The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#11
|
|||
|
|||
Quote:
Also, i've searched the plugin manager. Everything seems to be normal. |
#12
|
||||
|
||||
As I said in post #2, you need to follow the links.
Please read the following two blog posts: http://www.vbulletin.com/forum/blogs...ve-been-hacked http://www.vbulletin.com/forum/blogs...vbulletin-site Also please see these recent security announcements: vBulletin 4.1.x-4.2.x & All versions of vBulletin 5: http://www.vbulletin.com/forum/forum...-1-vbulletin-5 vBulletin 5.0.x patch released, for a different security issue: http://www.vbulletin.com/forum/forum...d-all-versions Make sure you do not skip over any steps. |
#13
|
|||
|
|||
Quote:
|
#14
|
|||
|
|||
Without having access to your ACP and access logs, we don't know how the person accessed your ACP.
|
#15
|
||||
|
||||
There might, that is why you need to follow all the instructions in the blog posts, as well as ditch inferno.
|
#16
|
||||
|
||||
And if they are smart, they deleted this info.
|
#17
|
|||
|
|||
Is there a chance you can come on my teamviewer and have a look?
|
#18
|
||||
|
||||
Ahh one of the multiple admin, do import hackers - look for one or more shell scripts uploaded to your server. Sometimes in clientscript/ or /includes and be sure to check any sub-folders.
Are you running any nulled modifications? Inferno Shoutbox Revolutionized what's that? I'd submit a ticket and ask your hosting company to scan w/ whatever they have setup on their server be it Maldet (also referred to as Linux Malware Detect (LMD)) or similar but before warned some of these shell scripts are custom per site (depends on if you were worth their time) so Maldet and others do not always pick those up and the ONLY way to be sure is to go through all your folders by hand. *Some stuff will stick out like a sore thumb, same way they want to be pompous and instead if using legit names like Admin for the 5-6 spare accounts its always something cocky such as lolwut, lmao, amongst other names I've since long forgotten the point being most of its easily spotted (file names such as shell.php / sexy.php / lol.php and similar) but every so often they hide one or mores files very well w/ names that seem valid so be sure to use the Maintenance tools in admincp and do suspect files and other tips in the links Ozzy posted above. |
#19
|
||||
|
||||
TBH it don't matter now how they got in, you need to plug the holes. First off by following all the instructions in the blog posts, then upgrade to at least 4.2.2
|
#20
|
|||
|
|||
Alright, i'm going to back it up to yesterday and remove inferno shoutbox. Anything else?
|
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|