VB Maintenance detected that there is a file that is not part of VBulletin

/forums/subscriptionss.php

I don't know what it does (now I can not have a look into it) but when I redirected to it, the screen I got is attached.

How did they insert it? Anything I can do to prevent it?

VB 4.2.2 Patch 1
Vanilla, not a single plugin
No install directory

Turned my site off until I get on the machine where I can remove the file.

There are other attack vectors such as via insecure hosting

Change all of your passwords ASAP (root, hosting account etc.)

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked (http://www.vbulletin.com/forum/blogs/zachery/3993888-fixing-your-site-after-you-have-been-hacked)
http://www.vbulletin.com/forum/blogs...vbulletin-site (http://www.vbulletin.com/forum/blogs/zachery/3993849-best-practices-for-securing-your-vbulletin-site)
Also please see these recent security announcements:
vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5 (http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5)
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions (http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3993204-vbulletin-5-connect-security-patches-released-all-versions)