Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #16  
Old 10 Aug 2014, 19:28
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Correct, so if you see something that has been modified, and you don't remember modifying it, best to check into it.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #17  
Old 10 Aug 2014, 19:30
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Checking them all now, nothing amiss so far.
Reply With Quote
  #18  
Old 10 Aug 2014, 19:32
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
When is the last time you updated TapaTalk, I remember there was a vulneribility in it back in May or so.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #19  
Old 10 Aug 2014, 19:34
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Also have you checked your notices to see if there is anything in there?
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #20  
Old 10 Aug 2014, 19:34
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Under 'Forums' that mod tells me "4 forums contain potentially malicious code" - but I have no idea why or how to check them. All the other warnings seem to be false positives.

I have scanned all files with ClamAV and Sucuri server side scanner, nothing turned up.

--------------- Added 10 Aug 2014 at 19:37 ---------------

Tapatalk is currently the latest version. I upgraded it a few weeks before any of the problems started. Before that I was running an older version of it for a while.

Nothing unusual in notices, only the ones that I made.
Reply With Quote
  #21  
Old 10 Aug 2014, 19:39
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Does it happen to list the forums?
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #22  
Old 10 Aug 2014, 19:41
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Yea it does list the forums. Checking them, it seems to flag the forums that have an HTML link in the forum description. Nothing harmful, just internal links pointing to rules etc.
Reply With Quote
  #23  
Old 10 Aug 2014, 19:45
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
If you allow any group to use even the admin group you should never allow html to be used
Reply With Quote
  #24  
Old 10 Aug 2014, 19:48
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Hmmm, I am at a loss then. Sounds like you might just have to pay someone to clean up your site.

If you decide to go that route, I would suggest, TheLastSuperman, he has done quite a few cleanup's after a hack on boards.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.

Last edited by ozzy47; 10 Aug 2014 at 19:55.
Reply With Quote
  #25  
Old 10 Aug 2014, 19:50
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Originally Posted by ForceHSS View Post
If you allow any group to use even the admin group you should never allow html to be used
Can you explain this more?
Reply With Quote
  #26  
Old 10 Aug 2014, 19:53
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
He is talking about, ACP --> Forums & Moderators --> Forum Manager, in each forum you have a option, Allow HTML that should always be NO

Which I know is not what you were talking about.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #27  
Old 10 Aug 2014, 19:54
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Originally Posted by ozzy47 View Post
Hmmm, I am at a loss then. Sounds like you might just have to pay someone to clean up your site.

If you decide to go that route, I would suggest, TheLastSuperman, he has gone quite a few cleanup's after a hack on boards.
Thanks a lot for your time and help ozzy. I'm at a loss as well.

If it were a vulnerability in VB core, I would expect to find more people posting similar stories. How it's happening on my site is eluding me though.

I think searching the Apache raw access logs may reveal the exploit being used, but I don't know what to search for.
Reply With Quote
  #28  
Old 10 Aug 2014, 19:54
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
There is also a option in each user group that it needs disabled
Reply With Quote
  #29  
Old 10 Aug 2014, 19:55
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Real name: Chris
Yeah I would not be sure what to look for either.
__________________
You can get access to my 180 mods for vB 3.6 - 4.x at The Admin Zone as well as the professional support you are used to. New vBulletin Spider Definitions, vBulletin Spiders List Hits 1000 Spiders! ​ OzzModz down. Site has had a data breach, checking how the intrusion happened. Change your PW if you use the same one on my site and others.
Reply With Quote
  #30  
Old 10 Aug 2014, 19:55
ifitsmedia ifitsmedia is offline
 
Join Date: Jul 2010
Originally Posted by ozzy47 View Post
He is talking about, ACP --> Forums & Moderators --> Forum Manager, in each forum you have a option, Allow HTML that should always be NO

Which I know is not what you were talking about.
Ok, that is set to NO of course.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 02:35.

Layout Options | Width: Wide Color: