Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
Reload this Page A phishing scam attack (phishing) on ​​your network
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 09-20-2020, 05:11 PM
efsaneclub00 efsaneclub00 is offline
 
Join Date: Oct 2018
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default A phishing scam attack (phishing) on ​​your network
<a href="http://www.efsaneclub.com" target="_blank">www.efsaneclub.com</a> We have detected a phishing attack on your network:

hxxps: // legend [.] com / grt / Excel / Excel / login.php? email = &. rand = 13vqcr8b solution
Reply With Quote
  #2  
Old 09-22-2020, 04:05 AM
efsaneclub00 efsaneclub00 is offline
 
Join Date: Oct 2018
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
no responders i guess vbulletin forums are now slowly being discontinued
Reply With Quote
  #3  
Old 09-22-2020, 09:39 AM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
You haven't given us enough information to know what you're talking about.

Who is the "we" who have detected a phishing attack on your network?

Does that file exist on your server? If so, delete it.
Reply With Quote
  #4  
Old 09-22-2020, 03:46 PM
efsaneclub00 efsaneclub00 is offline
 
Join Date: Oct 2018
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by In Omnibus View Post
You haven't given us enough information to know what you're talking about.

Who is the "we" who have detected a phishing attack on your network?

Does that file exist on your server? If so, delete it.



Hosting company that received such a mail
How do I delete this phishing.

Hello,

We have detected a phishing attack on your network:
hxxps: // legend [.] com / grt / Excel / Excel / login.php? email = &. rand = 13vqcr8bp0gklhiluhkjbvvghghjbud & lc = 1033 & id = 64835456135515 & mkt = en-us & cbcxt = mai & snsc = 1 [94.199.27]
hxxps: // legend [.] com / grt / Excel / Excel / index.php [94.199.200.27]
hxxps: // legend [.] com / grt / Excel / [94.199.200.27]
hxxps: // legend [.] com / grt / Excel / Excel / wait.php? l = _JeHFUq_VJOXK0QWHtoGYDw1774256418 & fid.13InboxLight.aspxn.1774256418 & fid.125289964252813 emailboxLight99642_Product-email
hxxps: // legend [.] com / grt / Excel / remove.php? l = _JeHFUq_VJOXK0QWHtoGYDw1774256418 & fid.13InboxLight.aspxn.1774256418 & fid.125289964252813InboxLight99642_Product-email [94t-email]
hxxps: // legend [.] com / grt / Excel / wait.php? l = _JeHFUq_VJOXK0QWHtoGYDw1774256418 & fid.13InboxLight.aspxn.1774256418 & fid.125289964252813InboxLight99642_Product-email]
hxxps: // legeneclub [.] com / grt / Excel / error.php? l = _JeHFUq_VJOXK0QWHtoGYDw1774256418 & fid.13InboxLight.aspxn.1774256418 & fid.125289964252813InboxLight99642_Product-email [94t-email]
hxxps: // legend [.] com / grt / Excel / login.php? l = _JeHFUq_VJOXK0QWHtoGYDw1774256418 & fid.13InboxLight.aspxn.1774256418 & fid.125289964252813InboxLight99642_Product-email [94t-email]
hxxps: // legend [.] com / grt / Excel / page.php? email = &. rand = 13vqcr8bp0gud & lc = 1033 & id = 64855 & mkt = en-us & cbcxt = mai & snsc = 1 [94.199.200.27]
hxxps: // legend [.] com / grt / Excel / Excel / remove.php? email = &. rand = 13vqcr8bp0gklhiluhkjbvvghghjbud & lc = 1033 & id = 64835456135515 & mkt = en-us & cbcxt = mai & snsc = 1 '% 20% 3E [94.199.200.27]
hxxps: // legend [.] com / grt / Excel / Excel / error.php? email = &. rand = 13vqcr8bp0gud & lc = 1033 & id = 64855 & mkt = en-us & cbcxt = mai & snsc = 1 [94.199.200.27]
hxxps: // legend [.] com / grt / Excel / Excel / page.php? email = &. rand = 13vqcr8bp0gud & lc = 1033 & id = 64855 & mkt = en-us & cbcxt = mai & snsc = 1 [94.199.200.27]

Best regards
Reply With Quote
  #5  
Old 09-22-2020, 07:10 PM
In Omnibus's Avatar
In Omnibus In Omnibus is offline
 
Join Date: Apr 2010
Location: Inside A Blade Server
Posts: 840
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
If it were me I would replace all of the files on my server with new ones.

You should also change your cPanel or Plesk password.

That could be from a modification or from a core security issue but there's no way of knowing.

There haven't been any reported vBulletin 4 security issues in quite some time so my guess is it's from a modification you either currently have or used to have.
Reply With Quote
  #6  
Old 09-23-2020, 03:31 AM
efsaneclub00 efsaneclub00 is offline
 
Join Date: Oct 2018
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by In Omnibus View Post
If it were me I would replace all of the files on my server with new ones.

You should also change your cPanel or Plesk password.

That could be from a modification or from a core security issue but there's no way of knowing.

There haven't been any reported vBulletin 4 security issues in quite some time so my guess is it's from a modification you either currently have or used to have.


How can I change all the files on the server, dear teacher?

--------------- Added [DATE]1600877678[/DATE] at [TIME]1600877678[/TIME] ---------------

Hi
Changing all the files on the server and making the forum from scratch is a lot better than closing it now that this happens. Thank you very much for your help.
Reply With Quote
  #7  
Old 11-01-2020, 01:08 PM
efsaneclub00 efsaneclub00 is offline
 
Join Date: Oct 2018
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Will anyone solve this problem and clean and install this form in return for the fee?
Reply With Quote
  #8  
Old 11-02-2020, 01:04 PM
yilmaz's Avatar
yilmaz yilmaz is offline
 
Join Date: Sep 2004
Posts: 751
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by efsaneclub00 View Post
Will anyone solve this problem and clean and install this form in return for the fee?
Solutions that come to my mind.

1. As it says phishing on login, it must be a malicious plugin associated with login.
2. The queue email sends 500 simultaneously, which most web hosts will perceive as an attack from your site.
3. I would delete all the products one by one with the files on FTP.
4. I would download the vBulletin compatible version and make an update.

Quote:
Aklıma gelen ??z?mler.

1. Girişte kimlik avı dediğine g?re, giriş ile alakalı k?t? ama?lı bir eklenti olmalı.
2. Kuyruk email aynı anda 500 g?nderiri, bunu ?oğu web host sağalyıcı sitenizden saldırı olarak algılar.
3. T?m ?r?nlerii tek tek FTP'de olan dosyaları ile bereber silerdim.
4. vBulletin uyumlu s?r?m?n? indirir bir g?ncelleme yapardım.
Reply With Quote
  #9  
Old 11-09-2020, 04:05 PM
efsaneclub00 efsaneclub00 is offline
 
Join Date: Oct 2018
Posts: 36
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
I wonder if there is anyone who can do this problem without any problems in return for a fee.
Reply With Quote
Благодарность от:
yilmaz
  #10  
Old 11-09-2020, 04:43 PM
yilmaz's Avatar
yilmaz yilmaz is offline
 
Join Date: Sep 2004
Posts: 751
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by efsaneclub00 View Post
I wonder if there is anyone who can do this problem without any problems in return for a fee.
I sent a private message.
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:21 PM.

Contact Us - Archive - Top

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04975 seconds
  • Memory Usage 2,258KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (5)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (1)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 
Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete