Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
Reload this Page Hacked a Bunch of Times c99madshell.php
FAQ Members List Calendar Search Today's Posts Mark Forums Read
  #1  
Old 11-26-2013, 09:10 PM
steve3402000's Avatar
steve3402000 steve3402000 is offline
 
Join Date: Nov 2004
Location: Detoilet
Posts: 107
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Hacked a Bunch of Times c99madshell.php
Apparently this is a quite sophisticated Trojan Horse. I actually found it by accident. Had no idea it was there. Anyone know how to get rid of it?

Steve
Reply With Quote
  #2  
Old 11-26-2013, 10:51 PM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Did you try google? First thread I saw - http://www.securelist.com/en/descriptions/old188613
Reply With Quote
Благодарность от:
tbworld
  #3  
Old 11-26-2013, 11:06 PM
steve3402000's Avatar
steve3402000 steve3402000 is offline
 
Join Date: Nov 2004
Location: Detoilet
Posts: 107
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Problem I have, is it was a plug in, I don't even know the files that are attached to it, and I am on a hosted Server. I see nothing in my directories.

Just weird, anyone else had this one?

Thanks Lynne

--------------- Added [DATE]1385511007[/DATE] at [TIME]1385511007[/TIME] ---------------

I made a php error log here are some errors I get, especially when I try to access phpmyadmin

This craps killin me, I am too busy at work for this lol



Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupmessage.php on line 261
Date: Tuesday 26th of November 2013 07:34:12 AM
Username: Unregistered
IP Address: 138.163.0.41

================================================== ===

Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupdiscussion.php on line 337
Date: Tuesday 26th of November 2013 07:34:12 AM
Username: Unregistered
IP Address: 138.163.0.41

================================================== ===

Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 09:05:56 AM
Username: Hitech
IP Address: 50.79.79.193

================================================== ===

Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 09:05:57 AM
Username: Hitech
IP Address: 50.79.79.193

================================================== ===

Warning: Only variables should be passed by reference in /editpost.php on line 323
Date: Tuesday 26th of November 2013 09:45:32 AM
Username: GlennAB1
IP Address: 76.251.228.156

================================================== ===

Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupmessage.php on line 261
Date: Tuesday 26th of November 2013 10:34:32 AM
Username: Unregistered
IP Address: 181.246.240.142

================================================== ===

Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupdiscussion.php on line 337
Date: Tuesday 26th of November 2013 10:34:33 AM
Username: Unregistered
IP Address: 181.246.240.142

================================================== ===

Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupmessage.php on line 261
Date: Tuesday 26th of November 2013 01:25:01 PM
Username: Unregistered
IP Address: 134.216.26.233

================================================== ===

Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupdiscussion.php on line 337
Date: Tuesday 26th of November 2013 01:25:01 PM
Username: Unregistered
IP Address: 134.216.26.233

================================================== ===

Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupmessage.php on line 261
Date: Tuesday 26th of November 2013 01:25:10 PM
Username: Unregistered
IP Address: 134.216.26.233

================================================== ===

Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupdiscussion.php on line 337
Date: Tuesday 26th of November 2013 01:25:10 PM
Username: Unregistered
IP Address: 134.216.26.233

================================================== ===

Warning: Declaration of vBForum_Item_SocialGroupMessage::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupmessage.php on line 261
Date: Tuesday 26th of November 2013 01:25:18 PM
Username: Unregistered
IP Address: 134.216.26.233

================================================== ===

Warning: Declaration of vBForum_Item_SocialGroupDiscussion::getLoadQuery() should be compatible with that of vB_Model::getLoadQuery() in /packages/vbforum/item/socialgroupdiscussion.php on line 337
Date: Tuesday 26th of November 2013 01:25:18 PM
Username: Unregistered
IP Address: 134.216.26.233

================================================== ===

Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 01:33:37 PM
Username: Steve340
IP Address: 70.209.17.110

================================================== ===

Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 01:42:34 PM
Username: Steve340
IP Address: 70.209.17.110

================================================== ===

Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 01:48:08 PM
Username: Steve340
IP Address: 70.209.17.110

================================================== ===

Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 02:44:44 PM
Username: Gonzo3333
IP Address: 98.213.198.34

================================================== ===

Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 03:16:31 PM
Username: Steve340
IP Address: 70.209.17.110

================================================== ===

Warning: Only variables should be passed by reference in /newreply.php on line 389
Date: Tuesday 26th of November 2013 03:20:44 PM
Username: Steve340
IP Address: 70.209.17.110

================================================== ===
Reply With Quote
  #4  
Old 11-27-2013, 04:43 AM
Lynne's Avatar
Lynne Lynne is offline
 
Join Date: Sep 2004
Location: California/Idaho
Posts: 41,180
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
If it's a plugin, then there is no need for a file. But, you should make sure there isn't some file they uploaded via the use of a plugin.

Those errors are just showing warnings. And, if they are using a script, then that doesn't mean it is generating any errors that would show up in an error_log. You really need to look at your access_logs to see if they are accessing any scripts on your server that you don't know about.
Reply With Quote
  #5  
Old 11-27-2013, 05:01 AM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
going by some of the warnings you are getting you have not put any fixes in yet for 4.2.2
Reply With Quote
  #6  
Old 11-27-2013, 08:27 AM
steve3402000's Avatar
steve3402000 steve3402000 is offline
 
Join Date: Nov 2004
Location: Detoilet
Posts: 107
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I did not know there were fixes for 4.2.2 I will check it out.

Thanks!

Steve
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 06:09 AM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04086 seconds
  • Memory Usage 2,216KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (1)post_thanks_box_bit
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete