Go Back   vb.org Archive > Community Discussions > Forum and Server Management
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #31  
Old 10-16-2008, 11:34 PM
Berethorn Berethorn is offline
 
Join Date: Jun 2004
Posts: 69
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Alright. I'll try to beef up the guard.
Reply With Quote
  #32  
Old 10-16-2008, 11:53 PM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I would be curious to see the code they added if you can send me a PM with the encripted code. I am sure it is just an encripted refresh but I will see if I can decript it. I have been studying the enemy for a while and there probably isn't much I can get from the code but I would still like to see it for basic syntax.

You obviously have something they were able to take advantage of to do a sql injection. So, as suggested get the forums upgraded and evaluate your hacks you have added. Also, don't forget to get the automated database backups running as if they did this the hacker could have deleted your entire database as well!
Reply With Quote
  #33  
Old 10-17-2008, 12:08 AM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Ok, guilty as charged... I skimmed a bit...

Here's what I would do:

Make a backup now instead of tinkering w/ the only (although hacked) full version of your database that exist. Make a copy of that and tinker w/ it!

Check the FTP or File Manager for recently modified files or folders and review the code. Also make sure however your vewing the files you have it to where it's not hiding any from your view.

As for restoring a large DB try bigdump.php or SQLyog Enterprise and give it a shot!

S-MAN
Reply With Quote
  #34  
Old 10-17-2008, 12:09 AM
Berethorn Berethorn is offline
 
Join Date: Jun 2004
Posts: 69
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yes, luckily it wasn't a destructive hack; more of an informative one. I'll send it to you in a sec.

Unfortunately I have to pay $60 to renew to download anything above 3.6.8. I don't think it's feasible for me now.
Reply With Quote
  #35  
Old 10-17-2008, 12:26 AM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks for the code and for your reference you should never send code like that unmodified. For example, if you get encrypted code like that if you modify the start of the encrypted code so it is changed...

From: eval(base64_decode('

To: eval(baNOCODEse64_decNOTode('

The code can not be executed! You really have to be careful with encrypted code like that as you never know everything it does until it is decrypted. Luckily, there are tools out there that can decript stuff pretty darned easily anymore.

--------------- Added [DATE]1224207351[/DATE] at [TIME]1224207351[/TIME] ---------------

I decripted the code and it was relatively harmless HTML code. There was nothing in there to log passwords as an example.

I am posting the code here just for the record and so you can see it. That nonsense of letters and numbers when decoded is the code that follows!

PHP Code:
echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">
<!-- saved from url=(0026)http://woot.king-nerd.com/ -->
<HTML 
dir=rtl><HEAD><TITLE>:.: Hacked By ِAb0-Salem :.:</TITLE>
<SCRIPT language=javascript src=\"index4_files/ads.js\"></SCRIPT>

