Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page 4.2.1 PL1 hacked, what to look for in logs
FAQ Community Calendar Today's Posts Search

Reply
Page 3 of 5 12 3 45
 
Thread Tools Display Modes
  #21  
Old 08-10-2014, 06:39 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Does it happen to list the forums?
Reply With Quote
  #22  
Old 08-10-2014, 06:41 PM
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Posts: 102
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yea it does list the forums. Checking them, it seems to flag the forums that have an HTML link in the forum description. Nothing harmful, just internal links pointing to rules etc.
Reply With Quote
  #23  
Old 08-10-2014, 06:45 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
If you allow any group to use even the admin group you should never allow html to be used
Reply With Quote
  #24  
Old 08-10-2014, 06:48 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Hmmm, I am at a loss then. Sounds like you might just have to pay someone to clean up your site.

If you decide to go that route, I would suggest, TheLastSuperman, he has done quite a few cleanup's after a hack on boards.
Reply With Quote
  #25  
Old 08-10-2014, 06:50 PM
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Posts: 102
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by ForceHSS View Post
If you allow any group to use even the admin group you should never allow html to be used
Can you explain this more?
Reply With Quote
  #26  
Old 08-10-2014, 06:53 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
He is talking about, ACP --> Forums & Moderators --> Forum Manager, in each forum you have a option, Allow HTML that should always be NO

Which I know is not what you were talking about.
Reply With Quote
  #27  
Old 08-10-2014, 06:54 PM
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Posts: 102
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by ozzy47 View Post
Hmmm, I am at a loss then. Sounds like you might just have to pay someone to clean up your site.

If you decide to go that route, I would suggest, TheLastSuperman, he has gone quite a few cleanup's after a hack on boards.
Thanks a lot for your time and help ozzy. I'm at a loss as well.

If it were a vulnerability in VB core, I would expect to find more people posting similar stories. How it's happening on my site is eluding me though.

I think searching the Apache raw access logs may reveal the exploit being used, but I don't know what to search for.
Reply With Quote
  #28  
Old 08-10-2014, 06:54 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
There is also a option in each user group that it needs disabled
Reply With Quote
  #29  
Old 08-10-2014, 06:55 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Yeah I would not be sure what to look for either.
Reply With Quote
  #30  
Old 08-10-2014, 06:55 PM
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Posts: 102
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by ozzy47 View Post
He is talking about, ACP --> Forums & Moderators --> Forum Manager, in each forum you have a option, Allow HTML that should always be NO

Which I know is not what you were talking about.
Ok, that is set to NO of course.
Reply With Quote
Reply
Page 3 of 5 12 3 45

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 06:16 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04115 seconds
  • Memory Usage 2,252KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete