Security issue

Thank for your support

I have this problem as well. I need help tracking it down. I am completely lost.

in your plugin manager, check the global_start hook plugins for rogue code. go back a few pages and theres a screen shot tutorial.

I did that, I don't see it in any of the global_start files, if I am supposed to look at the page that shows when you click edit.

I deleted all of my old plugins, all the old things for 3.8 before I started looking to make less for me to search. Could it have launched thru one of those even if they were disabled?

Hi,
what i see on my forum.
Disable the plugin System global: The Problem gone away
Enable the plugin System global: The problem is back again.

So i think the datastore cache is not rebuild with this action.
If you re import one plugin the datastrore will be rebuild.

On more idea:
If you check the "last update" Date for the Plugin Table you might see changes.

Christian

I don't have a plugin called System global. Can you dumb this down a bit and tell me where to find these things you are talking about? I submitted a ticket but it appears no one has looked at it for me yet.

This has absolutely killed my site and months of search engine ranking is gone. It started before I ever upgraded and I thought I had a virus on my computer. Something called a "google redirect virus" so I cleaned up my system. The issue in post 153 is exactly the same as my problem. So it doesn't redirect every click. Just the first click so you lose every single person that googles one search term and would have found you but gets redirected instead. I am physically ill over this, I have lost a huge amount of income from this after paying so much to update my site thinking it would help the problem. To shell out this much money to help your site only to lose more is heartbreaking. I don't know what's causing it, or who's software is at fault, I just know I have paid for something and it has not only failed me but it seems to have destroyed all I have worked for.

I think I am getting hit every time I have added something new if that supposedly fixes it. I have a post over at VB.com asking for help because I discovered a user online with a foreign IP address using one of my Admin's name. The Admin told me they weren't trying to log in at all, so I have been trying to investigate and discovered the redirect is still happening.

Hi,
How to find the plugin you see on:
http://www.vbseo.com/f3/security-iss...tml#post262135

If its about Food Network Fans - Welcome to Food Network Fans this one looks clear at least on this problem.
But this might use for other bad things in the plugins.

Anyway, please read:
Forum new XSS vulnerability [4.0.2 PL 1] we are affected?

I can not say if this is also important for vB3 but i think Paul M has a good knowledge, i would follow his recommendations.

Christian

Well I did all the things I could find here so maybe it helped to fix it, but the damage is done. My search engine ranking has dropped tremendously before I figured out there was a problem.

I uninstalled a lot of old plugins last night, would that have cleared the datastore as well as adding something new?

Originally Posted by FoodTVFan

My search engine ranking has dropped tremendously before I figured out there was a problem.

Yes on my site two. I think it is an penalty from Google.
The results are still there but Google put them back.
We can only wait and hope Google will remove the penalty son.

Christian

This could be helpful:
http://www.google.com/support/webmas...er=35843&hl=en

I wish you luck and I thank you for your help.

Originally Posted by CThiessen

Hi,
it is vBulletin related but it is not in the files its stored in the database:
You need to go to your AdminCP:
Entra - JustOverclock.com - vBulletin Pannello Admin

and then - Text in Italian or English?:
Attachment 6987

Greetings
Christian

is this for vb4 ? i can't figure out how to look at this globals thing on 3.8 - any advice? thanks

Why are people changing the userid 1 for admin to normal user so the admin isn't on userid 1.
That makes no sense to me. A hacker can just go to showgroups.php or any announcement forum and find the admin that way anyway, and have their userid. It's not adding security, it's redirecting it. It's like having the frontdoor in the back .. if it's unlocked they can still enter it ..

Hi,
yes only changing the ID do´s not help.

I ever had 2 Administrator´s.
One Administrative Admin with my full name to show Userers an Guest how i am. This one is in the User Group Administrators, visible in the showgroups.php but have only restricted rights.
Only what is necessary for the Day by Day work.

And one Maintenance Admin, this was the #1 an this one i changed.
He is in a different Group, Administrator - Yes but not viable in showgroups.php
Only this one has the rights to deal with the software.

Greetings
Christian

Help! My forum was hacked. I disabled VBSEO, uploaded and overwrote the plugin XML, and reenabled VBSEO. Everything is working... but when you click a forum topic, it generates a HTTP 500 Internal Server Error!

BigBlueBall Forums click on any topic to see what I mean.

Any suggestions?