Correcting Vb problems

[Bladed]

Here is my latest problem repairing the damage from the hacking.



--------------- Added [DATE]1383915917[/DATE] at [TIME]1383915917[/TIME] ---------------

Well I'm back to blank pages again, same script keeps showing up as malware, even after I delete it and load new templates and styles.

[ozzy47]

So you have followed all the instructions in the following links thoroughly, and are still having issues?

Then please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

Also please see these recent security announcements:

vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

[tbworld]

Please make sure you pay attention to section 7. I have found many users rush over this section and end up reinfecting their site.

Step 7, Final Cleanups:

Lastly, sometimes malicious hackers will do much more simple things, like edit your templates, notices, announcements, user titles, etc. Depending on what they’ve done, will require you to go and clean up each.

Check your notices, AdminCP > Notices > Notice Manager, make sure everything looks correct.

Check your Announcements, AdminCP > Announcements > Announcement Manager, make sure everything here looks correct.

Check your templates, this can be tricky, but a quick fix would be to add a new style, AdminCP > Styles & Templates > Style Manager > add New Style, then go into the Settings > Options > Style & Language Settings and set it as the new default style. You can then take the time to fix your old styles, or remove them. You’ll have to manually review any customized templates in your style, and make sure they haven’t been modified.

You should also re-import the master style, if you didn’t already run the upgrader. AdminCP > Styles & Templates > Download / Upload Styles, you’ll need to browse and choose the master vbulletin-style.xml from your local vBulletin zip package files, then import it.

Next, check your Ads, AdminCP > Ads > Ad Manager, make sure all of the ads still have your ad code in them.

After that, you’d also want to do a quick review of your usergroup permissions, and user titles: AdminCP > Usergroups > Usergroup Manager, edit each usergroup and double check their permissions. Then check the user titles, AdminCP > Users Titles > User Title Manager. You should also check ranks, AdminCP > User Ranks > User Rank Manager

[Bladed]

Here's my new plan. I'm going to search the DB one more time.
For any references to malware.
Delete the install and run the up-grade again with all clean files.
While I realize this is a rather brutal method of fixing it, my patience has gotten thin over the last week of fighting this. This should make sure I don't miss any files that are damaged or missing.

[tbworld]

The order in which you attack the problem is important. Backing up between major steps will save you a ton of time when you are learning how to do this.

Scripting languages will always be a target of some kind of code injection. What you are learning from all this will serve you well in the future. Unfortunately, you are just paying your dues in running a forum. The more popular a script is the larger the target. WordPress has had a huge problem with this.

You will get through this if you take the steps seriously.

[Bladed]

OK, my plan worked. My forum is back up, however I do have some visual problems. Minor, but I don't know which variables I need to change to fix it.

--------------- Added [DATE]1383979545[/DATE] at [TIME]1383979545[/TIME] ---------------

My editor box sprites show up in the default template, but not the other ones.

--------------- Added [DATE]1383979602[/DATE] at [TIME]1383979602[/TIME] ---------------

And the nav bar in the new templates are screwed up.

[tbworld]

Styles of course vary from version to version. So if you are running an old style on a new version of vBulletin you might see some small HTML/CSS/JavasScript problems. Especially, if template changes are included in the add-on style: this will adversely affect things after an upgrade which included template changes.

I am a bit concerned that you loaded your old styles back into the board. Have you done a comprehensive check on each template for rogue code? You would be much better off starting with a new style from a known source or restyling the standard vBulletin 4.2.2 style using stylevars.

I am glad to see you are making progress. Good job!

[Bladed]

No I didn't load the old styles back. I deleted those completely.

--------------- Added [DATE]1383983488[/DATE] at [TIME]1383983488[/TIME] ---------------

I figure the template problem is due to there not being very many templates for VB 4.2.2

--------------- Added [DATE]1383983560[/DATE] at [TIME]1383983560[/TIME] ---------------

In fact I saved all the posts, threads and data. We are no longer flagged for malware by google either.

[tbworld]

Quote:

Originally Posted by Bladed

No I didn't load the old styles back. I deleted those completely.

This is good!

if you are currently not running any "mods" and the new styles you loaded are compatible with v4.2.2 you should not have any problems with the editor.

Quote:

I figure the template problem is due to there not being very many templates for VB 4.2.2

I am not sure what you are saying here. Sorry.

Quote:

In fact I saved all the posts, threads and data. We are no longer flagged for malware by google either.

Excellent, you will be glad you saved your threads. A forum without any content has a tough time.

[Bladed]

Quote:

Originally Posted by tbworld

I am not sure what you are saying here. Sorry.

Basically most of the templates I looked at and the new one I uploaded were designed for 4.1.x, not 4.2.2, so here are some visual problems like sprites not showing up on the editor, and the "nav bar ?" I think it is at the top below the logo is a bit messed up.