<META http-equiv=Content-Type content=\"text/html; charset=windows-1256\">
<META http-equiv=Content-Language content=en-us>
<STYLE>TABLE.MsoNormalTable {
    FONT-SIZE: 10pt; FONT-FAMILY: \"Times New Roman\"; mso-style-parent: \"\"
}
.page {
    BACKGROUND: #000000; FONT: bold 12pt arial,verdana,helvetica,sans-serif; COLOR: #acacac
}
.vbmenu_popup {
    BORDER-RIGHT: #21728f 1px solid; BORDER-TOP: #21728f 1px solid; BACKGROUND: #000000; FONT: 8pt ms sans serif,arial; BORDER-LEFT: #21728f 1px solid; COLOR: #acacac; BORDER-BOTTOM: #21728f 1px solid
}
.thead {
    FONT-WEIGHT: normal; FONT-SIZE: 8pt; BACKGROUND: #000000 repeat-x left top; COLOR: #ebebeb; FONT-STYLE: normal; FONT-FAMILY: ms sans serif, arial; FONT-VARIANT: normal
}
TD.thead {
    PADDING-RIGHT: 4px; PADDING-LEFT: 4px; PADDING-BOTTOM: 4px; PADDING-TOP: 4px
}
.tborder {
    BACKGROUND: #000000
}
.alt1 {
    BACKGROUND: none transparent scroll repeat 0% 0%; COLOR: #acacac
}
DIV {
    COLOR: #000
}
DIV {
    FONT-FAMILY: arial,sans-serif
}
DIV.Section1 {
    page: Section1
}
</STYLE>
<BGSOUND src=\"\" loop=infinite>
<META content=\"MSHTML 6.00.2900.3314\" name=GENERATOR></HEAD>
<BODY text=#c0c0c0 vLink=#c0c0c0 aLink=#c0c0c0 link=#c0c0c0 bgColor=#000000>
<P></P>&nbsp;
<SCRIPT language=JavaScript> if (document.all){ Cols=15; Cl=24; Cs=50; Ts=12;  Tc='#008800'; Tc1='red'; MnS=25;  MxS=30;  I=Cs; Sp=new Array();S=new Array();Y=new Array(5,6); C=new Array();M=new Array();B=new Array(); RC=new Array();E=new Array();Tcc=new Array(\"x\",\"h\",\"a\",\"h\",1,\"x\"); document.write(\"<div id='Container' style='position:absolute;top:0;left:-\"+Cs+\"'>\"); document.write(\"<div style='position:relative'>\"); for(i=0; i < Cols; i++){ S[i]=I+=Cs; document.write(\"<div id='A' style='position:absolute;top:0;font-family:Arial;font-size:\" +Ts+\"px;left:\"+S[i]+\";width:\"+Ts+\"px;height:0px;color:\"+Tc+\";visibility:hidden'></div>\"); } document.write(\"</div></div>\"); for(j=0; j < Cols; j++){ RC[j]=1+Math.round(Math.random()*Cl);   Y[j]=0; Sp[j]=Math.round(MnS+Math.random()*MxS);  for(i=0; i < RC[j]; i++){ B[i]=''; C[i]=Math.round(Math.random()*1)+' '; M[j]=B[0]+=C[i]; } } function Cycle(){ Container.style.top=window.document.body.scrollTop; for (i=0; i < Cols; i++){ var r = Math.floor(Math.random()*Tcc.length); E[i] = '<font color='+Tc1+'>'+Tcc[r]+'</font>'; Y[i]+=Sp[i]; if (Y[i] > window.document.body.clientHeight){ for(i2=0; i2 < Cols; i2++){ RC[i2]=1+Math.round(Math.random()*Cl);   for(i3=0; i3 < RC[i2]; i3++){ B[i3]=''; C[i3]=Math.round(Math.random()*1)+' '; C[Math.floor(Math.random()*i2)]=' '+' '; M[i]=B[0]+=C[i3]; Y[i]=-Ts*M[i].length/1; A[i].style.visibility='visible'; } Sp[i]=Math.round(MnS+Math.random()*MxS); } } A[i].style.top=Y[i]; A[i].innerHTML=M[i]+' '+E[i]+' '; } setTimeout('Cycle()',50) } Cycle(); } </SCRIPT>

<SCRIPT language=JavaScript> puchtit=\"] Ab0-Salem [\"; letrero2=\"·.¸¸.·´´¯`··._.··.¸¸.·´´¯`··._.··.¸¸.·´´¯\"; letrero1=\"·.¸¸.·´´¯`··._.··.¸¸.·´´¯`··._.··.¸¸.·´´¯\";;ultimo1=letrero1.length-1; ultimo2=letrero2.length-1; tiempo=setTimeout(\"scroll()\",.1); function scroll() { aux1=letrero1.charAt(ultimo1-1); letrero1=aux1+letrero1.substring(0,ultimo1-1); aux2=letrero2.charAt(0); letrero2=letrero2.substring(1,ultimo2+1)+aux2; window.status=\"(\" + letrero2 + puchtit + letrero1 + \")\"; tiempo=setTimeout(\"scroll()\",.1); return true; } // --> </SCRIPT>
 
