Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 26 Nov 2020, 22:12
hunter1985 hunter1985 is offline
 
Join Date: Oct 2012
Real name: Ryan
[4.2.5] Clientscript Malware

Hello my website appears to have security issues from using vBulletin 4.2.5, those javascript files appears to be needing updated or fixed before things gets worse

https://sitecheck.sucuri.net/results/apg-clan.org
__________________
https://apg-clan.org/

Last edited by hunter1985; 26 Nov 2020 at 22:18.
Reply With Quote
  #2  
Old 26 Nov 2020, 23:27
yilmaz's Avatar
yilmaz yilmaz is offline
 
Join Date: Sep 2004
Re-upload files in clientscript folder to ftp
__________________
Donations always appreciated.
vByilmaz.com
vBulletin-forum.de
Nobody has a monopoly on vBulletin templates. Stay away from selfish, self-righteous and parasitic.
Reply With Quote
  #3  
Old 01 Dec 2022, 15:13
marikko marikko is offline
 
Join Date: Jul 2020
I have the same issue. Somebody is altering files like /clientscript/vbulletin_md5.js
with some redirecting / malware code.

Any tipps on how to fix this? How can they even access my files?

I did reupload all the clientscript files and this fixes it, but one or two weeks later the malware stuff is back and the files were altered again by some hacker...

Already changed all passwords, added htaccess etc. but it does not help.
Reply With Quote
  #4  
Old 01 Dec 2022, 17:32
Hostboard's Avatar
Hostboard Hostboard is offline
 
Join Date: May 2002
Real name: Steven
You really should re-upload ALL the vBulletin files, change all your passwords (vBulletin, hosting, FTP, etc.) Also check who belongs to the admin group and make sure no one is there that is not supposed to be.
__________________
-----------------------------------------------------------
Running custom version of vBulletin based on v4.2.5
PHP 7.4.x :: MariaDB 10.5.x :: UTF8MB4 & InnoDB Tables
Reply With Quote
  #5  
Old 03 Dec 2022, 17:22
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
 
Join Date: Sep 2008
Real name: Michael Miller Jr
There is some code more than likely, hidden within one of your plugins or within a template, it may link out to something (that then renders the malicious code) making it harder to find.

Edit each of your plugins, then scroll down to the bottom, if you see a large gap in space or anything that looks like added code, paste it here for review.

You can use this guide:
https://forum.vbulletin.com/blogs/mi...vbulletin-site

There was also another guide by Zachery or Trevor I believe from back then, that is also relevant and useful but I couldn't locate the link, you may wish to search for that one (I believe it's a forum post versus a blog post etc). Edit: Found it - https://forum.vbulletin.com/blogs/za...ve-been-hacked
__________________
Daddy Does Dios and Figs!
*I no longer provide vBulletin Services (No PM's, please).

Search - Use the search feature to find similar issues/answers.
Information - Include screenshots, copy/pasted error codes, url etc.
Fixed - Please return to your thread/post and let us know how it was fixed!
Thanks - For participating! Click the "Like" on a post if someone helped you!

Last edited by TheLastSuperman; 19 Dec 2022 at 13:10.
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 00:36.

Layout Options | Width: Wide Color: