No announcement yet.

Major security breach - please help?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Major security breach - please help?

    Hi, my readers have mentioned that when they visit the site from an outside source (such as google) they are forwarded to

    I tried it, and verified that this is happening.

    However, there are other issues with the server now:

    -Many admin functions do not work - the connection is reset by peer each time
    -This includes password resets, and logging into other software like wordpress
    -Even SSH is blocked. As soon as a username is entered, connection is reset

    Basically, I am locked out of the server itself.

    I am waiting on tech support to see if they can access the server. Is there a post I can look at so I can know what to look for once I get access? I noticed that this exploit has been happening for years... My software is pretty up to date (using the latest version of 3.8 and latest VBSEO) so this may be a new one, I'm not sure.

    A lot of people who have the "forward to MyFileStore" issue did not seem to get locked out of the server completely.

  • #2
    What is the URL to your site? is it the one associated with your license?

    TalkNewsUK - My vBulletin 5.5.4 Demo
    AdminAmmo - My Cloud Demo


    • #3
      Resetting the datastore (disabling or enabling a product in Admin CP) clears the usual myfilestore infection. If you can't log into the Admin CP try uploading tools.php from the do_not_upload folder of the original vBulletin install package. Put it in your admincp directory and browse directly to it. There are options to rebuild the datastore. See if that helps.

      The problem will keep coming back though until the security exploit is fixed- make sure you have updated versions of all 3rd party plugins especially VBSEO.


      • #4
        Hi, I found a resource for the newest version of the attack here

        Attempting to regain access to my server so I can find the exploit and fix it.

        This seems to be a new version of an older attack, so I hope this helps other people


        • #5
          seems to be vbseo related


          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.