Go Back   vb.org Archive > Community Discussions > Forum and Server Management
Reload this Page Spam Generated from vBulletin php Mail -- Account Compromised?!
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 02-03-2014, 10:32 PM
JacquiiDesigns's Avatar
JacquiiDesigns JacquiiDesigns is offline
 
Join Date: Dec 2008
Location: Tennessee
Posts: 687
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Spam Generated from vBulletin php Mail -- Account Compromised?!
While investigating an issue with my mail server, I've found something quite curious and a bit upsetting in the Mail Queue Manager in WHM ... It looks like there's some spam being generated from the ******** account via the vBulletin PHP mail form:



Here's the Extended Header code:

Quote:
Date:
Tue, 21 Jan 2014 11:26:23 -0500
From:
********
Subject:
Spend $12 and earn up to $4000 a week... GUARANTEED!!
Auto-Submitted:
auto-generated
Content-Transfer-Encoding:
8bit
Content-Type:
text/plain; charset="ISO-8859-1"
Message-ID:
<20140121162553.c0c0dea600f4@www.********.com>
MIME-Version:
1.0
Received:
from nobody by vps.********.com with local (Exim 4.80)
(envelope-from <nobody@vps.********.com>)
id 1W5e9f-0008Ju-0p; Tue, 21 Jan 2014 11:26:23 -0500
Return-Path:
********
T To:
sord1992@gmail.com, sordinska@gmail.com, sorinsas60@gmail.com, sornpong24@gmail.com, sorokamail@mail.ru, sorrell116@bellsouth.net, sorrell116@yahoo.com, sory_mal@yahoo.com, soshanya@gmail.com, sosna345@gmail.com, soso09@ediffmail.com, sosumi02@gmail.com, soswalker@gmail.com, soubanpk@hotmail.com, sougatadas56@gmail.com, souhail40@gmail.com, souissihoucine12@yahoo.fr, soul_lich10@yahoo.com, SOUL010683@HOTMAIL.COM, soul100@hotmail.co.uk, soule990@aol.com, soulhealer12@hotmail.com, soulplayca@gmail.com, soulsanogo2007@yahoo.fr, soulsearch3r@gmail.com, ----SNIP - there are what appears to be hundreds more email address listed here...
X-Mailer:
vBulletin Mail via PHP
X-Priority:
3
-------------------
-------------------
vBulletin does not automatically generate such code. This seems malicious and should NOT be happening.

My server admin has told me the following:

Quote:
This indicates that there may have been a vBulletin webmaster account compromise. The last occurrence appears to be from Jan. 21. Unfortunately, the DSO PHP handler do not have logs so we cannot determine what component of vBulletin is at fault.
Any additional ideas on what could cause this and how to fix the issue so it never occurs again will be very much appreciated!

J.
Attached Images
File Type: png possible-spam.png (30.9 KB, 0 views)
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 05:13 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05285 seconds
  • Memory Usage 2,222KB
  • Queries Executed 12 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_attachment
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)showthread_list
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_threadedmode.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids_threaded
  • showthread_threaded_construct_link
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_attachment
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete