No announcement yet.

Site Exploited

  • Filter
  • Time
  • Show
Clear All
new posts

  • Site Exploited

    Okay, here is what I know right now and am learning more as I go.

    I run 3.7.2

    They uploaded a malicious file google.js which was sending people to a russian site.

    Then they uploaded two different files directly into the customavatar folder
    One of those was a program called adminer 2.3.1

    Screen shot:

    They also uploaded another file that I'm not sure what it does...
    it was ./customavatars/setting.php
    This one only has a password.

    I have removed all files but would like help in knowing where the vulnerabilities are!! I have removed the ability for people to upload custom avatars for the time being because I assume that is how this happened.


  • #2
    It looks like a gumblar attack. Change all the passwords and then check the server space for any suspicious files. Then upgrade your forum to the lastest version, be that of the 3x series or 4.0.3. And as last but not least contact your host and let them know about it so they can check their logs as well and see how they got in (in the chance that it is not a gumblar atatck), so the security issues can be patched up.


    • #3
      The vB3 series is now on 3.8.5 which means there have been several releases including various security fixes.

      Once you've rid your server of this, I'd suggest upgrading as soon as possible as well as following the steps here:
      Vote for:

      - *Admin Settable Paid Subscription Reminder Timeframe*
      *PM - Add ability to reply to originator only*
      - Add Admin ability to auto-subscribe users to specific channel(s)
      - "Quick Route" Interface...


      • #4
        If you run VBSEO then make sure that is up to date also. I had a similar hack and it was vbseo that was exploited.


        Related Topics