vBulletin Mods

The Official vBulletin Modifications Site
https://www.vbulletin.org/forum/showthread.php?t=315275

vBulletin hack with vblogin.php
by Muhammad Rahman
06 Nov 2014 08:42

cek this post : https://theadminzone.com/threads/vbu...2/#post-932481

Dave 06 Nov 2014 08:47

What is the question?

Muhammad Rahman 06 Nov 2014 08:53

Quote:

Originally Posted by Dave (Post 2521586)
What is the question?

only share information ..
hacker dump database .. cek my post at the admin zone

ozzy47 06 Nov 2014 10:30

Well the post is deleted or hidden there, so we know nothing.

Muhammad Rahman 06 Nov 2014 10:47

2 Attachment(s)
ok ..
this script vblogin.php


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

and this two attach msd.zip and msd1.zip

i hope someone can give explan how this script work..

ozzy47 06 Nov 2014 10:49

Well you may have been hacked somehow.

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site

Dave 06 Nov 2014 10:50

It's just a script which has some code copied from the real login.php file. After a successful login it redirect you to the admincp.

The second script is a database dumper.

Muhammad Rahman 06 Nov 2014 10:56

Quote:

Originally Posted by ozzy47 (Post 2521602)
Well you may have been hacked somehow.

Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked
http://www.vbulletin.com/forum/blogs...vbulletin-site

ok. thanks :)

Quote:

Originally Posted by Dave (Post 2521603)
It's just a script which has some code copied from the real login.php file. After a successful login it redirect you to the admincp.

The second script is a database dumper.

but how hacker can upload to server

ozzy47 06 Nov 2014 10:57

Quote:

Originally Posted by Muhammad Rahman (Post 2521604)
but how hacker can upload to server

Gonna be almost impossible to tell how they did it. Best thing to do is clean up everything, and secure the site/server.

Muhammad Rahman 06 Nov 2014 11:02

Quote:

Originally Posted by ozzy47 (Post 2521605)
Gonna be almost impossible to tell how they did it. Best thing to do is clean up everything, and secure the site/server.

hacker try to find config.php


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.

thanks for information :)

Dave 06 Nov 2014 11:20

It's hard to know how someone gained access to your server without having access to your vBulletin forum/logs.

Anything is possible such as: shared webhost breach, insecure vBulletin plugins, bad vBulletin configuration, other vulnerable software hosted on the server, etc.

You could start out by posting all of your plugins here.

Muhammad Rahman 06 Nov 2014 11:53

Quote:

Originally Posted by Dave (Post 2521607)
It's hard to know how someone gained access to your server without having access to your vBulletin forum/logs.

Anything is possible such as: shared webhost breach, insecure vBulletin plugins, bad vBulletin configuration, other vulnerable software hosted on the server, etc.

You could start out by posting all of your plugins here.

i contact my server, don`t have any log hack .. they said hack from script, not from sever attack

this my plugin
  1. Adam's Subscribed Thread Notifications
  2. Advanced Application Forms (INACTIVE)
  3. BT - Social Group Message Quote
  4. Change Posts Owner
  5. Chip2love.9xpro - Limit new thread/post per day
  6. First Post on all pages (INACTIVE)
  7. Forum Category Icons (Advanced)
  8. Forum Runner (INACTIVE)
  9. GeekyDesigns Default Avatar
  10. Global Threads: The Next Generation FREE by BOP5
  11. GlowHost - Spam-O-Matic
  12. Helpful Answers (INACTIVE)
  13. iTrader (INACTIVE)
  14. Limit Posts Per Day in Threads by BOP5
  15. Make Prefixes Clickable to Filter Forumdisplay
  16. Mark Thread As 'Sold'
  17. Minimum Post Count Required To Post Blog Entries
  18. Mod-Mall BB Code Spoiler
  19. More Share Options for VB4 by BOP5 Light (INACTIVE)
  20. Nested Quotes
  21. Advanced User Tagging (DBTech)
  22. DBSeo (DBTech) (INACTIVE)
  23. Panjo (INACTIVE)
  24. PB Usergroup Choice on Registration (INACTIVE)
  25. Ajax Point System
  26. PostRelease (INACTIVE)
  27. ProvB - Extra Threadfields
  28. Rotating Banner System
  29. Skimlinks Plugin (INACTIVE)
  30. Subscription Notification System
  31. Tapatalk (INACTIVE)
  32. Thread Participants - by rellect
  33. Threads Started by User in Postbit & Profile
  34. User Article Count (INACTIVE)
  35. Usergroup Allow HTML
  36. vBadvanced CMPS
  37. vBulletin Blog (INACTIVE)
  38. vBulletin CMS (INACTIVE)
  39. vFcoders - Ajax First Post Collapsable Hack (INACTIVE)
  40. View your Threads or Posts from the Navbar
  41. VSa - Sub-Forum Manager (INACTIVE)
  42. WS vBulletin Tweet Poster
  43. XenForo Style Avatars
  44. [OzzModz] Exclude Forums From Activity Stream (INACTIVE)

ozzy47 06 Nov 2014 11:56

Do you have anything listed under ACP --> Plugins & Products --> Plugin Manager in the group Product : vBulletin

Muhammad Rahman 06 Nov 2014 12:03

Quote:

Originally Posted by ozzy47 (Post 2521611)
Do you have anything listed under ACP --> Plugins & Products --> Plugin Manager in the group Product : vBulletin

yes.. only my custom mod


Block Disabled:      (Update License Status)  
Suspended or Unlicensed Members Cannot View Code.


Dave 06 Nov 2014 12:18

Check the FG, FGD, ghj and Lintas Agama Terbaru plugins because they have suspicious names which I never heard of. If unsure, post the contents of the plugins here.


All times are GMT. The time now is 09:58.

Powered by vBulletin® Version 3.8.14
Copyright © 2020, MH Sub I, LLC dba vBulletin. All Rights Reserved. vBulletin® is a registered trademark of MH Sub I, LLC
Copyright ©2001 - , vbulletin.org. All rights reserved.