Tweet
I recently moved off the vBulletin platform, while I was tailing access log files I noticed something that didn't make sense. I started seeing a heavy dose of requests for a file called css.php in my old vBulletin installation directory. The requests for this file are happening all over the site.
Let me first say that my vBulletin installation has been hacked multiple times in the past, thus one of the many reasons I am moving on to a different forum software.
Has there been any recently hacking activity on VB4 that is targeting css.php?
Could the hack live somewhere else on the dedicated server? I have grep'd all the files on the server and can find no instance of css.php or the request in code.
Right now I am 301'ing all my requests to the new software, but that does not address the problem. Why is this file being called when vBulletin is long gone.
And yes, I have deleted every known cache file from local to cloudflare.
Let me first say that my vBulletin installation has been hacked multiple times in the past, thus one of the many reasons I am moving on to a different forum software.
Has there been any recently hacking activity on VB4 that is targeting css.php?
Could the hack live somewhere else on the dedicated server? I have grep'd all the files on the server and can find no instance of css.php or the request in code.
Right now I am 301'ing all my requests to the new software, but that does not address the problem. Why is this file being called when vBulletin is long gone.
And yes, I have deleted every known cache file from local to cloudflare.
Comment