I am wondering if anyone else's forum has been attacked recently. And how, if so please state the version and the type of attack / what they did... as my site on 4.0.7 has been attacked a few times and I want to see if anyone else shares this problem.

My first attack was some form of iframe exploit that left a redirect to some page in the uk, the second one a week or so ago, left my forum.php file blank with the words "Xuplena" and nothing else...I am running 4.0.7 with security patch.

I have since, upgraded my server to help protect against SQL injections and have disabled shell scripts from running.

Can you write the list of the addons you have installed?

*Enabled mods are marked as Enabled - All others are disabled* It is a somewhat long list.

Add wibiya Script 1.1 -ENABLED

Article Forum 4.1.2

CT second_post_Ads 2.0.2

Digital Point Position Ads

Digital Point Spy 1.0

Display reputation comments given

DownloadsII 6.0.7 -ENABLED

Easy Mod Tools 4.0.4 -ENABLED

First Post on all pages 1.2

Hide Links From Guests 1.21

Hide Version 1

Inactive User Reminder Emails 2.1.1

MARCO1 Advanced Quick Reply And Edit With Smilies 4.5 -ENABLED

Members who have Visited 4.0.9 -ENABLED

Merge Double Posts 2.8

Minimum number of posts to send pm. 1 _ENABLED

Movie Of The Week 3.0.2

Separate Sticky and Normal Threads 4.0.1 _ENABLED

Show a Poll In FORUMHOME 3.0

today's Top Poster(s) 4.0.RC1 -ENABLED

vb4 Film Strips marquee by Yilmaz 8.5 -ENABLED

vBH - Add new tabs 1.2 1.2 -ENABLED

vBulletin Blog 4.0.7

vBulletin CMS 4.0.7 Content Management System

View signature restriction 1 -ENABLED

VSa - (De)Bump Threads 1.2

VSa - Advanced Forum Statistics 7.0.3

VSa - Advanced Permissions Based on Post Count 5.1

VSa - Advanced Registration 2.0.1

VSa - PayPal Donate 5.0 -ENABLED

Yet Another Mass Private Message System

Well, you don't have VSa - Advaned Forum Rules installed, so you're not one of the "Team Animus" victims.

How did they hack you? Did they just edit your index.php or .htaccess file or they edited some style? It's very important since they would need FTP or PHP shell access for editing of php and .htaccess files, and if they just had your admin password they could have uploaded a php shell via plugin system. But I doubt it, so do the following:

- Download the latest database
- Download untouched files of your vBulletin version
- Replace old ones with the new ones.

Delete every file that wasn't overwritten.

Also uninstall any of the mods that are disabled whats the point of having them there if they aren't turned on?