Go Back   vb.org Archive > vBulletin Modifications > vBulletin 4.x Modifications > vBulletin 4.x Add-ons
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Check 4 Hack - Finds infected Datastore Entries Details »»
Check 4 Hack - Finds infected Datastore Entries
Version: 1.00, by Hoffi Hoffi is offline
Developer Last Online: Mar 2016 Show Printable Version Email this Page

Category: Administrative and Maintenance Tools - Version: 4.1.4 Rating:
Released: 06-26-2011 Last Update: Never Installs: 152
Uses Plugins
Additional Files Translations  
No support by the author.

Many Users have Problems with infected Webservers.

I wrote a small Cron-Job that searches the datastore for possible infects and tried to repair them.

1.0 Initial relase with one check:
Checks if a base64 Code resists in the Datastore. If it's found in the pluginlist, the Datastore will be rebuild.

For more Checks, tell them. I'll add them.

The Cron Job will be started every 20 Min, and sends a Mail to the entered Mailadress, or if non entered, to the webmaster eMail-adress.

Install:

Upload the upload Directory and install the XML File.

German Version is also integrated.

If you want to check the Plugin, enable the Demo-Plugin which is installed, too. Only if it's enabled, the Check will find this.

If this Mod detects an infect, please do not lean back! Research it, and fix your security Hole!

Download Now

File Type: zip c4h.zip (2.8 KB, 1147 views)

Show Your Support

  • This modification may not be copied, reproduced or published elsewhere without author's permission.
8 благодарности(ей) от:
djbaxter, fahris, furnival, Lee G, strudinox, TheLastSuperman, Toxic2

Comments
  #52  
Old 03-12-2012, 06:16 PM
baerwurz baerwurz is offline
 
Join Date: Nov 2005
Posts: 61
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Perfect for file2store exploit. Traffic went up. Thanks a lot
Reply With Quote
  #53  
Old 03-16-2012, 11:48 AM
Zighinno Zighinno is offline
 
Join Date: Jun 2007
Posts: 54
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hi, when click on run now the email is: The following modules were infected: pluginlist.

demo is disabled. Why?

Thanks
Reply With Quote
  #54  
Old 03-21-2012, 03:42 PM
furnival furnival is offline
 
Join Date: Mar 2008
Posts: 136
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

This seemed to fix my issue with the file2store exploit. But do I need to rebuild my templates too once in a while I wonder if I had that problem?

Once I disabled a couple of old plug ins I did not get any more security warnings by email. I can't thank the coder of this app enough!

If anyone knows: does rebuilding the datastore slow down my forum for those visitors who visit immediately after it is rebuilt?
Reply With Quote
  #55  
Old 03-22-2012, 09:02 PM
arcab4 arcab4 is offline
 
Join Date: Jun 2002
Posts: 18
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thanks for creating this. been having issues with file2store.info - those bastards.

thanks for the detailed instructions for newbies.
https://vborg.vbsupport.ru/showpost....5&postcount=26
Reply With Quote
  #56  
Old 04-03-2012, 01:43 PM
alex818 alex818 is offline
 
Join Date: Oct 2008
Posts: 30
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The following modules were infected:

pluginlist

what do we do now?
Reply With Quote
  #57  
Old 04-03-2012, 08:25 PM
Baf_Jams Baf_Jams is offline
 
Join Date: Mar 2008
Location: Derby UK
Posts: 106
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by alex818 View Post
The following modules were infected:

pluginlist

what do we do now?

Did you enable the demo plugin to test it?
Reply With Quote
  #58  
Old 04-05-2012, 11:00 PM
DAMINK DAMINK is offline
 
Join Date: Jun 2010
Location: Melbourne Australia
Posts: 301
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Great Mod.
Thankyou for taking the time to create this.
Works perfectly as expected.
Reply With Quote
  #59  
Old 04-19-2012, 03:28 AM
Gadget_Guy Gadget_Guy is offline
 
Join Date: Jun 2010
Posts: 271
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here is something interesting.

I know I am 100% affected by the file2store exploit, however I am getting blank e-mails.

How is this possible?

D.
Reply With Quote
  #60  
Old 04-19-2012, 03:53 AM
DAMINK DAMINK is offline
 
Join Date: Jun 2010
Location: Melbourne Australia
Posts: 301
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Arent blank emails only for the bebug mode?
I thought if it was running properly you get no emails?
Reply With Quote
  #61  
Old 04-20-2012, 07:14 PM
Jhonnyf's Avatar
Jhonnyf Jhonnyf is offline
 
Join Date: Nov 2007
Location: In my mind
Posts: 196
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I think That I found how happen the INJECTION SQL .. I'm testing on a Client and not have problem since 2 days (the day that I do the patch)
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 02:34 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04714 seconds
  • Memory Usage 2,334KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_post
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (11)post_thanks_box
  • (7)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (1)postbit_attachment
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete