Security issue

**Lagaf** · 02-23-2010 06:58 PM

Just want to let you know, that our forum running with vBulletin 3.8 / vBSEO 3.3x got manipulated by an attacker yesterday. Visitors attempting to visit our website via Google where instead redirected to an URL "http://url2short.info/5dfcf739". We lost about 50% of our daily visitors by these circumstances.

After deactivating the add-on vBSEO the problem disappeared within seconds. Then we upgraded to vBSEO 3.5 and everything was fine.

Today additional websites - running with vBSEO 3.3x too - are reporting the same problems, f.e. here:

Been directed to another site instead of the forum - MyP2P Forum

I hope you find a solution soon, that security hole can't be tolerated at all.

Greetings from Germany,

Dominik aka Lagaf
tutorials.de - User helfen Usern: Forum & Hilfe

**Oleg Ignatiuk** · 02-23-2010 08:57 PM

Hello,

please try to uninstall and then reinstall vBSEO xml product file, looks like the plugin code was modified by a malicious script on your server.

It means that the redirect issue is not in vBSEO itself, but some other script has modified vBSEO's plugin code to do that.

**Danny1878** · 02-24-2010 08:15 AM

I have this exact same problem. Absolute nightmare. Oleg could you please explain this in as much detail as you can?;

please try to uninstall and then reinstall vBSEO xml product file,

I;

Admin CP-> Plugin & Products System -> Uninstalled vBSEO
Downloaded a fresh a copy of 3.3.0 from here.
Installed just the vbSEO xml file.

That correct?

**Mert Gökçeimam** · 02-24-2010 09:02 AM

Hello Danny ,

That is correct .

Is there any specific modification you guys installed lately ?

**Danny1878** · 02-24-2010 09:06 AM

Thanks Mert. Appreciated.

No, none at all. It was definitely vbSEO that was causing the issue. I only have a few mods installed and through trial and elimination, vBSEO was the cause. Since following the above, the issue has gone for now.

I would expect an influx of this alert, probably wise to stick a thread...

**Brian Cummiskey** · 02-24-2010 09:13 AM

It looks like you last downloaded (prior to today) before our security alert from last fall:
vBSEO Security Bulletin - vBSEO 3.3.2 Released

Did you have this patch installed?

**Danny1878** · 02-24-2010 09:18 AM

I can't say with 100% confidence sorry Brian. I had an bad experience with vbSEO (no improvement) so neglected the forums.

To be safe I just installed that patch. Thanks

**Brian Cummiskey** · 02-24-2010 09:23 AM

All downloads in the download area are pre-patched.

Odds are, if you weren't patched from this previous exploit, that's likely how they got in. I'd recommend changing EVERY password you have... forums, ftp, email, root, etc on ALL your sites on your server.

**Danny1878** · 02-24-2010 09:30 AM

Will be sure to do that. Changed all passwords I'm able to (cpanel/forums/email/ftp etc etc). I'm assuming I'll also need to inform my server?

Thanks again Brian

- On the surface it may be an idea to patch the downloads in the download area.

**Brian Cummiskey** · 02-24-2010 09:32 AM

Yes, change every password that you can. Who knows what they might have gained access to.

And yes, all downloads have already been updated to include the patches.

**tkam** · 02-26-2010 01:36 PM

I am seeing this exact same thing, it only started after i updated vb 4.01 to 4.02 and vbseo 3.5 rc 2 pre release to the rc2 final. When any pages from my forum show up in google the first time you click the links it re-directs to the url2short.info page. If I go back and click again it takes me to the proper page.

**rolfw** · 02-26-2010 05:46 PM

Had this happen the other day and was told to update to to 3.3.2, did this and it was OK for 3 days, but is now exhibiting the same symptoms, as is our sister site using vb4.02 and vbseo 3.5.0 RC2.

This is not a cache page, caches were cleared.

_http://filestore73.com/download.php?id=AE41AB38

Edit, support ticket was answered on sister site, appears to have stopped doing it now, just going to put in support ticked on my site.

**Oleg Ignatiuk** · 02-26-2010 05:53 PM

Edit, support ticket was answered on sister site, appears to have stopped doing it now, just goint to put in support ticked on my site.

Replied to that ticket - I did not change anything, just re-enabled vBSEO and the issue couldn't be reproduce, hence I supposed the redirected URL was cached on browser side.

**tkam** · 02-26-2010 05:56 PM

i ended up just uninstalling vbseo and re-uploading all the files from a freshly downloaded copy and then reinstalling vbseo. it seems to have fixed the problem and I hope it's a permanent fix because the only response i got to my ticket here is

"if your sure you have the latest files you should change all the passwords you can"

super useful.

**Oleg Ignatiuk** · 02-26-2010 06:07 PM

I would also recommend to check your site for possible malicious files in writable folders as described in:
vBSEO Security Bulletin - vBSEO 3.3.2 Released

and create .htaccess files in those folders: vBSEO Security Bulletin - vBSEO 3.3.2 Released

Security issue

LinkBack

Thread Tools

Display

Security issue

Same problem here

Similar Threads

Security issue with filevbseo_getsitemap.php

Posting Permissions