I saw in another thread - http://www.vbulletin.com/forum/forum...cp-login-pages - that you stated
So I was doing some looking around since I have been hacked several times even though I have followed the steps presented by VB staff. Though none of the steps provided to me contain what you stated in that thread. When I look at /customavatars/ it only lists index.html and a subfolder called thumbs - but under the thumbs folder there is a php file called gif.php
1. When you say that there should be no php files in there does that include all subfolders? therefore is gif.php a backdoor?
2. Can you list all the locations where vb uploads are made so that I can make sure no php files exist?
3. Are the index.html files valid?
4. /customgroupicons/thumbs contains the file banner.php - is this bad?
Please also be sure you checked your customavatar and olther folders that save uplaoded files, make sure there are no .php files in them, if there are they are likely backdoors. Check out this link for a good way to secure these folders- http://vbtechsupport.com/2355/10/
1. When you say that there should be no php files in there does that include all subfolders? therefore is gif.php a backdoor?
2. Can you list all the locations where vb uploads are made so that I can make sure no php files exist?
3. Are the index.html files valid?
4. /customgroupicons/thumbs contains the file banner.php - is this bad?
Comment