boxingscene
04-05-2013, 06:10 PM
Someone hacked my vbulletin with a malicious code in the footer, which he placed on two of our themes. From what I can tell he did not access the backend or corrupt any files. Our admincp is password protected via .htaccess and I see nothing in the control panel logs of someone being in there and making those kind of template changes.
I did see that he uploaded a shell script in subfolder of another script. Could he have used that file to access the mysql server directly to corrupt the vbulletin script?
I'm stumped otherwise.
I did see that he uploaded a shell script in subfolder of another script. Could he have used that file to access the mysql server directly to corrupt the vbulletin script?
I'm stumped otherwise.