Question vBSecurity 1.1.1 flood of config.php variable tampering

Status
Not open for further replies.
Website
http://ircforums.com
Forum version
vBulletin 4.2.x
#1
I am receiving many emails almost on the minute-

Greetings,

vBSecurity has detected a security alert regarding config.php Variable Tampering:
$vbulletin->config['Misc']['admincpdir'] changed from 'admincp' to 'http://www.site.com/forum/admincp'
$vbulletin->config['Misc']['modcpdir'] changed from 'modcp' to 'http://www.site.com/forum/modcp'
$vbulletin->config['Misc']['admincpdir'] changed from 'admincp' to 'http://www.site.com/forum/admincp'
$vbulletin->config['Misc']['modcpdir'] changed from 'modcp' to 'http://www.site.com/forum/modcp'
$vbulletin->config['Datastore']['prefix'] is new: NULL

The actions you have configured in the Security Center have been taken.

Please log in to your AdminCP and the Security Center: www.site.com/forum/http://www.site....?do=security&action=watchers&category=general for guidelines on how to correct the issue.


vBSecurity - vBulletin Security
I am using a mod ,

Template Modification System 1.2.0 Beta 4 Patch Level 1 This Modification allows automatic managament of Template-Modifications

Maybe it is conflicting? Maybe it's dbSEO?, which I have just purchased the Pro version.

I am receiving these emails when no live human should be accessing the admincp. Lately it has been just me and when I'm offline I am getting these alerts.

Also, because the links are being rewritten I cannot easily read them, but could go to the admincp.
 

Belazor

Staff member
Owner
Developer
Customer
#2
You appear to be using a mod that converts the config.php variables to absolute URLs rather than relative folders.

I recommend trying to disable your mods one-by-one until the flood stops, to figure out which one it is. Many areas of vB rely on the admincpdir and modcpdir variables remaining as folder names.
 
Status
Not open for further replies.

vBSecurity

vBulletin 3.8.x vBulletin 4.x.x
Seller
DragonByte Technologies
Release date
Last update
Total downloads
743
Customer rating
0.00 star(s) 0 ratings
Top