Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
Reload this Page Emergency: Malware injection
FAQ Community Calendar Today's Posts Search

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 04-03-2012, 03:25 AM
lycheepassion lycheepassion is offline
 
Join Date: Aug 2009
Posts: 224
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Emergency: Malware injection
As of Weds my forum has been injected with directmarketingprompt.in malware


. I did an upgrade to 4.11 patch 1 from 4.1.0 (er I mean the last version before the latest with the patch) and then did a scan on Sucuri and it showed clean now it's not anymore. How can I fix this?

Here's the google diagnostic page
http://preview.tinyurl.com/gdiagno

Here's the sucuri report:

http://preview.tinyurl.com/sucscan

Here's my site:

http://preview.tinyurl.com/d4maq8n

Just disabled mods, ran suspect files, not sure what to do.> Thanks
Reply With Quote
  #2  
Old 04-03-2012, 03:05 PM
borbole's Avatar
borbole borbole is offline
 
Join Date: Jan 2010
Posts: 2,559
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Search the db for any trace of the injected code and remove them if found. Run a check of your server space as well and then contact your host so they can check things on their end as well.
Reply With Quote
  #3  
Old 04-03-2012, 10:46 PM
lycheepassion lycheepassion is offline
 
Join Date: Aug 2009
Posts: 224
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
thanks VB May have fixed it. How would I run a db search?
Reply With Quote
  #4  
Old 04-04-2012, 12:00 AM
santi00 santi00 is offline
 
Join Date: Mar 2012
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I have a big problem. I think is the same.
If i clean the cookies and cache on the browser, then i go on my forum by google (searcing one of my keywords) and when i click on my site from google serp. I went redirect on http://file2store.info.
VB 4.1.11 and vbseo 3.5
Another italian friend has tried to upload vbseo and remove all plugin but the problem is the same.

Whitch is the solution?
Reply With Quote
  #5  
Old 04-04-2012, 06:51 AM
gazza2008 gazza2008 is offline
 
Join Date: Aug 2009
Posts: 29
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I am having the same problem

I think if you upgrade to the vb 4.1.11 patch that might do it

If anyone else has any ideas let me know
Reply With Quote
  #6  
Old 04-04-2012, 12:08 PM
santi00 santi00 is offline
 
Join Date: Mar 2012
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Incredible that a vbulletin has this bug..... there'wes in a last version (vb 3.X) but i hope with the 4.x version the bug was resolved. Now i can see that the bug is always....incredible.
Reply With Quote
  #7  
Old 04-04-2012, 01:16 PM
K a M a L K a M a L is offline
 
Join Date: Jun 2011
Posts: 27
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
santi00 and gazza2008
if you have any of these mods installed (vBActivity, vBShout, Forumon RPG, vBDownloads and vBQuiz)
there is an XSS vulnerability on them
if not there is an Xss vulnerability on Ckeditor , and you should upgrade to latest Patch level
Reply With Quote
  #8  
Old 04-04-2012, 01:39 PM
santi00 santi00 is offline
 
Join Date: Mar 2012
Posts: 6
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I haven't these mods installed and ckeditor.
The proble are in a lot of forum. Incredible because vbulletin is a commercial software.
INCREDIBLE.
Reply With Quote
  #9  
Old 04-04-2012, 01:44 PM
Pandemikk Pandemikk is offline
 
Join Date: Jul 2009
Posts: 292
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I.n.c.r.e.d.i.b.l.e
Reply With Quote
  #10  
Old 04-04-2012, 01:52 PM
K a M a L K a M a L is offline
 
Join Date: Jun 2011
Posts: 27
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Could you give me an infected site url , to check for the reason ?
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 01:35 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04549 seconds
  • Memory Usage 2,245KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete