The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
C99madShell v. 2.0 madnet edition help requested
I've got the same problem as in this thread.
Server was secured, password changed, vB updated etc., when the site was compromised a few months ago, but just noticed that when I go to admincp > subscriptions I get the C99madShell v. 2.0 madnet edition screenshot as shown in the above thread. What I'm looking for is some advice on where to look for this malicious code i.e. which file/s. The page is obviously subscription.php, but that file is clean with no evals or base64. What other files/pages are called in here and how do I go about tracking down the location of the malicious code? (I have read the extensive threads and directions like this one and this one and this one, but that's not what I'm looking for) |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|