View Full Version : Hacked a Bunch of Times c99madshell.php
steve3402000
11-26-2013, 09:10 PM
Apparently this is a quite sophisticated Trojan Horse. I actually found it by accident. Had no idea it was there. Anyone know how to get rid of it?
Steve
Lynne
11-26-2013, 10:51 PM
Did you try google? First thread I saw - http://www.securelist.com/en/descriptions/old188613
steve3402000
11-26-2013, 11:06 PM
Problem I have, is it was a plug in, I don't even know the files that are attached to it, and I am on a hosted Server. I see nothing in my directories.
Just weird, anyone else had this one?
Thanks Lynne
--------------- Added 1385511007 at 1385511007 ---------------
I made a php error log here are some errors I get, especially when I try to access phpmyadmin
This craps killin me, I am too busy at work for this lol
Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupmessage.php on line 261
Date: Tuesday 26th of November 2013 07:34:12 AM
Username: Unregistered
IP Address: 138.163.0.41
================================================== ===
Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupdiscussion.php on line 337
Date: Tuesday 26th of November 2013 07:34:12 AM
Username: Unregistered
IP Address: 138.163.0.41
================================================== ===
Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 09:05:56 AM
Username: Hitech
IP Address: 50.79.79.193
================================================== ===
Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 09:05:57 AM
Username: Hitech
IP Address: 50.79.79.193
================================================== ===
Warning: Only variables should be passed by reference in /editpost.php on line 323
Date: Tuesday 26th of November 2013 09:45:32 AM
Username: GlennAB1
IP Address: 76.251.228.156
================================================== ===
Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupmessage.php on line 261
Date: Tuesday 26th of November 2013 10:34:32 AM
Username: Unregistered
IP Address: 181.246.240.142
================================================== ===
Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupdiscussion.php on line 337
Date: Tuesday 26th of November 2013 10:34:33 AM
Username: Unregistered
IP Address: 181.246.240.142
================================================== ===
Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupmessage.php on line 261
Date: Tuesday 26th of November 2013 01:25:01 PM
Username: Unregistered
IP Address: 134.216.26.233
================================================== ===
Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupdiscussion.php on line 337
Date: Tuesday 26th of November 2013 01:25:01 PM
Username: Unregistered
IP Address: 134.216.26.233
================================================== ===
Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupmessage.php on line 261
Date: Tuesday 26th of November 2013 01:25:10 PM
Username: Unregistered
IP Address: 134.216.26.233
================================================== ===
Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupdiscussion.php on line 337
Date: Tuesday 26th of November 2013 01:25:10 PM
Username: Unregistered
IP Address: 134.216.26.233
================================================== ===
Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupmessage.php on line 261
Date: Tuesday 26th of November 2013 01:25:18 PM
Username: Unregistered
IP Address: 134.216.26.233
================================================== ===
Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupdiscussion.php on line 337
Date: Tuesday 26th of November 2013 01:25:18 PM
Username: Unregistered
IP Address: 134.216.26.233
================================================== ===
Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 01:33:37 PM
Username: Steve340
IP Address: 70.209.17.110
================================================== ===
Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 01:42:34 PM
Username: Steve340
IP Address: 70.209.17.110
================================================== ===
Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 01:48:08 PM
Username: Steve340
IP Address: 70.209.17.110
================================================== ===
Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 02:44:44 PM
Username: Gonzo3333
IP Address: 98.213.198.34
================================================== ===
Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 03:16:31 PM
Username: Steve340
IP Address: 70.209.17.110
================================================== ===
Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 03:20:44 PM
Username: Steve340
IP Address: 70.209.17.110
================================================== ===
Lynne
11-27-2013, 04:43 AM
If it's a plugin, then there is no need for a file. But, you should make sure there isn't some file they uploaded via the use of a plugin.
Those errors are just showing warnings. And, if they are using a script, then that doesn't mean it is generating any errors that would show up in an error_log. You really need to look at your access_logs to see if they are accessing any scripts on your server that you don't know about.
ForceHSS
11-27-2013, 05:01 AM
going by some of the warnings you are getting you have not put any fixes in yet for 4.2.2
steve3402000
11-27-2013, 08:27 AM
I did not know there were fixes for 4.2.2 I will check it out.
Thanks!
Steve
vBulletin® v3.8.12 by vBS, Copyright ©2000-2025, vBulletin Solutions Inc.