I have seen this before and we thought it was resolved. Then it happens again and again and again. I have the most current version of VB 4. I keep getting a file added to my root dir or admincp usually named a7*.html and the one today is statisticskJ9j.php. You can see a small snippet below. The first time I sent out 35,000 emails. I setup some alerts this time and stopped it after a few thousand. However I use a mail service and I pay for email. I did not want it on my server so I hosted it elsewhere. I do not want to pay for some a$$holes porn emails.
I have looked and I am the only admin. I just changed servers recently so all new server and db passwords. I have debated on wiping my forum dir and doing a fresh install and the other part of me is just thinking about dumping vb completely.
So I thought as a last resort I would see if anyone has had this exploit and what they did to resolve?
Thanks for the help!
I have looked and I am the only admin. I just changed servers recently so all new server and db passwords. I have debated on wiping my forum dir and doing a fresh install and the other part of me is just thinking about dumping vb completely.
So I thought as a last resort I would see if anyone has had this exploit and what they did to resolve?
Thanks for the help!
Code:
echo PHP_OS.chr(50).chr(48).'+'.md5(0987654321)."+$vb4a88417\n"; } } function ne667da76($v957b527b){ return preg_match("/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9 ]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/", $v957b527b); } function na73fa8bd($vb45cffe0, $v11a95b8a = 0, $v7fa1b685="=\r\n", $v92f21a0f = 0, $v3303c65a = false) { $vf5a8e923 = strlen($vb45cffe0);
Comment