I have Vbulletin 3.8.8 board installed on my server, now I upgraded it to the last verstion 3.8.9 Patch Level 1 and seems have a seriously problem with security on my forum.
Two days ago I found that hackers used a some backdoor in the Vbulletin 3.8.8 and uploaded to the /tmp directory of my forum the PHP exploit b374k. After it they got access to the SQL database, downloaded a whole SQL table and removed the attachment directory from the forum. I have a backup and restored the forum fast enough.
I have a question. Are developers know something about backdoor in Vbulletin 3.8.8 which allow to upload php files to the /tmp directory of the forum?
How to fix this problem?
Thanks.
Two days ago I found that hackers used a some backdoor in the Vbulletin 3.8.8 and uploaded to the /tmp directory of my forum the PHP exploit b374k. After it they got access to the SQL database, downloaded a whole SQL table and removed the attachment directory from the forum. I have a backup and restored the forum fast enough.
I have a question. Are developers know something about backdoor in Vbulletin 3.8.8 which allow to upload php files to the /tmp directory of the forum?
How to fix this problem?
Thanks.
Comment