<DIV style=\"COLOR: #000; FONT-FAMILY: arial,sans-serif\" align=center><SPAN 
style=\"HEIGHT: 30px\">
<DIV class=Section1>
<DIV 
style=\"WIDTH: 900px; COLOR: rgb(0,0,0); FONT-FAMILY: arial,sans-serif; HEIGHT: 374px\" 
align=center>
<TABLE style=\"WIDTH: 90%\" height=500 cellPadding=0 width=\"90%\" border=0>
  <TBODY>
  <TR>
    <TD 
    style=\"BORDER-RIGHT: red 0.75pt solid; PADDING-RIGHT: 0.75pt; BORDER-TOP: red 0.75pt solid; PADDING-LEFT: 0.75pt; FONT-WEIGHT: normal; FONT-SIZE: 14pt; PADDING-BOTTOM: 0.75pt; BORDER-LEFT: red 0.75pt solid; COLOR: rgb(28,176,129); PADDING-TOP: 0.75pt; BORDER-BOTTOM: red 0.75pt solid; FONT-STYLE: normal; FONT-FAMILY: verdana,geneva,lucida,'lucida grande',arial,helvetica,sans-serif; FONT-VARIANT: normal\"></FONT></B></FONT></FONT>
      <P align=center><SPAN lang=ar-sa><B><FONT face=\"Traditional Arabic\" 
      color=#ffffff size=5></FONT></B></SPAN>&nbsp;</P>
      <P dir=ltr align=center><B><FONT face=Verdana color=#e0e0e0>H0 H0, You G0t 
        Defaced<SPAN lang=en-us> Just Be CoOol And Learn</SPAN> 
      !</FONT></B></P><SPAN>
      <P align=center>&nbsp;</P></SPAN>
      <FONT face=\"Arial Narrow\" size=4>
    <P align=center>
    &nbsp;</P><SPAN>
      <P dir=ltr align=center><B><FONT face=Verdana color=#00ff00 
      size=5>&nbsp;</FONT></B><FONT face=Verdana color=#00ff00 
      size=5>[</FONT><B><FONT face=Verdana color=#00ff00 size=5> W3 Do Wh4t w3 
        s4y</FONT></B><FONT face=Verdana color=#00ff00 size=5> ]<SPAN 
      lang=ar-eg>&nbsp; </SPAN></FONT></P>
      <P dir=ltr align=center>&nbsp;</P>
      <P dir=ltr align=center>&nbsp;</P>
      <P dir=ltr align=center><SPAN style=\"TEXT-TRANSFORM: uppercase\"><FONT 
      face=\"Monotype Corsiva\"><SPAN lang=en-us><FONT color=#ffffff size=6>HaCkEd 
        By ;</FONT></SPAN></FONT></SPAN></P>
      <P dir=ltr align=center>&nbsp;</P>
      <P dir=ltr align=center><B><FONT face=Verdana 
      size=5>&nbsp;</FONT></B><FONT face=Verdana color=#999999 
      size=5>[</FONT><B><FONT face=Verdana color=#e0e0e0 size=5> Ab0-Salem 
      </FONT></B><FONT face=Verdana color=#999999 size=5>]</FONT></P>
      <P dir=ltr style=\"TEXT-ALIGN: center\"><FONT face=\"Courier New\" 
      color=#999999 size=4><B>Wh3r3 is The Security Dude ?</B></FONT></P>
      <P dir=ltr style=\"TEXT-ALIGN: center\"><B><FONT face=\"Courier New\" 
      color=#999999 size=4>&nbsp;Yeah, IT Seems Security Doomed to FAILURE 
      </FONT><FONT face=\"Microsoft Sans Serif\" color=#999999 size=4>(^_*) .. 
      </FONT></B></P>
      <P align=center><B><FONT face=Verdana color=#999999 size=2>Just Secure 
        Your Mind , Then Secure Your Site Dude !</FONT></B></P></SPAN>
      <P align=center><SPAN lang=ar-sa><FONT color=#ff00ff 
      size=4>==--===</FONT><FONT size=4><FONT 
      color=#ffff00>--===--===--=</FONT><FONT 
      color=#ff0000>==--===--===</FONT><FONT color=#ffff00>--===--</FONT><FONT 
      color=#008000>===--===--=</FONT></FONT><FONT color=#ffff00 
      size=4>==</FONT></SPAN></P>
      <P dir=ltr style=\"TEXT-ALIGN: center\"><FONT face=Verdana color=#ffffff>W3 
        M4k3 Th!s ++++en N3t</P>
      <P dir=ltr style=\"TEXT-ALIGN: center\">Try To Play With Us And U Will Know 
        The W3 r Th3 G4m3</FONT></P><SPAN>
      <P align=center><SPAN lang=ar-sa><FONT color=#ff00ff 
      size=4>==--===</FONT><FONT size=4><FONT 
      color=#ffff00>--===--===--=</FONT><FONT 
      color=#ff0000>==--===--===</FONT><FONT color=#ffff00>--===--</FONT><FONT 
      color=#008000>===--===--=</FONT></FONT><FONT color=#ffff00 
      size=4>==</FONT></SPAN></P></SPAN>
      <P align=center>&nbsp;</P><SPAN>
      <P dir=ltr align=center><B><FONT face=Verdana 
      size=5>&nbsp;</FONT></B><FONT face=Verdana color=#ff0000 
      size=5>[</FONT><B><FONT face=Verdana color=#e0e0e0 size=5> 
      Ab0-Salem</FONT></B><FONT face=Verdana color=#ff0000 
      size=5>]</FONT></P></SPAN>
      <P align=center><SPAN><FONT face=Verdana color=#ff0000 size=5><A 
      href=\"\"></A></FONT></SPAN></P>
      <P dir=ltr align=center><FONT face=Verdana color=#ff0000 size=5><A 
      ></A></FONT></P><SPAN>
      <P dir=ltr align=center>&nbsp;</P>
      <P dir=ltr align=center>&nbsp;</P></SPAN>
      <P align=center>&nbsp;</P>
      <P dir=rtl style=\"DIRECTION: rtl; unicode-bidi: embed\" align=center><EMBED 
      name=video pluginspage=http://www.real.com/player/ 
      src=http://www.members.lycos.co.uk/sn1p3r/mu/nana.rm width=165 height=62 
      hidden=true type=audio/x-pn-realaudio-plugin loop=\"true\" autostart=\"true\" 
      nojava=\"true\" controls=\"ControlPanel,StatusBar\" maintainaspect=\"false\"> 
      </P></TR></TBODY></TABLE></DIV></DIV></SPAN></DIV></BODY></HTML>
"

