Hacking attempt from user EvoDarrenshan

[indispensable]

Subject: Hacking attempt from user EvoDarrenshan

Detail: I am not sure whom to report but since user EvoDarrenshan posted a paid request here on vbulletin.org and in response to that i showed him a demo and this all incident happend.

I did show a demo for completed bitpay plugin and given admincp access to check it, but instead of checking user tried to use vbulletin exploit and uploaded 1 file and then several others to hack :-
1)newpost.php
2)logins.php
3)ms/index.php
4)ms/install.php
5)ms/dump_db.php


He uses those file in attempt gain access to files/plugins/settings etc. in attempt to steal the products. I have full access detail logged on my server log and can provide on request for proof.

=================================
How he done write those files on server????

"bbclosedreason"

I have given restricted admincp access, and he updated the varname = "bbclosedreason" ... and eventually after that "newpost.php" was created on vb root, thus there may be some vulnerability in settings save.(some more to investigate)
=================================

IP address involved are as :

81.111.250.39
104.238.169.63
192.99.148.171
86.61.38.78
84.81.39.117
5.153.234.58
31.168.172.142
108.61.122.65
159.122.133.213
103.59.29.123
104.238.169.64

23.101.61.176
40.78.146.128

User-Agents Involved:-

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Mozilla/5.0 (Windows NT 6.1; WOW64) SkypeUriPreview Preview/0.5
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.4.10 (KHTML, like Gecko) Version/7.1.4 Safari/537.85.13
Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36



So i request vbulletin admin to ban/remove such user from vbulletin.org and delete his posts, as he may cheat and scam other people too, using your site "vbulletin.org" by posting project request and so. Further i have notify cyber cell with full detail so to take legal action, and since that user is from Birkenhead, UK ... it may take some time to send him behind bars.


Thanks.

[Dave]

Thanks for the heads up. :up:

[socialteenz]

Very good job

[TheLastSuperman]

vBulletin.org nor it's staff takes sides or actions in disputes resulting from paid requests, we simply can't based on a number of factors. I will say that in my personal opinion however this seems very weird/odd/suspicious based on the statement provided and the fact actual proof might exist yet I cannot confirm nor deny any of this is true therefor neither should any of you respectively.

Closed until a senior staff member has time to review.

Edit: This has been reviewed by senior staff and as per all other disputes there is nothing we can do, we will not take sides nor can we - ever as we would then be siding with one or the other and we shouldn't! It's simply... how is it they put it - "How the cookie crumbles" so be sure to protect yourself when hiring someone to do a paid request OR when providing services or mods to those requesting paid services or mods respectively.