The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
#1
|
|||
|
|||
My site was exploited/attacked
Okay, here is what I know right now and am learning more as I go. They uploaded a malicious file google.js which was sending people to a russian site. I currently run 3.7.2 Then they uploaded two different files directly into the customavatar folder ./customavatars/adm.php One of those was a program called adminer 2.3.1 Screen shot: They also uploaded another file that I'm not sure what it does... it was ./customavatars/setting.php This one only has a password. I have removed all files but would like help in knowing where the vulnerabilities are!! I have removed the ability for people to upload custom avatars for the time being because I assume that is how this happened. Thoughts? |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|