Reply With Quote
  #36  
Old 10-17-2008, 12:42 AM
Berethorn Berethorn is offline
 
Join Date: Jun 2004
Posts: 69
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Oh dear, that was clumsy of me.
Reply With Quote
  #37  
Old 11-01-2008, 03:50 AM
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Location: Australia
Posts: 2,469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Quarterbore View Post
...try looking for "REFRESH" or "HTTP-EQUIV"

I know you don't know me but if you would like help I would be glad to try to help but the only I could do that is to get access to your database. I am very curious how they did this for the tool I am coding hence my interest.

EDIT: you are searching like this, right:

%refresh%
%http-equiv%
%index4_files%

I ask as I get hits for the first two and my site is not hacked. But there are not may of them so you can look at them to find the cause.

Also search for this if you are not finding anything...

%base64%
I searched my database for %base64% and found quite a fair few hits but can not determine which are legit or not.

My site got hacked last week and I found a different method to get my templates showing up instead of the hacked version, however i still have a couple of the hacked templates up as I have not had time to change those just yet.

Any idea what table name, or what kind of code i should be looking for more exactly?
Reply With Quote
  #38  
Old 11-03-2008, 06:02 PM
Quarterbore Quarterbore is offline
 
Join Date: Mar 2005
Location: Valley Forge PA
Posts: 538
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

There shouldn't be any base 64 scripts in your forums
Reply With Quote
  #39  
Old 11-04-2008, 01:31 AM
puertoblack2003's Avatar
puertoblack2003 puertoblack2003 is offline
 
Join Date: Aug 2005
Location: Philadelphia
Posts: 1,073
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

how is that even embed? is it a mod badly written?
Reply With Quote
  #40  
Old 11-05-2008, 06:07 AM
Hornstar Hornstar is offline
 
Join Date: Jun 2005
Location: Australia
Posts: 2,469
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Quarterbore View Post
There shouldn't be any base 64 scripts in your forums
What should I do?

Search results for "%base64%" at least one of the words:
2 match(es) inside table vb3_datastore
4 match(es) inside table vb3_plugin
2 match(es) inside table vb3_pmtext
4 match(es) inside table vb3_post
3 match(es) inside table vb3_postedithistory
1 match(es) inside table vb3_postparsed
1 match(es) inside table vb3_word

Total: 17

Example: Table: vb3_word

Code:

Code:
     SQL query:        SELECT  * 
FROM  `***_***`.`vb3_word` 
WHERE ( `wordid`  LIKE  '%%base64%%'
OR  `title`  LIKE CONVERT( _utf8 '%%base64%%'
USING latin1 ) 
COLLATE latin1_swedish_ci
)
LIMIT 0 , 30

Wordid: 57647
title:
base64


Example: table vb3_plugin
Code:
     SQL query:        SELECT  * 
FROM  `***_***`.`vb3_plugin` 
WHERE ( `pluginid`  LIKE  '%%base64%%'
OR  `title`  LIKE CONVERT( _utf8 '%%base64%%'
USING latin1 ) 
COLLATE latin1_swedish_ci
OR  `hookname`  LIKE CONVERT( _utf8 '%%base64%%'
USING latin1 ) 
COLLATE latin1_swedish_ci
OR  `phpcode`  LIKE CONVERT( _utf8 '%%base64%%'
USING latin1 ) 
COLLATE latin1_swedish_ci
OR  `product`  LIKE CONVERT( _utf8 '%%base64%%'
USING latin1 ) 
COLLATE latin1_swedish_ci
OR  `devkey`  LIKE CONVERT( _utf8 '%%base64%%'
USING latin1 ) 
COLLATE latin1_swedish_ci
OR  `active`  LIKE  '%%base64%%'
OR  `executionorder`  LIKE  '%%base64%%'
)
LIMIT 0 , 30
Code:
$attachpatch_patchfirstpost = array ();
global $foruminfo, $vbulletin;

