zaco.php sounds suspicious, you can always visit the zaco.php file in browser. if it comes up large interface with your folders and files and all on display then its 100% backdoor.
Iframe MYSQL Injection (http://centiyo.com/in.cgi?default)
Collapse
X
-
Just happened to a site of ours here, we are running 3.8.4pl1 and vBSEO 3.3.2 -- both the latest versions. Any other ideas?Comment
-
Was anyone else in here running the iPhone mobile skin on their site? I'm wondering if the associated PHP files that come with it could be the cause?Comment
-
If you have this problem you have vbseo installed, upgrade it immediately to 3.3.2 and to a search in your templates for centiyo.com and delete the iframe code.http://www.ironmagazine.com - blog
http://www.ironmagazineforums.com - forums
http://www.ironmaglabs.com - supplementsComment
-
3.3.2 was a patchreleased on November the 18th to fix a security loophole. Why you havent' updated yet is beyond me.
I literally applied it within minutes of getting the email.
Sounds like your own fault for not keeping on top of things.Comment
-
Comment
-
Hi all,
To clarify - patching/updating your vBSEO closes the hole, it doesn't scan your site for possible infections that got in through the hole.
Good practice - Check all of your world-writable directories (customavatars, customprofilepics etc) and ensure that the files that they contain are indeed images.
Best practice - Either don't use those directories at all, or come up with a way of making vB run a GD check or something against all 'image' uploads to confirm that they are images.My Live vB5 Site - NZEating.com
vBulletin Hosting | vBulletin Services - Need hosting for your vB? Need it installed? Something else? Let me take that hassle off your hands.Comment
-
yup, I had a couple of image files that were in those directories and not valid .gif files, they were timestamped the exact same.http://www.ironmagazine.com - blog
http://www.ironmagazineforums.com - forums
http://www.ironmaglabs.com - supplementsComment
-
Just another post reiterating what I posted. The site that it happened to us on is a new site, and as such, hasn't even been up before 3.3.2 was released. In other words, the site has had 3.3.2 from day 1, so the hole (if it exists) is either still there in vBSEO or something else is vulnerable.Comment
-
Found it on my site in my customprofilepics folder. I have the php file if anyone wants it to find out exactly what it's doing. For right now I will be turning off all options to upload pics/files.
The file was uploaded today, is there anyway I can find out what member did this????Comment
-
I had this issue this morning. Followed all the directions on this post. Finally found a iframe referenced in forum/clientscript/vbulletin_global.js.
I uploaded the a new copy and problem solved, so check that file if you're still having issues.Comment
-
http://www.ironmagazine.com - blog
http://www.ironmagazineforums.com - forums
http://www.ironmaglabs.com - supplementsComment
-
today i got this problem twice
i will upgrade vbseoComment
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Comment