Valter, thank you for working so fast and putting out an updated version with the security patch. Your very quick attention to this is appreciated. :)

i was just hacked. i have no doubt it was this mod. why? because it was the only mod i was using. plain vanilla vbulletin v3.8.6 pl1 and this mod - nothing else. i was not hacked with v4.0.2, i was not hacked when i updated to v4.0.3 but a few days after the initial hack reports by others and then i was on v4.0.4. and yes, i did tick the overwrite box. i almost deserve this for not uninstalling it right there and then, when people were reporting their sites hacked. like another guy said in the other forums, thank God it was a "friendly" hack. never again. i'll stick to vanilla forums from now - lesson learned.

i'm here to find out why i still have a link to http://forums.(mydomain).com/misc.php?do=cfrules which goes to the icons faq question. how do i get rid of this "portal to hacking" completely? i want any and all traces removed.

Check out this thread: https://vborg.vbsupport.ru/showthread.php?t=263202

It's well possible that you have been hacked before you updated, Hackers tend to install a backdoor, so they can get back inside, even if the exploit they used to get in has been fixed already. It's not always super obvious that you have been hacked, it can happen very subtly, without you ever noticing.

I'm not quite sure what your question is though, do you mean, that you still have a link labeled "Rules" in your navbar? If so, I'm sure you can get rid of it by examining whether there are any active template modifications on the navbar template, if not, you may be able to remove the link by making a template modification of your own.

And if your question is why http://forums.(mydomain).com/misc.php?do=cfrules is still leading somewhere, that's because misc.php is a file which implements many many features, like your FAQ. The Smiley thing seems to just be the default and since cfrules doesn't exist anymore it displays the default.

i don't think so. the file was uploaded on the 9th. i updated to to the "fixed" version 4.0.3 on the 5th. i don't know. i'm still unsure what exactly went down.

https://vborg.vbsupport.ru/external/2011/05/45.jpg

I also was using this mod and updated to the latest files attached here and was hacked and locked out, I gained access, removed the fake admin, re-did the titles etc and since that my whole forums files (the lot) has been deleted by someone.

This was 3 years plus worth of work gone down the pan because the developer of this hack didnt check his work.

Now Im stuffed and hoping my host can restore the site or its gone for good.

Thanks.

Per my above post. My host has carried out a check of the logs and says the following:

Make sure you have backups because this hack can delete your whole forum.

Regards

My forum was hacked again after a recent attack on my site a few days ago. We did a full restore, patched this mod to the current one which says that it was patched and yet a few minutes ago, my forum was hacked.

Add me to the list saying that this updated patch is not yet secure.

I'm watching this closely.

It would be very helpful if someone can find in their server logs the original attack, or any accesses related to the attack. (The error log info above wasn't quite helpful enough for me to work with.)

I found a security hole in the script code which allowed me to execute php script code. (v4.0.4)

@Author/s/whoever is in charge: Plz contact me ASAP per PM

if we only disable the product will be safe ? or have to uninstall it till a good update ?