if (!empty ($vbulletin->options['attachpatch_patchfirstpost'])) {
    $attachpatch_patchfirstpost = preg_replace ('/[^0-9,]*/', '', $vbulletin->options['attachpatch_patchfirstpost']);
    $attachpatch_patchfirstpost = explode (',', $attachpatch_patchfirstpost);
}

if
(
    $vbulletin->options['attachpatch_enable'] 
    AND 
    (
        in_array($foruminfo['forumid'], $attachpatch_patchfirstpost)
        OR
        $vbulletin->options['attachpatch_patchfirstpost'] == -1
    )
    AND
    $post['parentid'] == 0
)
{
    if (!isset ($attachpatchinfo))
    {
        // initialize my variables
        $attachpatchinfo = array ();
        $attachpatchinfo['mycounter'] = 0;    // counts loop iterations
        $attachpatchinfo['combinedfilesize'] = 0;
        $attachpatchinfo['moderatedattachments'] = '';
        $attachpatchinfo['showmoderatedattachments'] = false;
        $attachpatchinfo['visibleattachments'] = false;
        $attachpatchinfo['attachmentids'] = array ();
        $attachpatchinfo['dateline'] = 0;
        $attachpatchinfo['counter'] = 0;    // this is the vB download counter for the attachment
    }

    // count attachments to know the last time we go thru the loop
    ++$attachpatchinfo['mycounter'];

    if ($attachment['visible'])
    {
        // do the necessary stuff from the original loop in the function
        // skip the various built-in vb templates (image/thumbnail etc)
        if (THIS_SCRIPT == 'external')
        {
            $attachment['counter'] = $vbphrase['n_a'];
            $show['views'] = false;
        }
        else
        {
            $show['views'] = true;
        }

        // remember that there is at least one visible (not moderated) attachment
        $attachpatchinfo['visibleattachments'] = true;  

        // add up total filesize of non-moderated attachmentes
        $attachpatchinfo['combinedfilesize'] += $attachment['filesize_real'];

        // save the attachment ids, dateline & counter to output in the template
        $attachpatchinfo['attachmentids'][] = $attachment['attachmentid'];
        $attachpatchinfo['dateline'] = $attachment['dateline']; // dateline & counter will end up being that of the 
        $attachpatchinfo['counter'] = $attachment['counter'];   // last attachment, but that should suffice.
    }
    else
    {
        // do default vb moderated attachments (but save 'em to our variable)
        eval('$attachpatchinfo[\'moderatedattachments\'] .= "' . fetch_template('postbit_attachmentmoderated') . '";');
        $attachpatchinfo['showmoderatedattachments'] = true;
    }

    // set to false so that the vB original loop does less
    // it does a moderated attachment instead of the real ones.
    // which will have to be erased later.
    $attachment['visible'] = false;

    // last time thru the loop, save the info for later.
    if ($attachpatchinfo['mycounter'] == $attachcount)
    {
        // format the filesize nicely
        $attachpatchinfo['combinedfilesizepretty'] = vb_number_format($attachpatchinfo['combinedfilesize'], 1, true);

        // save the whole she-bang for the next plugin.
        $this->post['attachpatchinfo'] = $attachpatchinfo;

        // we know there's at least on visible (not moderated) attachment
        if ($attachpatchinfo['visibleattachments'])
        {
            $attachpatchinfo['attachmentids'] = implode(',', $attachpatchinfo['attachmentids']);
            
            global $threadinfo;
            $attachpatchinfo['encodedthreadtitle'] = urlencode(base64_encode($threadinfo['title']));
            
            // process all attachments thru the postbit_attachmentszippedtogether template
            // do it here at the end, so it only gets done once.
            eval('$this->post[\'otherattachments\'] .= "' . fetch_template('postbit_attachmentszippedtogether') . '";');
            $show['otherattachment'] = true;
        }
    }
}
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:43 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04392 seconds
  • Memory Usage 2,326KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (4)bbcode_code
  • (1)bbcode_php
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (10)post_thanks_box
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete