Blog Documentation Book a Demo
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Vanilla 2 install from GitHub redirects to CGI script marked as malware

omfgomfg New
edited August 2009 in Vanilla 2.0 - 2.8
On Step 2 of the Vanilla install the script is forwarding me to: http://91.211.64.180/cgi-bin/index.cgi?tf17

This happens on multiple computers / browsers. Has someone compromised the checked-in version at GitHub?

Comments

  • omfgomfg New
    edited August 2009
    After passing to Step 2 it appears to happen for all URLs except the main.

    i.e. I go back to domain.com/signin it re-directs.

    I goto domain.com it goes to Step 1 of the Vanilla 2 install, then I hit Next and it re-directs again.

    I've since removed it from my server as I can't have that running on my box. I'm not familiar with the setup of Garden so I was unable to track where it's coming from. Though I've seen similar injections in the past and they seem to be bits of encoded JS stashed somewhere in the code. Maybe a template file?
  • omfgomfg New
    No one else has run across this?
  • gasfacegasface
    Yes, WTF?!
    I was all ready to flip to it and now this? Have the developers or anyone addressed this?!?!?
  • RefringeRefringe New
    As of right now I'm unable to download the code from GitHub. I just get a file not found error. I assume the developers have taken it down temporarily to address this issue?
  • MarkMark Vanilla Staff
    Uhh. I don't have anything like this happen for me. And the code is live and fine. I'll investigate further.
  • MarkMark Vanilla Staff
    I've contacted GitHub about it. I'll post more news as it gets back to me.
  • MarkMark Vanilla Staff
    I haven't heard back from them yet - but I just tried to download again - this time it worked. I installed it locally, and didn't have any redirect problems.

    I googled that error a bit, and found some information about an IE trojan - Are you guys (gasface and omfg) using IE?
  • jstennis1591jstennis1591
    I have a database problem when trying to install V2. It will let me use the same exact database credentials for vanilla 1.19 but when I try with V2 i get an error saying that it cannot connect to the hardware or something.... any tips?

    Here's the exact error:
    "The connection parameters you specified failed to open a connection to the database. The database reported the following error: could not find driver"
  • MarkMark Vanilla Staff
    edited September 2009
    @jstennis1591 - It's not a connection problem, it's a driver problem. Make sure that you have PDO, and PDO_MYSQL enabled for php.
Sign In or Register to comment.