Bug Possible Admin CP / Mod CP / DBSEO CP exploit attempt!

[neogeo]

Right now I get this message:

Possible Admin CP / Mod CP / DBSEO CP exploit attempt!

Nobody can't access to the site, I dont understand what happened, please help!

Also, the apache error log says:

Got error 'PHP message: PHP Warning: strpos(): Empty needle in /dbtech/dbseo/includes/class_core.php on line 580\n'

In that line I see:

if (strpos($_redirUrl, self::$config['_bburl']) !== false)

Can someone help me? all my site is offline because that

SOS!

 

[neogeo]

Firefox says:

The page is not redirecting properly

An error occurred connecting to the site

 

[neogeo]

I restarted Apache, php and mariadb, seems is working now, but im very worried about this error. Thi is the second time that happened since yesterday

(The two times happened when I was editing templates (as always I did without problems), the only thing differnet is that yesterday I unninstalled a plugin that I was disabled for many years, the vbseo) Now Im wondering if this is related with this or not... and I just Im being hacked

Someody knows why this happens?

 

[Fillip H.]

If you are using a custom AdminCP and ModCP path, you must also update your .htaccess file.

Go to your DBSEO CP and remove all custom 301 redirects and custom rewrite rules, as it's likely a mistake has been made in one of those settings.

 

[neogeo]

I think that my AdminCP and ModCP path are the standard path:

On my .htaccess I have this:

RewriteCond %{QUERY_STRING} !dbseourl=
RewriteCond %{REQUEST_URI} !(admincp/|dbseocp/|modcp/|cron|mobiquo|forumrunner|api\.php|reviewpost/|classifieds/|photopost/)
RewriteRule ^(.*\.php)$ dbseo.php?dbseourl=$1 [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|dbseocp|modcp|clientscript|cpstyles|images|reviewpost|classifieds|photopost)/
RewriteRule ^(.+)$ dbseo.php [L,QSA]

¿I need to add something more?

In DBSEO CP all custom 301 in that area are disabled (//) since always I think

I really don't know what is happening (always did well) but now I feel scared because there are lot of people visiting the forum everyday and all this is out of my knowledge... ¿any suggestion for me Fillip?

 

[Fillip H.]

I think that my AdminCP and ModCP path are the standard path:

I don't see anything? You'll need to check your config.php file to see if you've renamed those folders.

 

[neogeo]

I get another Possible Admin CP / Mod CP / DBSEO CP exploit attempt! message, and the website down.

The apache error logs say:

PHP message: PHP Warning: strpos(): Empty needle in /home/foroparalelo.com/public_html/dbtech/dbseo/includes/class_core.php on line 580\n', referer:

580 line: if (strpos($_redirUrl, self::$config['_bburl']) !== false)

Do you know what this problem might be? Is very frustating see how the website gone down every 2 days.

 

[Fillip H.]

Can you show me the contents of your "Board URL" vBulletin Options setting? From the looks of it, this setting is empty, which is wrong.

 

[neogeo]

In Board URL I have the full and correct url (is not empty)

 

[DragonByte Technologies]

Hello @formentera,

We hope your ticket regarding DragonByte SEO has been addressed to your satisfaction. This ticket has now been scheduled to be closed.

If your ticket has not been resolved, you can reply to this thread at any point in the next 7 days in order to reopen the ticket, afterwards this thread will be closed.

Please do not reply to this thread if your ticket has been resolved.

Thank you.


- DragonByte Technologies, Ltd.

 

[DragonByte Technologies]

Hello @formentera,

As we have not heard back from you, your ticket regarding DragonByte SEO has now been closed.

If your ticket has not been resolved, please feel free to start a new support ticket and link back to this ticket.

Thank you.


- DragonByte Technologies, Ltd.