Thread: Hacking Question
View Single Post
  #3  
Old 04-06-2013, 08:42 PM
boxingscene boxingscene is offline
 
Join Date: Sep 2004
Posts: 123
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by TheLastSuperman View Post
Yes shell scripts can contain code to modify files and access the database, I would remove the shell script and also ask your host to do any server side scans they have to ensure it's clean.

Also follow the methods outlined here:
http://www.vbulletin.com/forum/blogs...iller/3934768-
He is uploading these files using these kinds of commands. Is there any way to block this or how exactly is he able to do this??? He is using VB files to upload shell scripts it appears.


"GET /tmp/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=382
HTTP/1.1" 404 32091 "http://www.XXXXXXXXXXXXXXXXXXX.com/tmp/w.php3" "Opera/9.80
(Macintosh; Intel Mac OS X 10.8.2) Presto/2.12.388 Version/12.14"
176.62.111.131 - - [20/Mar/2013:04:08:37 -0400] "GET /tmp/clientscript/vbulletin_global.js?v=382
HTTP/1.1" 404 32053 "http://www.XXXXXXXXXXXXXXXXXX.com/tmp/w.php3" "Opera/9.80
(Macintosh; Intel Mac OS X 10.8.2) Presto/2.12.388 Version/12.14"
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01183 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete