I am sure you have all heard of the base64 exploit that is affecting hundreds of vbulletin users. I have had this base64 exploit for a while now. I had it last year and finally got rid of it after I updated my vbulletin but now it is back again. I have downloaded and installed this plugin which alerts you when your datastore plugins are affected. This is the email I get every morning when the exploit is injected into my forum. Can you help me out with this. What exactly does this mean and how are they injecting this code? I need to know how they are gaining access so I can stop it.

Datastore pluginlist mismatch!

================================================== ==============================
Plugin modified/added:
array (
'pluginid' => '3094',
'title' => 'vBSEO Cache Templates',
'hookname' => 'cache_templates',
'phpcode' => 'if(defined(\'VBSEO_ENABLED\')) vbseo_complete_sec(\'cache_templates\');

That is an issue with vbseo, so you will need to ask for help on their forums.

I would simply uninstall VBSEO and utilize vB4's mode rewrite friendly url's. Did you know vBSEO left an exploit in the official product for well over a year through countless versions a known exploit was released in your vBSEO versions... ohh tis true and I recently uninstalled and even that had some issues glad I know my way around a vBulletin site well enough to fix it lol.

Example: http://www.vbseo.com/f5/vbseo-security-bulletin-all-supported-versions-patch-release-52783/index12.html#post325845

^ Post date is 01-23-2012 11:37 PM now read the post further...
Said activity has occurred sometime in the last month *starting December 1st, 2011* (as stated above)

The "sometime in the last month" but "starting December 1st, 2011" is what clues you into that. My site was hacked into as well including some of my clients (http://www.vbseo.com/f77/new-plugin-found-related-recent-vbseo-exploit-52848/) long long ago so long story short I do not advise you keep it installed in fact I advise you remove it promptly and yes your SEO will take a hit, you can use "Mod Rewrite Friendly URLs" via your options in vBulletin though with an .htaccess file and redirect old threads then re-submit to google to be re-indexed and while that is a slight pain it's well worth it in my opinion.

http://www.vbseo.com/blogs/mert-goekceimam/how-uninstall-vbseo-238/
http://www.vbseo.com/f55/how-completely-uninstall-vbseo-20737/

Just my 2 cents :p.

I've never used vBSEO and I still have the filestore redirection problem.

So it's possibly not a problem unique to users of vBSEO (and I've seen the long threads about it on their forum). There may be some other way in vB that this is being installed and the problem may be vB itself.

Any suggestions, Lynn?

(The only plugin I've ever had was glowhost and I have now unistalled it but the problem persists)

I've never used vBSEO and I still have the filestore redirection problem.

So it's possibly not a problem unique to users of vBSEO (and I've seen the long threads about it on their forum). There may be some other way in vB that this is being installed and the problem may be vB itself.

Any suggestions, Lynn?

(The only plugin I've ever had was glowhost and I have now unistalled it but the problem persists)

While your issue sounds similar the way your site was infected could have been entirely different and no this can be on any site if the hacker decided to use it etc - I assume a rogue plugin or shell script is still in place on your forum.

http://www.vbulletin.com/forum/blogs/michael-miller/3934768-recovering-a-hacked-vbulletin-site
http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hacked
http://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-site

Edit: Also if you bounce around posting all over the place https://vborg.vbsupport.ru/showthread.php?goto=newpost&t=302248 some would assume it might prompt a reply quicker and it *might* but then backtracking to check all the places you posted later today and tomorrow could mean overlooking a valid reply as well :p.

The only plugin I had was glowhost which I had uninstalled earlier. The problem persists.

I'll make sure I haven't overlooked any reply, but it did seem pertinent to post in this thread as from the posts above other readers may be misled into thinking it's exclusively a vBSEO issue when it's not.

I've NEVER had vBSEO installed. I didn't even know what vbSEO was till I started researching this filestore redirection problem where everyone seems to be blaming vBSEO. vBSEO might be one of the routes in but if anyone reading this thinks they are okay because they don't have vBSEO, think again.

There seem to be other ways in!

<added>
One strange thing I noticed is that even after uninstalling glowhost there are still many glowhost related lines in the datastore.MYD table (and possibly elsewhere!) But, of course, the problem may not be glowhost at all but a flaw somewhere else in vB or my security that has allowed the hackers in.