Mator

I wasn't referring to touching the ESP files you merged, I was referring to using a translation of merge plugins. E.g. Russian or French. There's a bug when using a translation will cause the program to build merges incorrectly. Switch the program language to English and it should work properly. If you are using the english language in the program then the problem is something else and you should provide a log because I can't help you without a log.

1. make sure you are NOT using a translation when you build your merge. 2. make sure you are NOT using the "new records" merge option

Looks like Survival Horror to me. I think I'll pass. Not a huge fan of either genre. I tried playing through The Vanishing of Ethan Carter and never actually finished. I just lost interested at some point.

You should never merge plugins that are required by masters by other plugins. You should never have plugins that are dependent on plugins you merged unless they are dynamically generated plugins (which should not be merged). You should never merge merged plugins (instead, just rebuild the merge from the source plugins).

It's not a great image, that's for sure. Fairly amateurish.

If SSEEdit works but TES5Edit doesn't, you probably have Skyrim Special Edition installed, not Skyrim Legendary Edition. :)

Don't merge plugins that are required by other plugins as masters. This is a fundamental rule of merging.

That's funny, I posted this exact link earlier in the thread. I don't have server access, else I would be able to provide more information about the steps taken to address this issue. Also, per the post you shared removing the malicious code does not permanently solve the problem. The code got there via some kind of vulnerability in IPB* (yes, not PHPBB, I got them confused for a moment. their acronyms are kind of similar and both run on PHP). Removing the malicious code will only solve the problem until the attacker re-applies the exploit. I agree with you that being a responsible host should involve fixing this issue. It sounds to me like z929669 looked for this exploit per the article on peter upfold's blog, but wasn't able to find it. At the time we thought it was because I had re-cached the skin files, which peter upfold mentions as a possible solution. It's possible z wasn't able to find the exploit at the time, and that purging the skin cache didn't fix the problem OR the attacker re-applied their exploit through the IPB vulnerability after we had resolved the problem. Right now we don't know which of these is the case, but we do know the only way to truly protect ourselves from this exploit is to upgrade IPB to a newer version with security improvements. That's what we've been working on.

That's kind of a misrepresentation. I understand that people don't like it when they get directed to seemingly malicious sites, but STEP isn't spreading malware. There is malicious code getting inserted in STEP through some kind of exploit in PHPBB software which is executing in your browser, but it's hardly "malware" and has no effect outside of your web browser on your machine. The website that you get redirected to could download malware, but a website itself isn't malware (though it can be malicious). It's possible that website could download malicious software to your machine if you let it do what it wanted, but I haven't seen any actual proof that it downloads malicious software. The issue here is that the malicious code is very subjective. I use STEP almost daily and I never get redirected to the fishy website. The same is true for the majority of people here. This makes it extremely difficult to assess the infection. STEP's main webmaster is no longer available, and there isn't really a way to protect the website against this attack anyways asides from updating the PHPBB forum software because it's exploiting a vulnerability in proprietary software which we don't know anything about. The attack itself is presumed to operate through inserting malicious code in a cached template file, so recaching the templates should remove the malicious code, requiring the attacker to attack the website and again and re-attach it. We're doing our best here, but migrating the website to the updated PHPBB software isn't something that can be done overnight, but I will urge the development team to prioritize it due to this issue.

Sorry I haven't responded yet, this is a complex use case and I've been working on a lot of other things. I think chaining may be broken, and fixing it may resolve the problem for you. That said, you should make sure the elements you're chaining are all treat as single entity in addition to being chained.

That's the correct solution - using MO2 in portable mode is the only way to get the integration to work with it.

Both mod and plugin order are stored in your MO profile (modlist.txt and plugins.txt). You can copy those over as well.

Copy-paste is probably easiest, though you may want to cut and paste if you have a lot of mods and your hard drive space is limited.

Merge Plugins only recompiles Script Fragments. If the plugin has no script fragments associated with it, Merge Plugins won't do anything. If the scripts have Game.GetFromFile or similar calls you need to fix them with Ganda's Relinker. I haven't tested SSE script handling thoroughly, so it's also possible it's broken because of some changes since Skyrim Classic (or due to the recent updates), but I doubt it.

That is correct.

Not to my knowledge.

Great suggestion, hadn't heard of this software before. Per Tech, only Z has server access right now, so he'd have to be the one to do this.

Unless you're running Fallout 4, nope.

The masters are ordered based on the load order that's in Merge Plugins. If masters are out of order that means the load order Merge Plugins loaded was out of order. This is a known issue with SSE/FO4 with Merge Plugins 2.3.1. There are a number of workarounds posted on the Nexus in the mod page comments section and in the issues section.

I'd like to think re-caching the skin files fixed the problem, but I will wait to hear from some other users before saying it's solved. It's also only a temporary solution, the attacker probably can just use the same vector to re-attach their code at any time.

v0.3 released. See the OP. Didn't get the chance to build your feature request Tech, but I'll get it for the next version.

All good dude. At the very least I now know that I need to tackle handling string files as file specific assets in zMerge. :)

That means that no formIDs were renumbered.

You'd have to edit the strings file. Merge Plugins saves a map file in the merge folder which has renumbered formIDs in the format oldFormID=newFormID.

I re-cached skins and languages from the Admin CP. This might have fixed the problem. Let me know if it's still happening.