Hmm, they edited one of my forum titles and redirected my forum, im using (vb 3.6.3), no clue how they got into the database. Any help is appreciated.

Do you have HTML enabled?

A little more info would be helpful.

HTML is disabled, they found a way to get into the database and change one of the forum categories into the meta tag code.

List of plugins i have active:

Activity Modification
Display reputation comments in user post
ibProArcade for vBulletin
Member Profile Reputation Display 1.04
Members who have visited the forum 4.21
Members Who Registered Today 1.1
New reputation comments and posts
Reported post send pm 1.0.0
Strike Through Closed Threads
Top 'X' Stats by InfiniteWebby
uCash & Ushop
vBShout
Yarub's New UserCP Look
[HIDE] Hack Resurrection

Top 'X' Stats probably.

Top X Stats had a security hole in it that was fixed about 2 months ago, when did you install it ?

Already added the patch TopXStats, it has nothing to do with that, they got INTO the database and edited one of my forum categories. and replaced it with the meta tag.

and whats funny is i just upgraded to 3.6.3 last night from 3.5.4 i think i would of been better off with 3.5.4..

did you report this security leak to vB.com?

i just did.

i think i would of been better off with 3.5.4..Why ?

i just did.
A link please? Ticket ID? Bug Tracker Link? Forum Link?

<a href="http://www.vbulletin.com/forum/bugs36.php?do=view&bugid=1184" target="_blank">http://www.vbulletin.com/forum/bugs3...iew&bugid=1184</a> | Bug ID: 1184 And my site has some warez and stuff on it and i dunno if i should post my forum link here unless u want me to PM u it?

I've already responded to your bug/.

Do you have mod_security compiled into php? If you're running a site with a target audience like that, it might be in your best interest.

Hmm where could i get this at?

Reupload all files,
Check your host, maybe have remview file on your host.
Check the usertable database, may be hacker inserted an account in to your database.

Hmm where could i get this at?

http://www.onlamp.com/pub/a/apache/2003/11/26/mod_security.html

Also, run rkhunter from shell and see if it picks anything up, assuming you're running *nix.

Adam the first thing I saw was hacked on your site was your toplists.

I happened to run into this thread, so I thought I would update so there is no more need to reply.

The problem was apparently a shell script on the server, and nothing to do with vbulletin.

Are you running a vunerable version of phpmyadmin?IN the last few months lots of sploits have been released for it (to the extent that i have removed phpmyadmin until it calms down a bit) Are you on a dedicated server? Probably somthing else the attacker got in through and I am placing my money on phpmyadmin or he bruteforced a mySQL pass.