered, to the webmaster eMail-adress.

Install:

Upload the upload Directory and install the XML File.

German Version is also integrated.

If you want to check the Plugin, enable the Demo-Plugin which is installed, too. Only if it's enabled, the Check will find this.

If this Mod detects an infect, please do not lean back! Research it, and fix your security Hole!

Download Now

File Type: zip c4h.zip (2.8 KB, 1147 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
8 благодарности(ей) от:
djbaxter, fahris, furnival, Lee G, strudinox, TheLastSuperman, Toxic2

Comments
  #22  
Old 07-01-2011, 11:19 AM
pantani's Avatar
pantani pantani is offline
 
Join Date: Dec 2007
Location: Belgium
Posts: 126
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

will test it
Reply With Quote
  #23  
Old 07-01-2011, 01:29 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lee G View Post
Can anyone please confirm this works with 3.8
Going by my flat line in traffic, it looks like I have been hit a second time in just over a year
Quote:
Originally Posted by BirdOPrey5 View Post
I can't confirm it but I see no reason why it wouldn't.
Quote:
Originally Posted by pantani View Post
will test it
Yes, I have it running on one 4.1.4 forum and one 3.8.3 forum.
Reply With Quote
Благодарность от:
Lee G
  #24  
Old 07-01-2011, 02:20 PM
Lee G Lee G is offline
 
Join Date: Jun 2006
Location: Costa Blanca
Posts: 143
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Fingers crossed, installed on a 3.8.1 forum
Cant find where to turn the test option on though
No doubt a dumb question
Reply With Quote
  #25  
Old 07-01-2011, 02:34 PM
Habsy Habsy is offline
 
Join Date: Sep 2006
Posts: 55
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Does this work for 4.1.4?

Many thanks.
Reply With Quote
  #26  
Old 07-01-2011, 02:41 PM
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
Senior Member
 
Join Date: Jun 2008
Location: New York
Posts: 10,610
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Habsy View Post
Does this work for 4.1.4?

Many thanks.
In the very top post it says "vB version 4.1.4" so I would say yes, it does.
Reply With Quote
  #27  
Old 07-01-2011, 03:03 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Lee G View Post
Fingers crossed, installed on a 3.8.1 forum
Cant find where to turn the test option on though
No doubt a dumb question
No, not at all. This is a very useful add-on but doesn't have a lot of documentation.
  1. Admin CP >> vBulletin Options >> vBulletin Options

    select Server Settings and Optimization Options

    scroll down to "E-Mail adress: If a infect is detected, a warn mail will send to this adress. Then the System trys to repair" and enter the email address for notification.

  2. AdminCP >> Plugins & Products >> Plugin Manager

    scroll down to Product : Check 4 Hacking and find below that [s]demo[/s]

    enable demo

  3. Admin CP >> Scheduled Tasks >> Scheduled Task Manager

    scroll down to "Check 4 Hacking: Test the datastore for infects"

    click on "Run Now"

    you should get an email saying the cron job has found an infection in demo

  4. Remember to go back and disable the demo plugin from step 2 above
Reply With Quote
  #28  
Old 07-01-2011, 03:32 PM
MentaL's Avatar
MentaL MentaL is offline
 
Join Date: Jan 2003
Posts: 550
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

i assume a blank email means no infection?
Reply With Quote
  #29  
Old 07-01-2011, 03:47 PM
ata-k ata-k is offline
 
Join Date: Mar 2011
Posts: 16
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

hello ... can you help? the program sent me this to my mail ...

Were the Following modules infected:

pluginlist

Is this normal?? or is it a virus?? and if a virus I do? I hope you can answer and help me ... thank you very much!
Reply With Quote
  #30  
Old 07-01-2011, 03:48 PM
djbaxter djbaxter is offline
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 2,601
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by MentaL View Post
i assume a blank email means no infection?
Yes. That only happens once after the "infected" email, presumably to confirm that you're now clean.

Quote:
Originally Posted by ata-k View Post
hello ... can you help? the program sent me this to my mail ...

Were the Following modules infected:

pluginlist

Is this normal?? or is it a virus?? and if a virus I do? I hope you can answer and help me ... thank you very much!
That's because you enabled the "demo" plugin. Now go in and disable it.
Reply With Quote
  #31  
Old 07-01-2011, 04:10 PM
MentaL's Avatar
MentaL MentaL is offline
 
Join Date: Jan 2003
Posts: 550
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I got no infected email just 3 blanks.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:11 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05141 seconds
  • Memory Usage 2,346KB
  • Queries Executed 28 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (7)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (8)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (2)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete