Announcement

Collapse
No announcement yet.

Several injects of index.php

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Several injects of index.php

    I have a site that has just had several injects of index.php in the following directories;

    ./
    index.php File not recognized as part of vBulletin
    Scanned 59 files
    ./admincp
    index.php File does not contain expected contents
    Scanned 16 files
    ./clientscript
    index.php File not recognized as part of vBulletin
    ./cpstyles
    index.php File not recognized as part of vBulletin
    ./modcp
    index.php File does not contain expected contents
    ./vb
    index.php File not recognized as part of vBulletin
    ./vb5
    index.php

    These same directories were clean yesterday. What happened? The only thing that happened on te server were several db errors.

    What else would cause this?

    Organizations must hire quality people — "If you hire stupid people, they are not going to get better over time," ~ Gordon Graham.

    vB Mods That Rock!

  • #2
    There are no index.php files in any of those folders by default. Did you physically delete the public_html folder and its contents entirely or did you just upgrade the existing files?

    Comment


    • #3
      I did neither. In the last 24hrs they just appeared in those folders. The only thing that occurred in 24 hours was the multiple database failures.
      Organizations must hire quality people — "If you hire stupid people, they are not going to get better over time," ~ Gordon Graham.

      vB Mods That Rock!

      Comment


      • #4
        These files are indicative of the exploit that we patched last week and released a security patch for. If your site is not running vBulletin 5.5.4 PL1 with a new set of files, it should really be considered insecure at this time.

        These files can also exist outside of /core/, which the file scanner does not check at this time. This is why I have repeatedly said to upload a new set of files into a new directory and to remove the old vBulletin directory.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud customization and demonstration site.
        vBulletin 5 Documentation - Updated every Friday. Report issues here.
        vBulletin 5 API - Full / Mobile
        I am not currently available for vB Messenger Chats.

        Comment


        • #5
          I am running with the patch, however I did not clean/new directory.

          Is it verified db's are in fact affected?
          Organizations must hire quality people — "If you hire stupid people, they are not going to get better over time," ~ Gordon Graham.

          vB Mods That Rock!

          Comment


          • #6
            Have not seen any databases affected. If you were exploited, your database may have been downloaded. You would have to look at your server logs.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud customization and demonstration site.
            vBulletin 5 Documentation - Updated every Friday. Report issues here.
            vBulletin 5 API - Full / Mobile
            I am not currently available for vB Messenger Chats.

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            X