Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #31  
Old 30 Nov 2016, 10:34
mscottralston mscottralston is offline
 
Join Date: Apr 2013
Per the advice in this thread, I'm going to be deleting all plugins, fixing 4.2.0 and upgrading to 4.2.3 this morning; I am under the impression that a very likely culprit here is Yet Another Awards System, a plugin which, when I googled it, came back heavily associated with "SQL Injection."

It's a bit of a shame, though -- apparently we've used YAAS for many years to give badges and whatnot to members of the community. This is a shot in the dark, but does anyone know if those vulnerabilities have been patched by 4.2.3? Is there a good way to similarly overwrite the plugin's files without losing our data on who has what award and so forth?
Reply With Quote
  #32  
Old 30 Nov 2016, 11:24
Paul M's Avatar
Paul M Paul M is offline
 
Join Date: Sep 2004
Real name: Paul M
Originally Posted by mscottralston View Post
This is a shot in the dark, but does anyone know if those vulnerabilities have been patched by 4.2.3?
Official patches will not not do anything for vulnerabilities in addons. as they are their own code.

Only the product developer could fix them.
__________________
Former vBulletin.org Staff Member


Cable Forum
Please do not PM me about custom work - I no longer undertake any.
Note: I will not answer support questions via e-mail or PM - please use the relevant thread or forum.
Reply With Quote
  #33  
Old 30 Nov 2016, 16:46
mscottralston mscottralston is offline
 
Join Date: Apr 2013
Hi folks,

My upgrade from 4.2.0 to 4.2.3 seems to have stalled out at the very first step:

Upgrading to 4.2.3
Status: Processing 4.2.1 Alpha 1, Step 1 of 6

The "upgrade progress" window is completely blank. It's been this way for about twenty minutes. I know that the whole process may take an hour, or hours, but the lack of any visible progress has me a little spooked. Should I be concerned that it's run out of memory or something? (It advised me before I started that there was a way I could do this from the command line if necessary, but not knowing whether or not it would be necessary, I elected to let the script try to process through the browser control panel as normal). Is there a way to cancel out, then retry from the command line?

Thanks!
Reply With Quote
  #34  
Old 30 Nov 2016, 19:15
Dave Dave is offline
 
Join Date: Jun 2010
Real name: Dave
Check the error logs of your web-server or PHP in order to figure out what is causing it to stop.
Cause could vary; out of memory, webhost blocking you automatically because of too many connections to the server, SQL error, etc.
__________________
https://technidev.com - security, development, exploits, vBulletin
dave[at]technidev[dot]com

Contact me for custom vBulletin 3/4 work & server/website management.
Reply With Quote
  #35  
Old 01 Dec 2016, 09:16
RichieBoy67's Avatar
RichieBoy67 RichieBoy67 is offline
 
Join Date: Apr 2004
Real name: Richie
Originally Posted by mscottralston View Post
Hi folks,

My upgrade from 4.2.0 to 4.2.3 seems to have stalled out at the very first step:

Upgrading to 4.2.3
Status: Processing 4.2.1 Alpha 1, Step 1 of 6

The "upgrade progress" window is completely blank. It's been this way for about twenty minutes. I know that the whole process may take an hour, or hours, but the lack of any visible progress has me a little spooked. Should I be concerned that it's run out of memory or something? (It advised me before I started that there was a way I could do this from the command line if necessary, but not knowing whether or not it would be necessary, I elected to let the script try to process through the browser control panel as normal). Is there a way to cancel out, then retry from the command line?

Thanks!
You can just restart the upgrade and it will continue where it left off. yoursite.com/install/upgrade.php
__________________

Let us take care of your forum, seo, seo reports, maintenance, what ever you need.

Reply With Quote
  #36  
Old 11 Dec 2016, 15:57
Budget101 Budget101 is offline
 
Join Date: Jul 2008
Originally Posted by oguzdinc View Post
Hello i have problem with my www.Madenciyim.com

Visitors coming from google search is redirecting to www.myfilestore.com. When they go back to google and come back again going to my website.

What can i do.

I deleted VBSEO plug in. I upgraded my vbulletin on friday but it is still happening.

Here, I'll save you a whole messload of trouble- login to your server.

Go to your MySql Database (the one for your vBulletin install).

Click on search. Type %base64%
click on SELECT ALL

hit "Go".

You will find a large number of base64 codes hidden, most likely within [img] tags from filestore. Remove those. If you have plugins that are using base64- you'd better run a decode and see precisely what they're using it for.

base64-help.jpg

If you look through your files and see picture_inline.php that file is Shell Script installed and is infecting your server/site. ( Picture_inlinemod.php IS legit)
Reply With Quote
  #37  
Old 24 Apr 2018, 13:38
Harley PoMmom Harley PoMmom is offline
 
Join Date: Apr 2018
myfilestore redirect

Getting those redirects from a google search to the forum where I help admin, is there an absolute fix for this issue? We have vbulletin 4.2.5.
Reply With Quote
  #38  
Old 24 Apr 2018, 14:58
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
Cool

Originally Posted by Harley PoMmom View Post
Getting those redirects from a google search to the forum where I help admin, is there an absolute fix for this issue? We have vbulletin 4.2.5.
You can reference these for possible fixes:
https://www.vbulletin.com/forum/foru...lestore72-info

https://clients.urljet.com/knowledge...e123-Hack.html

https://clients.urljet.com/knowledge...version-2.html

With filestore they can insert it many different ways, be sure to check for template edits and also rogue plugins (OR malicious code added at the bottom of a plugin). I've even seen some take the site into debug mode and add the infection to the Master Style before let's hope they didn't do that to you i.e. possibly some script-kiddie using a tutorial and hasn't a clue about things of this nature other than how to read top-to-bottom and clickity-click-click (lol).
__________________
Daddy Does Dios and Figs!
https://www.linkedin.com/in/thelastsuperman - Custom vBulletin Modifications, Styles, and Services.
Need a Host? I recommend URLJet.

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 16:40.

Layout Options | Width: Wide Color: