The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Hacking attempt from user EvoDarrenshan
Subject: Hacking attempt from user EvoDarrenshan
Detail: I am not sure whom to report but since user EvoDarrenshan posted a paid request here on vbulletin.org and in response to that i showed him a demo and this all incident happend. I did show a demo for completed bitpay plugin and given admincp access to check it, but instead of checking user tried to use vbulletin exploit and uploaded 1 file and then several others to hack :- 1)newpost.php 2)logins.php 3)ms/index.php 4)ms/install.php 5)ms/dump_db.php He uses those file in attempt gain access to files/plugins/settings etc. in attempt to steal the products. I have full access detail logged on my server log and can provide on request for proof. ================================= How he done write those files on server???? "bbclosedreason" I have given restricted admincp access, and he updated the varname = "bbclosedreason" ... and eventually after that "newpost.php" was created on vb root, thus there may be some vulnerability in settings save.(some more to investigate) ================================= IP address involved are as : 81.111.250.39 104.238.169.63 192.99.148.171 86.61.38.78 84.81.39.117 5.153.234.58 31.168.172.142 108.61.122.65 159.122.133.213 103.59.29.123 104.238.169.64 23.101.61.176 40.78.146.128 User-Agents Involved:- Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/7.1.4 Safari/537.85.13 Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 So i request vbulletin admin to ban/remove such user from vbulletin.org and delete his posts, as he may cheat and scam other people too, using your site "vbulletin.org" by posting project request and so. Further i have notify cyber cell with full detail so to take legal action, and since that user is from Birkenhead, UK ... it may take some time to send him behind bars. Thanks. |
Thread Tools | |
Display Modes | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|