Today, we have had several support tickets in regards to defaced vBulletin forums. Upon investigation of the weblogs, we've determined that a vulnerability exists in FlashChat v4.5.7 (at least) that is being exploited. It appears that a securityfocus exploit was published for this on June 16.

Any customers that have FlashChat installed on their servers should verify that their copy is secure by contacting the vendor.

In addition to FlashChat, many sites running the TopXStats plugin have also been hacked today. If you are running either of these plugins you should disable and remove them immediately.

Fixes have been released on all of the relevant product sites, we'd like to reiterate that these were caused by third party modifications and stock vBulletin installations were not affected.