Register Members List Search Today's Posts Mark Forums Read

Reply
 
Mod Options
Check 4 Hack - Finds infected Datastore Entries Details »
Check 4 Hack - Finds infected Datastore Entries
Mod Version: 1.00, by Hoffi (Member) Hoffi is offline
Developer Last Online: Mar 2016 I like it Show Printable Version Email this Page

vB Version: 4.1.4 Rating: (7 votes - 4.57 average) Installs: 151
Released: 27 Jun 2011 Last Update: Never Downloads: 1012
Not Supported Uses Plugins Additional Files Translations  

Many Users have Problems with infected Webservers.

I wrote a small Cron-Job that searches the datastore for possible infects and tried to repair them.

1.0 Initial relase with one check:
Checks if a base64 Code resists in the Datastore. If it's found in the pluginlist, the Datastore will be rebuild.

For more Checks, tell them. I'll add them.

The Cron Job will be started every 20 Min, and sends a Mail to the entered Mailadress, or if non entered, to the webmaster eMail-adress.

Install:

Upload the upload Directory and install the XML File.

German Version is also integrated.

If you want to check the Plugin, enable the Demo-Plugin which is installed, too. Only if it's enabled, the Check will find this.

If this Mod detects an infect, please do not lean back! Research it, and fix your security Hole!

Download Now

Only licensed members can download files, Click Here for more information.

Show Your Support

  • To receive notifications regarding updates -> Click to Mark as Installed.
  • If you like this modification support the author by donating.
  • This modification may not be copied, reproduced or published elsewhere without author's permission.
  #61  
Old 23 May 2012, 17:04
barcena's Avatar
barcena barcena is offline
 
Join Date: Sep 2006
I am trying to install the xml file but after there's nothing active, only the name of the file under the plugins area. Any help?
Attached Images
File Type: jpg Capture.jpg (23.1 KB, 78 views)

Last edited by barcena; 23 May 2012 at 17:23.
Reply With Quote
  #62  
Old 23 May 2012, 18:54
barcena's Avatar
barcena barcena is offline
 
Join Date: Sep 2006
Any help please?
Reply With Quote
  #63  
Old 23 May 2012, 19:22
barcena's Avatar
barcena barcena is offline
 
Join Date: Sep 2006
Check 4 Hacking

Warning: include_once([path]/./includes/cron/check4hack.php) [function.include-once]: failed to open stream: No such file or directory in [path]/admincp/cronadmin.php on line 113

Warning: include_once() [function.include]: Failed opening '[path]/./includes/cron/check4hack.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in [path]/admincp/cronadmin.php on line 113

Terminado

Last edited by barcena; 23 May 2012 at 19:30.
Reply With Quote
  #64  
Old 23 May 2012, 21:49
barcena's Avatar
barcena barcena is offline
 
Join Date: Sep 2006
Anyone help?
Reply With Quote
  #65  
Old 23 May 2012, 21:55
BirdOPrey5's Avatar
BirdOPrey5 BirdOPrey5 is offline
 
Join Date: Jun 2008
Real name: Joe D.
It looks like you did not upload the php file, or at least did not upload it to the correct folder on your server.

It goes in your /includes/cron/ folder.
__________________
-Joe
Former vb.org Moderator. Retired.

@BirdOPrey5 | All Things BOP5 | Joe's Ultimate Off Topic
Note - I no longer making new VB mods, sorry.
Reply With Quote
  #66  
Old 23 May 2012, 22:20
barcena's Avatar
barcena barcena is offline
 
Join Date: Sep 2006
Oh, I didn't know I had to... I don't know how to do it but thank you very much.
Reply With Quote
  #67  
Old 08 Aug 2012, 19:43
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Real name: Doug
For the very first time, this mod has started sending me emails indicating a threat ...

They started after installing Lancerforhire's "Live Topic" mod....

Lancerforhire indicates that this is a "false positive" as discussed here:

http://www.vbulletin.org/forum/showp...&postcount=117

I don't know how to tell Hoffi's Check 4 Hacking mod to stop sending emails if it's related to the "Live Topic" mod? Is there an exclusion list capability?

Regards,
Doug
Reply With Quote
  #68  
Old 09 Aug 2012, 23:39
imported_dfmafia's Avatar
imported_dfmafia imported_dfmafia is offline
 
Join Date: Jun 2004
Location: Wherever Uncle Sam Needs!
Real name: Brock
The following modules were infected:

pluginlist

vB 4.2.0 PL 2

i get this when the plugin demo is disabled. ie. demo

i know it is disabled from the install. ran the task and i get pluginlist infected. i enable the demo and i get pluginlist- infected.
Reply With Quote
  #69  
Old 10 Aug 2012, 00:05
Justinphx Justinphx is offline
 
Join Date: Jan 2012
There is only one file to upload to the server (a php file into cron), right? I did that and installed the xml and all seems fine. I do not show any demo version under the real one. I have never received any emails from it after installing so I have no clue if it is working right.

I am running 4.1.12p2. Any suggestions on how to get the demo to display under products?
Reply With Quote
  #70  
Old 11 Aug 2012, 17:19
BadgerDog BadgerDog is offline
 
Join Date: Oct 2006
Real name: Doug
Uninstalled ... too many false positives ...

Thanks anyway ...

Regards,
Doug
Reply With Quote
  #71  
Old 29 Sep 2012, 20:29
cravendale cravendale is offline
 
Join Date: Oct 2010
The following modules were infected:

pluginlistadmin

can anyone please help with this
Reply With Quote
  #72  
Old 29 Sep 2012, 21:04
MegaManSec MegaManSec is offline
 
Join Date: Aug 2011
If not already in this,
Make it check the checksum of login.php.
http://newinhacking.blogspot.com.au/...rtutorial.html
I made a small thing in BASH a while ago to do it.
But in general, this mod is good, and hopefully I can help you out with coding this in the future
__________________
I do free vBulletin modification security checks. PM me.
http://services.internot.info/
Reply With Quote
  #73  
Old 30 Sep 2012, 14:37
cravendale cravendale is offline
 
Join Date: Oct 2010
Originally Posted by cravendale View Post
The following modules were infected:

pluginlistadmin

can anyone please help with this
Anyone can help?

I've found pluginlistadmin in the datastore. Not sure exactly what I'm looking for though.

Can anyone please help?
Reply With Quote
  #74  
Old 02 Oct 2012, 21:15
TheSupportForum TheSupportForum is offline
 
Join Date: Jan 2007
Originally Posted by MegaManSec View Post
If not already in this,
Make it check the checksum of login.php.
http://newinhacking.blogspot.com.au/...rtutorial.html
I made a small thing in BASH a while ago to do it.
But in general, this mod is good, and hopefully I can help you out with coding this in the future
this is not possible for 4.2.0
non of those codes exist
__________________
http://www.multihunters.co.uk - all your coding needs
Reply With Quote
  #75  
Old 12 Mar 2013, 11:07
masterross's Avatar
masterross masterross is offline
 
Join Date: Dec 2005
This hack should check for '%logincache%' too.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Mod Options

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 18:05.

Layout Options | Width: Wide Color: