vbulletin help

[MrBishop]

Trying to clear up the 'turkey' virus that has been infecting vbulletin sites as of late. I understand that it's found in the yahoo counter script, but might be in a few other places. Finding needles in haystacks is more like it.

Anyone know of a decent script that I can run on my vbulletin to help clear up this mess?

Thanks!

 

[catocom]

haven't heard of it...
will upgrading to the latest ver fix it?

 

[MrBishop]

We're on 3.7.4 now

It's a site redirect

*78.110.175.21*
*195.24.76.251*

Seems to be inside the java code. A bit of subertfuge hiden in a yahoo counter, but the DB puts the code back in after you 'fix it'

 

[catocom]

I'd try 3.8

 

[MrBishop]

I'll mention it to the site owner. See if he's willing to upgrade, but would that guarantee the fix or just move the problem to a new version?

I've considered wiping all non-generic skins off of the server and reloading the php files, index etc..

 

[catocom]

3.8.1 just out

 

[MrBishop]

We're on 3.7.4 now
Our DB doesn't seem touched at all..it's mostly the interface/skin that's causing the redirect to a hostile site.

D'ya think that the UPG will solve some/all of those issues?

 

[catocom]

good chance.
it's quite a jump.

 

[MrBishop]

I convinced him to go up to 3.8.1 - so far, so good... he's switching hosts as well. The current host is having major issues with this php redirect virus/trojan.

 

[catocom]

 

[catocom]

I'm still banning new IPs/ranges every day

 

[MrBishop]

Any way that I can get a list of your banniated IP ranges? I'll erad up on how to do blocks and strengthen up the board that way.

Much appreciated Cato.

 

[catocom]

wip...

If I get an error log, where an IP is looking for a guest dir, I ban it, or the range
if it's a certain other country, like china.

you can look um up at dnsstuff if you need more info.

 

[MrBishop]

Sweet. I'm going to go delve around and see how to implement this IP-range ban and then go visit dsntuff later.