Home > FreeBSD General > vBulletin Forum Hack

vBulletin Forum Hack

December 27, 2009 Posted by KP

My vBulletin forum was hacked, the gate was vBseo according to this thread,

I always upgrade as soon as I receive their update email, later I realized vBSEO has two different versions for version 3.2.2?! Have you ever seen anything like this:

vBSEO 3.3.2
Release date: October 27, 2009
Last Updated: November 17, 2009

I upgraded to the first 3.3.2 but missed the second.

Anyway, I found the following changes:

  1. Two PHP files in attachments directory - backdoor, powerful web shell.
  2. Two gif files (PHP content) in attachments directory.
  3. Several .js files in clientscript. (I made some JS files global writable when moving server last time, very bad)
  4. Template change.

I probably missed something.

Two helpful find commands to locate files:
Search all files changed in the last 3 days:
> find . -mtime -3

After I found the malicious PHP file, use a unique string from it to search possible backup:
> find . -exec grep sometext {} \;

Bookmark and Share


Related Posts:

Filed Under: FreeBSD General

Leave a Comment









*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word


Subscribe via RSS/EMail


Categories

Archives

Links

  • Dedicated Servers

    • Meta