dmoney101;573968 said:that's what we all wanna know
"Finally fixed it. The attacker has just took out the wot.php by injecting code to the startup plugin hook of vBulletin. I'm wondering how he could do that... Was it a vBulletin security breach? Or even he found an insecure code by me? It would be great if the attacker would tell me "
"Just a notice to all affected users - delete your /install/ directory!
The "hack" self is sitting in the Pluginsystem, a plugin called "vBulletin" in the "init_startup" hook.
Check also for a user "abdou" who has assigned the Administrators group."
blwwwwww
Find:
$newpost['htmlstate'] = array_pop($array = array_keys(fetch_htmlchecked($vbulletin->GPC['htmlstate'])));
Replace by:
$htmlstate = fetch_htmlchecked($vbulletin->GPC['htmlstate']); $array = array_keys($htmlstate); $newpost['htmlstate'] = array_pop($array);
define('SKIP_ALL_ERRORS', true);
We rarely get attacked these days. All thanks to the people working behind the scene.
We have a great group of men doing an incredible job
As fast as possible.Grow grow grow!!!!
You haven't joined any rooms.