Major security breach - please help?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • lowlight
    Senior Member
    • Mar 2001
    • 175

    Major security breach - please help?

    Hi, my readers have mentioned that when they visit the site from an outside source (such as google) they are forwarded to MyFileStore.com

    I tried it, and verified that this is happening.

    However, there are other issues with the server now:

    -Many admin functions do not work - the connection is reset by peer each time
    -This includes password resets, and logging into other software like wordpress
    -Even SSH is blocked. As soon as a username is entered, connection is reset

    Basically, I am locked out of the server itself.

    I am waiting on tech support to see if they can access the server. Is there a post I can look at so I can know what to look for once I get access? I noticed that this exploit has been happening for years... My software is pretty up to date (using the latest version of 3.8 and latest VBSEO) so this may be a new one, I'm not sure.

    A lot of people who have the "forward to MyFileStore" issue did not seem to get locked out of the server completely.
  • Mark.B
    vBulletin Support
    • Feb 2004
    • 24286
    • 6.0.X

    #2
    What is the URL to your site? is it the one associated with your license?
    MARK.B
    vBulletin Support
    ------------
    My Unofficial vBulletin 6.0.0 Demo: https://www.talknewsuk.com
    My Unofficial vBulletin Cloud Demo: https://www.adminammo.com

    Comment

    • BirdOPrey5
      Senior Member
      • Jul 2008
      • 9613
      • 5.6.3

      #3
      Resetting the datastore (disabling or enabling a product in Admin CP) clears the usual myfilestore infection. If you can't log into the Admin CP try uploading tools.php from the do_not_upload folder of the original vBulletin install package. Put it in your admincp directory and browse directly to it. There are options to rebuild the datastore. See if that helps.

      The problem will keep coming back though until the security exploit is fixed- make sure you have updated versions of all 3rd party plugins especially VBSEO.

      Comment

      • lowlight
        Senior Member
        • Mar 2001
        • 175

        #4
        Hi, I found a resource for the newest version of the attack here

        Attempting to regain access to my server so I can find the exploit and fix it.

        This seems to be a new version of an older attack, so I hope this helps other people

        Comment

        • 0ptima
          Senior Member
          • Jan 2002
          • 1557

          #5
          seems to be vbseo related

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...