The Arcive of Official vBulletin Modifications Site.

porcupine73 · #1 11-24-2009, 12:42 AM

I spotted this little mess in my web error log and was wondering what the heck it is and if I should be concerned? I am assuming it is an exploit attempt of some sort esp being coming from so many different ip's in such a short time. I haven't seen it since then. If this contains any sensitive infos let me know and I will edit.

Code:

#Fields: date time c-ip c-port s-ip s-port cs-version cs-method cs-uri sc-status s-siteid s-reason s-queuename
2009-11-21 22:31:11 77.88.66.251 58356 74.208.153.95 80 HTTP/1.1 GET /forums/++++++++++++++++++++++++++++++++++++++Result:+%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC+%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8+189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2+nofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,+%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -
2009-11-21 22:31:17 208.69.231.202 56437 74.208.153.95 80 HTTP/1.1 GET /forums/++++++++++++++++++++++++++++++++++++++Result:+%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC+%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8+189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2+nofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,+%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -
2009-11-21 22:31:40 122.166.47.133 56199 74.208.153.95 80 HTTP/1.0 GET /forums/%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2BResult:%2B%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC%2B%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8%2B189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2%2Bnofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,%2B%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -
2009-11-21 22:31:50 203.82.73.198 38963 74.208.153.95 80 HTTP/1.1 GET /forums/%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2BResult:%2B%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC%2B%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8%2B189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2%2Bnofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,%2B%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -
2009-11-21 22:31:55 124.207.129.132 39039 74.208.153.95 80 HTTP/1.1 GET /forums/++++++++++++++++++++++++++++++++++++++Result:+%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC+%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8+189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2+nofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,+%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -
2009-11-21 22:32:06 165.98.133.234 54617 74.208.153.95 80 HTTP/1.0 GET /forums/%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2BResult:%2B%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC%2B%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8%2B189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2%2Bnofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,%2B%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -
2009-11-21 22:32:26 200.196.162.234 58606 74.208.153.95 80 HTTP/1.0 GET /forums/%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2BResult:%2B%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC%2B%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8%2B189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2%2Bnofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,%2B%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -
2009-11-21 22:33:01 220.181.53.231 24356 74.208.153.95 80 HTTP/1.1 GET /forums/%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2BResult:%2B%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC%2B%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8%2B189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2%2Bnofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,%2B%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -
2009-11-21 22:33:03 202.108.50.25 33195 74.208.153.95 80 HTTP/1.1 GET /forums/%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2BResult:%2B%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC%2B%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8%2B189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2%2Bnofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,%2B%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -
2009-11-21 22:33:05 140.122.127.251 40405 74.208.153.95 80 HTTP/1.0 GET /forums/%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2BResult:%2B%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC%2B%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8%2B189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2%2Bnofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,%2B%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -
2009-11-21 22:33:21 123.125.156.145 9509 74.208.153.95 80 HTTP/1.1 GET /forums/%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2B%2BResult:%2B%25C3%25A8%25C3%25B1%25C3%25AF%25C3%25AE%25C3%25AB%25C3%25BC%25C3%25A7%25C3%25B3%25C3%25A5%25C3%25AC%2B%25C3%25AF%25C3%25B0%25C3%25AE%25C3%25AA%25C3%25B1%25C3%25A8%2B189.8.58.59:8080;%25C3%25A7%25C3%25A0%25C3%25B0%25C3%25A5%25C3%25A3%25C3%25A8%25C3%25B1%25C3%25B2%25C3%25B0%25C3%25A8%25C3%25B0%25C3%25AE%25C3%25A2%25C3%25A0%25C3%25AB%25C3%25A8%25C3%25B1%25C3%25BC;%25C3%25A2%25C3%25AE%25C3%25B8%25C3%25AB%25C3%25A8;%25C3%25AF%25C3%25B0%25C3%25A8%25C3%25B1%25C3%25B3%25C3%25B2%25C3%25B1%25C3%25B2%25C3%25A2%25C3%25B3%25C3%25A5%25C3%25B2%2Bnofollow;%25C3%25A2%25C3%25AE%25C3%25A7%25C3%25AC%25C3%25AE%25C3%25A6%25C3%25AD%25C3%25AE,%2B%25C3%25AE%25C3%25B2%25C3%25AF%25C3%25B0%25C3%25A0%25C3%25A2%25C3%25AB%25C3%25A5%25C3%25AD%25C3%25AE; 400 - URL -

s0lidgr0und · #2 11-24-2009, 07:55 AM

They all look like spam attempts. Are you getting spam on your site?

http://www.stopforumspam.com/

imported_silkroad · #3 11-24-2009, 09:36 AM

Quote:

Originally Posted by s0lidgr0und

They all look like spam attempts.

