vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Hacker only accessed plugin.php? (https://vborg.vbsupport.ru/showthread.php?t=302085)

Munch98 09-09-2013 10:47 PM
Hacker only accessed plugin.php?
 
Hi guys, I just got some messages from forum members telling me a user has been added to the "Founder" group in my forum, I am the only one with powers to edit a persons group so it is obvious they used something malicious to do it.

I checked what he had done and this is what it shows:
http://i.imgur.com/C7DNTZc.png

It seems he only wanted to add a plugin but I'm not sure what plugin it is that he has added. Does anyone have any idea what to look for specifically?

Zachery 09-09-2013 10:55 PM
Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site
Also please see these recent security announcements:
vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5
vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions

Spangle 09-10-2013 08:41 AM
I would echo what Zachery says, but you also need to check your public_html file for any files they may have added, I got hacked yesterday and thy tried to hide a couple of files, one was called "mail.php", the other was "passwords.txt"

I have also been notified by Hawkhost that there is a known exploit in Forum runner, so if you are using that it would probably be best to uninstall and delete any files belonging to it as well.


All times are GMT. The time now is 01:56 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00987 seconds
  • Memory Usage 1,712KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (3)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete