Forum Hacked

**TheNewOne** · Mon 6 Feb '12, 1:16pm

vb version you are using? a link to your site will help staff

**xhells21** · Mon 6 Feb '12, 2:17pm

Forum - Insanityflyff Forum Notification

http://forums.insanityflyff.com

Forum Description

vBulletin® Version 4.1.10

**IcEWoLF** · Mon 6 Feb '12, 4:10pm

I noticed you run vBSEO....
I would strongly suggest visiting this thread.

http://www.vbseo.com/f5/faqs-rogue-plugins-exploit-1-23-vbseo-patch-release-52862/

**xhells21** · Mon 6 Feb '12, 4:39pm

i am already running the latest patched version of vbseo as i purchased it on 31st january 2012 while the fix thing was released by them on 25th january 2012 so its not vbseo as far as i know

but who knows , maybe they not fully patched , in any case if this happens again and its cause of them i will go get my money back from this useless vbseo thing.

**Wayne Luke** · Mon 6 Feb '12, 9:07pm

Someone has access to your server in some way in order to upload files like this. The file in question is not a vBulletin file. You should delete all files listed as Not Part of vBulletin when you run the File Version Diagnostic at Maintenance -> Diagnostics in your Admin CP.

You would also need to delete the offending plugin that it installed to prevent being reinfected.

**Jake Bunce** · Mon 6 Feb '12, 9:28pm

Originally posted by xhells21

public_html/forums appear always a file called wso.php whitch is a shell of some script kiddie who keeps hacking into my forum

If he can upload files to your server then that means the server itself was likely compromised. You should contact your host about this. Hopefully they can identify the point of entry and take measures to fix it.

edit - too slow

**xhells21** · Tue 7 Feb '12, 12:58am

thanks a lot guys i have cleaned all the suspect files by deleting them and i have contacted my host but they clearly said it was a vulnerable script so i am hoping i got rid of any vulnerable scripts by uninstalling all outdated plugins

i will keep you guys inform of how your help actually helped me

thanks a lot all

**Maurd** · Tue 7 Feb '12, 2:16am

($vbulletin->options[''vsatopstats_enable_global''] AND !is_member_of($vbulletin->userinfo, explode('','', $vbulletin->options[''vsatopstats_excl_groups''])))\r\n {\r\n $vsacb_resnr = $vbulletin->input->clean_gpc(''r'', ''vsacb_resnr'', TYPE_UINT);\r\n if ($vsacb_resnr < 1)\r\n {\r\n $vsacb_resnr = intval($vbulletin->options[''vsatopstats_amount_more''])

May or not be relevant, but since that's included, I wouldn't rule out that plugin. "vsatopstats" seems to be this: http://www.vbulletin.org/forum/showthread.php?t=235841.

If I recall correctly, one of his mods had been exploited before, too.

**xhells21** · Tue 7 Feb '12, 3:13am

Originally posted by Maurd

May or not be relevant, but since that's included, I wouldn't rule out that plugin. "vsatopstats" seems to be this: http://www.vbulletin.org/forum/showthread.php?t=235841.

If I recall correctly, one of his mods had been exploited before, too.

thanks , i informed the coder of vsa about this

**EliasAlucard** · Fri 22 Feb '13, 12:32am

Originally posted by xhells21

Originally posted by Maurd

May or not be relevant, but since that's included, I wouldn't rule out that plugin. "vsatopstats" seems to be this: http://www.vbulletin.org/forum/showthread.php?t=235841. If I recall correctly, one of his mods had been exploited before, too.

thanks , i informed the coder of vsa about this

Did he respond to you? More importantly, did he patch it? My site was hacked recently too, and I also had the VSa - Advanced Forum Statistics. I've uninstalled it now just to be on the safe side.

vBulletin 4 End of Life

Forum Hacked

Forum Hacked

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment