Originally Posted by GrandPrixSE
It maybe....but it was confirmed on the VB forums that it is a software affected bug...
|
|
09-19-2011
It maybe....but it was confirmed on the VB forums that it is a software affected bug...
09-21-2011
honesty i don't think there is a fix for it yet. Just have to clean the datashare when it happens.
10-11-2011
I just found this link on why the redirects might be happening on some forum sites. It is called mass code injecting that when the forum sites redirect you to a file download site it is putting code on your PC to turn it into a botnet so it can infect other sites as well. It is hit or miss depending how long you stay on the redirected page and if your PC downloads all of the code. If you do become infected your anti-virus wont detect it cause it hides itself as anti-virus program code unless you use something stronger (ie.combo-fix) in order to remove the infection. Here is the link to that explains what the hackers are doing:
h**p--community.websense.com/blogs/securitylabs/archive/2011/04/19/Mass-Injections-Leading-to-g01pack-Exploit-Kit.aspx
Again, just want to stress the word might be cause I found the link and it sounded similar to what could be causing the redirects on some forum sites.
Last edited by moddman; 10-11-2011 at 04:15 AM.
10-27-2011
Guys its back again.......I already sent Rocket a message just in case he didn't know yet......Wish there was a definite fix to end this fiasco that the haxters are trying to accomplish.
10-27-2011
Finally the VBulletin people have figured out the cause of the problem:
With the help of the security people at RealWebHost*dot*net, we have now positively identified the method for injecting this exploit as well as specific vulnerabilities that permitted it on a 3.83, since updated to 3.87 PL2: As it turns out, it was a server configuration and security issue combined with some specific attributes of vBulletin installations which gave the intruder direct access to the MySQL database.
The key is first to check your settings in cPanel for Remote MySQL: Unless you are using a database on a remote server, i.e., NOT on localhost, this setting should say "There are no additional MySQL access hosts configured". If you have a specific database intentionally enabled, that too is okay. What should NEVER be there is the character % - this is a wildcard which allows ALL other servers to connect to the database. If you see the wildcard enabled, DELETE IT.
Then, make sure you change your passwords to strong passwords for both cPanel and MySQL to ensure that no one can change this setting back without your knowledge.
Then, pick any add-on, disable it, then re-enable it to clear the datastore.
Finally, download the file tool_reparse.php from h**p://***vbulletin*dot*org/forum/showthread*dot*php?t=220967 and let it find discrepancies in your compiled templates and rebuild them.
10-28-2011
Figures it's SQL, always have problems with the SQL database at work. Glad there's finally a fix that sounds like it should be permanent. At least until the hackers find a different vulnerability.
05-26-2012
no that was not the fix. it was a datashare issue.
09-20-2013
Attn: Rocket....The redirects are happening again the the google search site redirects to filestore72"dot"info/download.php?id=639f2e60. Hope you can refresh the datashare to fix this again.Thanks bro.
09-20-2013
^^^^^^^I've been getting that crap for awhile now. I'll hit the back button, retry the link then it goes to GPF.
09-20-2013
I am working on it stilldriving me batty here. thought i had it and then i didn't
09-28-2013
Hi Rocket,
I'm a software engineer, I've got working knowledge of php and databases - would you like a hand?
If you want to make the redirect happen, you can open an incognito tab (Chrome) or private browsing session (Firefox) and it should trigger it - or delete your grandprixforums.net cookies.
10-09-2013
I think i have it fixed now. Just a pita as they really knew how to leave so many backdoors back in. I must changed the passwords for the db 20 times over the last few days.
Now i got to figure out why the html/css got off for the menu.
10-10-2013
- vBulletin has advised its customers to delete /install and /core/install directories in versions 4.x and 5.x respectively.
- For vBulletin users not able to delete these directories – it is advised to block access or redirect requests that hit upgrade.php through via either a WAF, or via web server access configuration.
were you able to do that?
| « Previous Thread | Next Thread » |
| Tags for this Thread |
| Bookmarks |
Bookmarks |
