The Arcive of Official vBulletin Modifications Site.

Terrablade · #11 06-19-2014, 05:19 PM

I do. Working on it

RichieBoy67 · #12 06-19-2014, 05:33 PM

ok, well the very first thing once you get it up is to scan it for shell scripts, etc.. start with webmaster tools.

I also do text searches on my pc when I have the files to find shell scripts or debase64 code. And if your server has cpanel there is usually a virus scanner that catches most of those scripts.

Max Taxable · #13 06-19-2014, 09:24 PM

Quote:

Originally Posted by Terrablade

It wasnt that Always had them. This happened as soon as I installed those 2 new skins :/

Using "nulled" scripts isn't a very intelligent thing to do. Jus' sayin.

RichieBoy67 · #14 06-19-2014, 10:03 PM

Quote:

Originally Posted by Max Taxable

Using "nulled" scripts isn't a very intelligent thing to do. Jus' sayin.

True,

I cannot tell you how many hacked site I have repaired that were hacked through nulled versions of Vbseo or other scripts. It is not always easy to know though if those sites have a nulled version unless looking for it.

Those scripts though almost always have extra's added... it just may take the guy who put it there some time to find you but he can do so pretty easily with a Google search and then bam...

Max Taxable · #15 06-19-2014, 10:30 PM

Yep, lowlifes who null licensed scripts and software aren't doing it out of a sense of philanthropy.

Terrablade · #16 06-20-2014, 02:47 AM

clamav found nothing on homedir

RichieBoy67 · #17 06-20-2014, 09:00 PM

Well it could just be an extra php file that a virus scanner would not catch. use the suspect versions under maintenance in the admincp and check those files to make sure they either belong to VB or the mods you have.

TheLastSuperman · #18 06-21-2014, 03:09 AM

Quote:

Originally Posted by RichieBoy67

Well it could just be an extra php file that a virus scanner would not catch. use the suspect versions under maintenance in the admincp and check those files to make sure they either belong to VB or the mods you have.

Exactly (cannot catch comment) the issue about that is, some of these files are custom coded per site or revised every so often so if it's a new script chances are your anti-virus is not going to detect it (server level or even your personal anti-virus if you download files from your server to your pc) HOWEVER this is why they have the Suspect Files maintenance tools in the admincp.

On the note of suspect files, you should always compare your vBulletin files to that of the original files within the .zip - What is different?

- Well the only thing that should be different is added files from modifications so simply verify those were not modified, compare your "supposedly stock" vBulletin files to the same files in a fresh copy of the same version you were running and if nothing differs i.e. the vBulletin files match (filesize and upload timestamp/date should all be the same if not within a minute or two of each other, timestamps can help indicate a malicious file too) that of those in the .zip AND all modification file sizes match then what remains? Chances are those are the bad files but remember to clone the directory before making changes or deleting files.

RichieBoy67 · #19 06-21-2014, 04:36 AM

Quote:

Originally Posted by TheLastSuperman

Exactly (cannot catch comment) the issue about that is, some of these files are custom coded per site or revised every so often so if it's a new script chances are your anti-virus is not going to detect it (server level or even your personal anti-virus if you download files from your server to your pc) HOWEVER this is why they have the Suspect Files maintenance tools in the admincp.

On the note of suspect files, you should always compare your vBulletin files to that of the original files within the .zip - What is different?

- Well the only thing that should be different is added files from modifications so simply verify those were not modified, compare your "supposedly stock" vBulletin files to the same files in a fresh copy of the same version you were running and if nothing differs i.e. the vBulletin files match (filesize and upload timestamp/date should all be the same if not within a minute or two of each other, timestamps can help indicate a malicious file too) that of those in the .zip AND all modification file sizes match then what remains? Chances are those are the bad files but remember to clone the directory before making changes or deleting files.

Well said. I see why we call you superman.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.03895 seconds Memory Usage 2,245KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (4)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (9)post_thanks_box (9)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (9)post_thanks_postbit_info (9)postbit (9)postbit_onlinestatus (9)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!