If you keep getting multiple email notifications, please open a ticket with admincp access to check this.
This is a discussion on FAQ's on the Rogue Plugins Exploit (1/23 vBSEO Patch Release) within the vBSEO Announcements forums, part of the Announcements & Pre-Sales category; If you keep getting multiple email notifications, please open a ticket with admincp access to check this....
Yes, I get still get email notifications. Ticket is opened (8168-WETZ-2177).
We are sorry but that redirect thing has nothing to do with vBSEO.
It is directly related to server security
Users who don't use vBSEO are effected with this. You need to contact your host and increase security on your files especially writable files.
Mert Gökçeimam / Crawlability Inc.
Did I miss the thread that now says ITS UP TO YOU !
thanks for your support vbseo
The exploit explained in these FAQ posts is a whole different thing from the issue you are having with file2store. Our sincerest apologies if we did not explain to you in a clearly manner what the issue is and how to fix it.
Coming back to topic, it looks like that your site got hit by another security issue that has surfaced on 2010 (which also has affected several vBulletin instances without vBSEO). Details about what it does and how to get rid of it can be found in these threads:
We've updated our detection plugin (vbseo_checkplugins4.zip) with a few tools that allow you to scan your database for this specific issue as well, so that it can be easier for you to debug which are the rogue plugins and what to do with your datastore. This may have led to confusions, but the exploit Juan has explained in this thread is not the same that affects your site.
I hope that is clear now. If not and you still have any questions, please don't hesitate to let us know.
I'm confused... I'm running vbSEO 3.6.0 on two of my sites with vB 4.1.9 and I got hit with the file2store issue on both sites. How is it possible that this is related to an issue from 2010 and not the current vBseo issue? I used the check plugins tool to clear the datastore and patched vbSEO as well as changed all passwords and everything seems okay now. Do I still need to worry and more importantly do I need to waste my time reading 20+ pages of a thread from 2010...
The vBSEO hack was only very recent and didn't include the filestore issue.
If you had the filestore issue then you need to foloow the advice in the threads linked to. As more than likely folder permissions are the culprit and not vBSEO
Also, if you have the file2store issue and it keeps reappearing after you flush the datastore, you need to change all your server, MySQL, and admin passwords immediately... you have a back door open.
And, as has been said, this is entirely unrelated to the vBSEO exploit, occurs on forums with or without vBSEO, and first surfaced in 2010 (hence the 2010 reference above). Do a search at vBulletin.com and you'll find several threads on the topic.
Hi, the link to the testing utility does not seem to work anymore.
Is there an updated version?
Thanks for the reply. I have just started as webmaster on a vBulletin forum that does have a licence. pardon my ignorance but is there something I need to do with my login (similar to the VBulletin support forums) to let me access the file?
We got an anonymous email saying we were effected, however our Systems Admin is unable to locate the issue.
How can we test our site for this issue?someone hacked a lot of forums lately with URL123.INFO Making long links shorter injection code somewhere in a php file.
yours is affected too
You can try the testing utility from post #3 in this thread: http://www.vbseo.com/f5/faqs-rogue-p...62/#post326304
I have done all the security updates run the plugin check
changed passwords for everything disabled all plugins that are not being used and the ones that I need to run the site I have checked and tested.
I have rest the datastore.
To reset the datastore can it be done after you have run the plugin exploit checker? or is there another way to do this
So I have done everything and still no good
My forum traffic is still bad
It was about 1000+ per day now it is about 70+
I have been working on this for the last 2 weeks everyday, can't get support from anyone but my hosting provider
and they have been great.
I cant see what to do next!
With the help of the security people at RealWebHost.net, we have now positively identified the method for injecting this exploit as well as specific vulnerabilities that permitted it on a 3.83, since updated to 3.87 PL2: As it turns out, it was a server configuration and security issue combined with some specific attributes of vBulletin installations which gave the intruder direct access to the MySQL database.
The key is first to check your settings in cPanel for Remote MySQL: Unless you are using a database on a remote server, i.e., NOT on localhost, this setting should say "There are no additional MySQL access hosts configured". If you have a specific database intentionally enabled, that too is okay. What should NEVER be there is the character % - this is a wildcard which allows ALL other servers to connect to the database. If you see the wildcard enabled, DELETE IT.
Then, make sure you change your passwords to strong passwords for both cPanel and MySQL to ensure that no one can change this setting back without your knowledge.
Then, pick any add-on, disable it, then re-enable it to clear the datastore.
Finally, download the file tool_reparse.php from Fix-it: Template Edition - vBulletin.org Forum and let it find discrepancies in your compiled templates and rebuild them. |