Nothing to do with spam. You are marketing your plugin with this "reply", LOL.

Quote:

Originally Posted by porcupine73

I spotted this little mess in my web error log and was wondering what the heck it is and if I should be concerned?

Looks like probes to check for vulnerabilities in your web server code.

When we see this types of exploit attempts, we (generally) use iptables and block the offending IP address. You can easily write a script to automate this.

Scan log files from a script in your crontab.
Match for exploit patterns from 404 errors, etc. (up to you).
Update iptables with offending IP and block (or confirm first with your human eyes.)

s0lidgr0und · #4 11-24-2009, 09:39 AM

Quote:

Originally Posted by imported_silkroad

You are marketing your plugin with this "reply", LOL.

Strange, since I have no plugin to market.

I googled a few of the IPs and saw they appeared on that site. No hidden agenda.

imported_silkroad · #5 11-24-2009, 09:48 AM

Quote:

Originally Posted by s0lidgr0und

Strange, since I have no plugin to market.

Strange, it looks to an outside observer your reply was to market StopForumSpam, which is in your signature.

I mean, really, most forum jockeys know well that spam does not come to a forum by the way of a URL string with a bunch of seemingly random chars. These types of probes are common.

Did you ever see the one with the ...

Quote:

.............. blah blah ......../../../../.../../../etc/passwd

in your log file?

PS (EDIT): StopForumSpam is great, BTW.... The vB mod that for this is really excellent! It simply has nothing to do with the original posters question!

s0lidgr0und · #6 11-24-2009, 10:11 AM

Quote:

Originally Posted by imported_silkroad

Strange, it looks to an outside observer your reply was to market StopForumSpam, which is in your signature.

Good lord. It's a link I posted from my Google results, not a signature. My forum is listed in my signature, s0lidgr0und.org.

Quote:

Originally Posted by imported_silkroad

I mean, really, most forum jockeys know well that spam does not come to a forum by the way of a URL string with a bunch of seemingly random chars. These types of probes are common.

Did you ever see the one with the ...

in your log file?

Point taken. I didn't actually move the scroll bar over far enough to see the garbage, I focused more on the IP address.

Quote:

Originally Posted by imported_silkroad

PS (EDIT): StopForumSpam is great, BTW.... The vB mod that for this is really excellent! It simply has nothing to do with the original posters question!

I wouldn't know how great it is. I've actually never heard of it. My apologies for adding any thoughts to the guy's question and potentially being able to help him with his question. Lesson learned.

imported_silkroad · #7 11-24-2009, 10:29 AM

Quote:

Originally Posted by s0lidgr0und

My apologies for adding any thoughts to the guy's question and potentially being able to help him with his question. Lesson learned.

No problem.

I don't think anyone minds when people answer other's questions. However, generally it is best to answer when you actually have experience with the problem or the expertise to help.

It just looks funny with someone posts a very off target (complete wrong) answer to a very basic question and provides a link to a site.

If you run a large forum, you will know that this is a common form of forum spam --

Read the forums and then post an "answer" with a link to another site. So, from this seat, your reply seemed like the "real" spam because you posted a link that had zero to do with the original posters question.

How would we know that your link was innocent? In our forums, this type of spam posting is deleted immediately, BTW.

Peace.

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.08751 seconds Memory Usage 2,247KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)ad_showthread_firstpost (1)ad_showthread_firstpost_sig (1)ad_showthread_firstpost_start (1)bbcode_code (9)bbcode_quote (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (7)post_thanks_box (7)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (7)post_thanks_postbit_info (7)postbit (7)postbit_onlinestatus (7)postbit_wrapper (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!