This is a discussion on Security issue within the Bug Reporting forums, part of the vBSEO SEO Plugin category; Still the case? Originally Posted by Brian Cummiskey No one ( vbseo , vbulletin) is 100% sure where or how ...
Another question, what does this mean?
"update all your passwords to take advantage for the 3 to 30 character password salt"
vb changed the way they salt passwords. But its only going into effect after that version update (i forget which version it is now). So, you need to update your password so it gets encrypted siwth higher security. If you don't change the password, it will still use the 3-character salt.
it's like 32bit vs 128 bit SSL... it's more secure against brute-force.
Also, what is Vbulletins stance on this? They deny any possible expolit in their system?
Wait a minute, here is their reply
vBSEO is a third-party add-on than we do not provide or support. You will have to contact them about this.
Also I have no idea how long it takes Google to change your status. ou should contact them.
No logs provided any 'fingers' at a hole in software/code on any core (vb) or plugin (vbseo). It appears by all cases to be a raw server exploit in which they were able to upload a script which gereated them user/passwords of admins, and then they freely went to town with whatever they wanted to do, including covering their tracks.
rogue code is that which is not part of default vb or vbseo codebase, generally encrypted in some fashion using base64 decoders. it can be anything.
Global start hooks on EVERY page. it's the easiest hook location to effect the entire site.
I've the same problem on my forum.
vBseo 3.3.2 and vBulletin 3.8.5.
Hi! I have the problem on my site. I've a redirect to http://myfilestore.cometc
Is the second time that appears.
If you find my site "cionfs" in google and if you click on "forum" from result of google, you'll be redirect in http://myfilestore.com/download.php/
I've reimported my vbseo plugin and I solve it. Appears to be a boring thing to do every time.
How can I solve this problem permanently?
I set the password on admincp by htaccess and htpassword.
Were infected the posts, not plugins.
I had to reimport vBSEO again. This time it was infected vb_Datastore -> pluginlist
The problem is solved again re-importing vBSEO.
At this point I would not exclude that this is a bug of vBSEO.
It happened again....
If you have any log files that oultline your attack, please submit them via ticket.
Also, if you didn't change EVERY password to EVERY thing after the first exploit, they likely simply re-used the same login as the first time to do it all over again.