The DoS attack and NYSpeed actually infecting people with malware are two separate issues
Yall shouldn’t have posted links to The Interview. Now we must all pay.
TBH, unless you’re interested in buying a siqqq vintage cycle or checking out Drew’s build, this site has died. I remember logging in and having two pages of threads to read and now it’s nothing more than a craigslist dumping ground. It’s sad, because this used to be awesome.
Everyone is busy posting about mini vans and home builds.
we’re all growns up
So now I google nyspeed and it directed me to boobies!
That sounds like a good problem to have
If you guys can’t fix it I know a guy who does security stuff
price please…
srsly
srsly… need fixed ASAP… this is redic…
had like 10 people all over me about this today
It’s def not a good look to leave it be. Considering LZ’s been harping in this on & off for quite some time…shocked it’s only 10 people and they took this long to bitch.
It’s been fixed several times but keeps coming back.
If this was your basic vB forum setup we’d probably be rid of it by now.
We have this as well as other projects out for bid and we’ll find a fix eventually.
It was interesting reading through all the diagnostic stages in that thread LZ posted. Seems like a pretty persistent bunch of MF’s hitting Vbull sites.
I’m personally frustrated with vB in general. If it wasn’t this it would be something else it seems.
If you want me to take a look and tell you what needs to be secured let me know I will have free time in a week.
- This hack is done by adding malicious code into one of the existing plugins in the manager; you will have to physically go through each plugin and see if malicious code has been appended (usually at the bottom, scroll all the way down).
- This hack can be done by adding a brand new plugin containing malicious code.
*NOTE! The code is typically encoded and appears like a bunch of random ascii characters - (it’s base64 multiple)
- HTACCESS your admincp panel - there are multiple guides for this, here is one - or you can ask your ISP to do it for you;http://www.elated.com/articles/passw…with-htaccess/
So from the google results, the first page it goes to is .\content.php
Avast picked up the redirect issue before I even clicked the link.
Sounds like some injected code in a plugin somewhere.
http://club.myce.com/f20/vbulletin-myfilestore-hack-find-traces-remove-them-332219/
Read that thread LZ posted…it was interesting how the participants worked through the breach.
Was the OP in that an actual security guy? The steps don’t seem that methodical (not that they have to be).
They keep referencing “hackers” which I think is a bit misleading. I’m not really sure a guy sitting behind a desk somewhere is pulling all the strings on your forum. Seems more like a driveby exploit.
VBSeo and a few other things are vulnerable to code injection.
tgpsr or whoever can keep removing the injected code but until you mitigate whatever vulnerability is being leveraged it’s going to keep happening.
It would be nice to see the web server logs and see what modules/etc the forum is running.
Alright it SHOULD be fixed. Anyone care to test it?
