View Single Post
  #1  
Old 20 Jul 2013, 04:34
jesus likes pie's Avatar
jesus likes pie jesus likes pie is offline
 
Join Date: Apr 2005
Very old version of this plugin

Hi, I have an expired vBulletin license and am stuck at 3.8.2.

My forum has been compromised a few times in the past 5 months. Nothing has been defaced but its obviously still worrying. The first time this happened, all of my .js files were edited to include some extra iframe/call or something (can't quite recall).

The second time, I remember index.php and global.php were both edited to have some sort of strange code added at the very top (before the vB copyright comment). I assume it was some sort of shell (!!).

I've researched the release notes for vB 3.8.3 - 3.8.7 as well as the bugs in their tracker website (forgot the name). It seems to me that vB 3.8.2 is itself safe. There was some sort of scary exploit regarding the FAQ but it seems to have only been for 3.8.6 - so I should be safe.

This means the exploit has to be caused by some plugin. It seems I'm running a very old version of ibProArcade: 2.6.5. Is this likely the cause of my problems? Can someone PM me details of how an attacker can compromise my site with this version of the arcade? (If you look at my vb.org history hopefully you'll see that I'm not trying to phish details in order to exploit other forums!).

Finally, in order to fix this, is it enough to turn the Arcade "OFF" in the Main settings and then disable the product through the ACP Product Manager? Or should I remove the .php file(s) associated with it as well? (Is it only arcade.php?)

Thanks!
Reply With Quote