• 0

vBSEO (vBulletin) Exploit


Question

Hey, I just thought I would give anyone here who uses vBSEO the heads up about an exploit that lead to a site I run getting hacked this weekend.

Basically if you are exploited anyone who clicks a link to your site on a search engine will be redirected to a malicious website, it will also mess up your SEO settings so has the potential to ruin your page rank if you don't sort it out.

This is the first time the our site has been hacked in over three years of been online so I was a little gutted, thankfully no serious damage was done and it was easy to remove any damage as described below.

I hope someone finds this useful, no email was sent out by vBSEO about this exploit, although we had been exploited before the patch was released unfortunately.

Security Bulletin - vBSEO 3.5.1 PL1 Released

A security flaw has been identified in the 3.5.x codebase that has necessitated the release of vBSEO 3.5.1 PL1. All customers running the 3.5.x series should upgrade immediately. The 3.5.1 and 3.5.0 downloads have also been updated to include the patch for those customers not wishing to upgrade to a newer version or for customers who's license are expired. The RC builds are no longer available and you should upgrade to a stable version at once.

3.5.1 PL1 also contains a few minor bug fixes since the 3.5.1 release that have passed QA. There are no new features, just fixes to bugs reported. A full list is not available at this time as our focus of this release is on security. A complete update list will be included with 3.5.2 when it is released.

This issue does not effect vBSEO 3.3.x and lower versions.

Details of the exploit:

A writable config.xml file (chmod 0666) can be compromised. We always suggest customers to lock down their files with 0644 permissions after they are done changing settings. Even still, mis-configured webservers still sometimes allow the webserver to write to a 644 file due to chown permissions of apache.

If you can edit your vBSEO settings with your config.xml file chmod'ed to 644, you should contact your host for server security support. This should NOT work. vBSEO should throw an error back saying your config file is not writable.

If you have ssh access, you can try chowing the config file to a different user. Oleg explins this a bit more in this thread: config.xml settings changed randomly - security issue?

There is an active discussion on this topic in that same thread: config.xml settings changed randomly - security issue?

Note, that we are not your server admins and we can only offer advice on securing your server - we cannot do it for you.

3.5.1 PL1 is available in the downloads section.

http://www.vbseo.com/downloads/

I've been hacked, what do I do?

Most users are reporting a change in url settings, and losing traffic to a JS redirect script.

If you think you may have been compromised, The best thing to do is:

- install 3.5.1 PL1

- load a backup vbseo_all.xml into your cp and save your key and password.

If you do not have a backup, You should try to set your urls to how they were before as best as you can remember. Do a site: command in google to find your indexed links for pointers. And when you are done, make a back up this time so you have it in the future.

Our staff is here to assist you if you require further help, such as using our vBSEO - Upgrade Service to upgrade to our latest release and our technical staff is standing by in the http://www.vbseo.com/support/ area should you need further help.

Get your 3.5.1. PL1 now from the downloads area!

http://www.vbseo.com/downloads/

Please discuss this issue here: config.xml settings changed randomly - security issue? - vBulletin SEO Forums

Thanks,

the vBSEO Team.

Read more at: http://www.vbseo.com/f5/security-bulletin-vbseo-3-5-1-pl1-released-44590/

Link to comment
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.