|
Hacking Question
Did not mean to make this thread twice.
Someone hacked my vbulletin with a malicious code in the footer, which he placed on two of our themes. From what I can tell he did not access the backend or corrupt any files. Our admincp is password protected via .htaccess and I see nothing in the control panel logs of someone being in there and making those kind of template changes. I did see that he uploaded a shell script in subfolder of another script. Could he have used that file to access the mysql server directly to corrupt the vbulletin script? I'm stumped otherwise. |
Yes shell scripts can contain code to modify files and access the database, I would remove the shell script and also ask your host to do any server side scans they have to ensure it's clean.
Also follow the methods outlined here: http://www.vbulletin.com/forum/blogs...iller/3934768- |
Quote:
"GET /tmp/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=382 HTTP/1.1" 404 32091 "http://www.XXXXXXXXXXXXXXXXXXX.com/tmp/w.php3" "Opera/9.80 (Macintosh; Intel Mac OS X 10.8.2) Presto/2.12.388 Version/12.14" 176.62.111.131 - - [20/Mar/2013:04:08:37 -0400] "GET /tmp/clientscript/vbulletin_global.js?v=382 HTTP/1.1" 404 32053 "http://www.XXXXXXXXXXXXXXXXXX.com/tmp/w.php3" "Opera/9.80 (Macintosh; Intel Mac OS X 10.8.2) Presto/2.12.388 Version/12.14" |
VB 3.8.7 is the only 3.x version without known exploits. Anyone running 3.x should have upgraded by now... Or, as in the case of this site, be able to code fixes themselves.
I'm not sure if the yahoo yui script is to blame, but you should most definitely be using a remote YUI site- you can set this in Admin CP - Settings -> Options -> Server Settings and Optimization Options |
| All times are GMT. The time now is 06:43 AM. |
Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
| X vBulletin 3.8.12 by vBS Debug Information | |
|---|---|
|
|
 More Information |
|
|
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|