vb.org Archive
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   A phishing scam attack (phishing) on ​​your network (https://vborg.vbsupport.ru/showthread.php?t=328237)

efsaneclub00 09-20-2020 05:11 PM
A phishing scam attack (phishing) on ​​your network
 
<a href="http://www.efsaneclub.com" target="_blank">www.efsaneclub.com</a> We have detected a phishing attack on your network:

hxxps: // legend [.] com / grt / Excel / Excel / login.php? email = &. rand = 13vqcr8b solution

efsaneclub00 09-22-2020 04:05 AM
no responders i guess vbulletin forums are now slowly being discontinued

In Omnibus 09-22-2020 09:39 AM
You haven't given us enough information to know what you're talking about.

Who is the "we" who have detected a phishing attack on your network?

Does that file exist on your server? If so, delete it.

efsaneclub00 09-22-2020 03:46 PM
Quote:
Originally Posted by In Omnibus (Post 2604011)
You haven't given us enough information to know what you're talking about.

Who is the "we" who have detected a phishing attack on your network?

Does that file exist on your server? If so, delete it.



Hosting company that received such a mail
How do I delete this phishing.

Hello,

We have detected a phishing attack on your network:
hxxps: // legend [.] com / grt / Excel / Excel / login.php? email = &. rand = 13vqcr8bp0gklhiluhkjbvvghghjbud & lc = 1033 & id = 64835456135515 & mkt = en-us & cbcxt = mai & snsc = 1 [94.199.27]
hxxps: // legend [.] com / grt / Excel / Excel / index.php [94.199.200.27]
hxxps: // legend [.] com / grt / Excel / [94.199.200.27]
hxxps: // legend [.] com / grt / Excel / Excel / wait.php? l = _JeHFUq_VJOXK0QWHtoGYDw1774256418 & fid.13InboxLight.aspxn.1774256418 & fid.125289964252813 emailboxLight99642_Product-email
hxxps: // legend [.] com / grt / Excel / remove.php? l = _JeHFUq_VJOXK0QWHtoGYDw1774256418 & fid.13InboxLight.aspxn.1774256418 & fid.125289964252813InboxLight99642_Product-email [94t-email]
hxxps: // legend [.] com / grt / Excel / wait.php? l = _JeHFUq_VJOXK0QWHtoGYDw1774256418 & fid.13InboxLight.aspxn.1774256418 & fid.125289964252813InboxLight99642_Product-email]
hxxps: // legeneclub [.] com / grt / Excel / error.php? l = _JeHFUq_VJOXK0QWHtoGYDw1774256418 & fid.13InboxLight.aspxn.1774256418 & fid.125289964252813InboxLight99642_Product-email [94t-email]
hxxps: // legend [.] com / grt / Excel / login.php? l = _JeHFUq_VJOXK0QWHtoGYDw1774256418 & fid.13InboxLight.aspxn.1774256418 & fid.125289964252813InboxLight99642_Product-email [94t-email]
hxxps: // legend [.] com / grt / Excel / page.php? email = &. rand = 13vqcr8bp0gud & lc = 1033 & id = 64855 & mkt = en-us & cbcxt = mai & snsc = 1 [94.199.200.27]
hxxps: // legend [.] com / grt / Excel / Excel / remove.php? email = &. rand = 13vqcr8bp0gklhiluhkjbvvghghjbud & lc = 1033 & id = 64835456135515 & mkt = en-us & cbcxt = mai & snsc = 1 '% 20% 3E [94.199.200.27]
hxxps: // legend [.] com / grt / Excel / Excel / error.php? email = &. rand = 13vqcr8bp0gud & lc = 1033 & id = 64855 & mkt = en-us & cbcxt = mai & snsc = 1 [94.199.200.27]
hxxps: // legend [.] com / grt / Excel / Excel / page.php? email = &. rand = 13vqcr8bp0gud & lc = 1033 & id = 64855 & mkt = en-us & cbcxt = mai & snsc = 1 [94.199.200.27]

Best regards

In Omnibus 09-22-2020 07:10 PM
If it were me I would replace all of the files on my server with new ones.

You should also change your cPanel or Plesk password.

That could be from a modification or from a core security issue but there's no way of knowing.

There haven't been any reported vBulletin 4 security issues in quite some time so my guess is it's from a modification you either currently have or used to have.

efsaneclub00 09-23-2020 03:31 AM
Quote:
Originally Posted by In Omnibus (Post 2604016)
If it were me I would replace all of the files on my server with new ones.

You should also change your cPanel or Plesk password.

That could be from a modification or from a core security issue but there's no way of knowing.

There haven't been any reported vBulletin 4 security issues in quite some time so my guess is it's from a modification you either currently have or used to have.


How can I change all the files on the server, dear teacher?

--------------- Added [DATE]1600877678[/DATE] at [TIME]1600877678[/TIME] ---------------

Hi
Changing all the files on the server and making the forum from scratch is a lot better than closing it now that this happens. Thank you very much for your help.

efsaneclub00 11-01-2020 01:08 PM
Will anyone solve this problem and clean and install this form in return for the fee?

yilmaz 11-02-2020 01:04 PM
Quote:
Originally Posted by efsaneclub00 (Post 2604488)
Will anyone solve this problem and clean and install this form in return for the fee?
Solutions that come to my mind.

1. As it says phishing on login, it must be a malicious plugin associated with login.
2. The queue email sends 500 simultaneously, which most web hosts will perceive as an attack from your site.
3. I would delete all the products one by one with the files on FTP.
4. I would download the vBulletin compatible version and make an update.

Quote:
Aklıma gelen ??z?mler.

1. Girişte kimlik avı dediğine g?re, giriş ile alakalı k?t? ama?lı bir eklenti olmalı.
2. Kuyruk email aynı anda 500 g?nderiri, bunu ?oğu web host sağalyıcı sitenizden saldırı olarak algılar.
3. T?m ?r?nlerii tek tek FTP'de olan dosyaları ile bereber silerdim.
4. vBulletin uyumlu s?r?m?n? indirir bir g?ncelleme yapardım.

efsaneclub00 11-09-2020 04:05 PM
I wonder if there is anyone who can do this problem without any problems in return for a fee.

yilmaz 11-09-2020 04:43 PM
Quote:
Originally Posted by efsaneclub00 (Post 2604605)
I wonder if there is anyone who can do this problem without any problems in return for a fee.
I sent a private message.


All times are GMT. The time now is 03:12 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01098 seconds
  • Memory Usage 1,740KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (5)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete