vBSEO valid plugins

Is this a valid plugin? I ask because of the typo (capitalized O) in the name:

vBSEO FOrum Admin Save

Code:

if(defined('VBSEO_ENABLED'))
vbseo_complete_sec('forumadmin_update_save');

I had the exploit and the errors but haven't been able to find the plugin which is malicious. Nothing found with either vbseo_checkplugins or version (2)

It is a valid plugin

Idid have the same symptoms of the exploit as others (red links, vB db errors) but can not find an instance of a plugin that shouldn't be there. Is it possible that I had some malicious code inserted without a new plugin showing up?

Hello Eric,

Please see this post: *vBSEO Security Bulletin* All Supported Versions: Patch Release

There's a tool (vbseo_checkplugins2.zip) which will allow you to check your database for malicious/suspicious code. Be sure to rebuild your datastore as well by clicking the "Click here to reset datastore" link.

I mentioned in my first post that I did run vbseo_checkplugins versions 1 and 2 with nothing reported.
I did reimport the vbseo xml file as well as reset my datastore.

My question is still this: Is it possible to have been affected by this exploit without any malicious plugins discovered?

Possibly db errors in your case are related to something else. If you continue receiving many emails though, please open a support ticket with ftp/admincp details and we will check this further.

Thanks. I had the exact same sympotms as the rest and it started around the same time. The Red links which seemed to be a symptom would be pretty coincidental.

I have not had db errors for the past 12 hours but it concerns me that I never found a plugin and all I did was re-import the xml, flush the datastore and import the patched file.

I never really found anything but it went away after performing these steps.

Thanks

This vBSEO plugin also has a typo in the plugin name: vBSEP Delete Thread which makes it suspect to me. Can you verify it is valid?

Code:

if(defined('VBSEO_ENABLED') && VBSEO_ENABLED && VBSEO_LIKE_POST && ($_POST['do'] != 'domergethreads'))
{
    vbseo_extra_inc('ui');
    vBSEO_UI::delete_likes(0, $threadid, VBSEO_UI_THREAD);
}

Yes, that is ok too. Typo and will be fixed in our next release

Originally Posted by melbo

Thanks. I had the exact same sympotms as the rest and it started around the same time. The Red links which seemed to be a symptom would be pretty coincidental.

I have not had db errors for the past 12 hours but it concerns me that I never found a plugin and all I did was re-import the xml, flush the datastore and import the patched file.

I never really found anything but it went away after performing these steps.

Thanks

There were 3 hits that we have seen
2 were plugins
1 attached it self directly into the datestore table itself. Running the flush from version 2 of that script should clear it out and then you'll be ok.

Thanks Brian, Might want to correct this one too:
vBSEO FOrum Admin Save