[BigDog56]

Ok, but how does someone without access the the database able to do this to begin with? (Forgive me here, I don't mean to be stupid. But If I don't ask, I won't learn. )

[Zachery]

Originally Posted by BigDog56

Ok, but how does someone without access the the database able to do this to begin with? (Forgive me here, I don't mean to be stupid. But If I don't ask, I won't learn. )

They gain access on the server level, either though another account, or an exploit on a server.

[RTMdotORG]

Originally Posted by Zachery

They gain access on the server level, either though another account, or an exploit on a server.

Will this mod tell us if we have exploits then? im confused...

[Zachery]

Originally Posted by RTMdotORG

Will this mod tell us if we have exploits then? im confused...

No, it will repair the templates for you if you've been defaced by some random hacker group. I released the tool here because I thought people would like to have a tool to help them fix things.

[RTMdotORG]

But if it repairs templates, does it save previous template? basically...

Can it destroy a template just as easy as fix one?

[Link14716]

Here is the explanation behind how the template system and this tool works.

Templates are stored in two ways. There is the unparsed template, which you edit in the Admin CP. It is the template as you know it. Then, there is the parsed template, which is the template after it has been ran through a function to convert things like <if> tags into valid PHP parsable code.

A common method of defacing vBulletin forums is for a hacker to directly edit the parsed version of the template in the database, leaving the unparsed template alone. When you go to edit the template in the Admin CP, you won't see anything different, but the parsed version of the template has changed.

What this tool does is it takes all of the unparsed templates from the database and creates a new parsed version from it. If the newly generated parse is different than the parsed version currently in the database, it will update the template, overwriting the old, probably compromised, parsed template. This process is not "dangerous" in any way. If you run it on a normal, uncompromised forum, you won't see it updating any templates.

[Zachery]

No, it doesn't destory templates.

As explained already in the description, it checks the unprased template agasint the parsed template table. If the two don't match like they should, it takes your unparsed template and re-parses it and inserts it back into the database and removes the defacement.

[RTMdotORG]

Thanks to both of you...

[erel34]

thanks

[RTMdotORG]

Question: If it just rebuilds styles, it didn't find any issues?

[testebr]

Can you make a diagnostic edition where alert user instead to fix?

[Link14716]

Originally Posted by RTMdotORG

Question: If it just rebuilds styles, it didn't find any issues?

Correct.

[Link14716]

Originally Posted by testebr

Can you make a diagnostic edition where alert user instead to fix?

I don't see any reason to. All this does is fix parsed versions of templates that are different than the unparsed version. There is no reason not to ever fix this problem, as it would only happen if the parsed template was directly edited in the database. All a diagnostic version would do is not run the update query, which doesn't help any.

If you run this and no problems are found, it will simply rebuild the styles. If there is a problem found, it will tell you which template it updates.

[SandmaninDubai]

Great fix Zachery!
My Forum was hacked twice & defaced in July & August (hosted by Hostmonster) - you fixed it manually twice (a HUGE thanks from all of here in the UAE) and now, if the nasty extreme muslims try it again this fix will wipe them.
Well done!