View Single Post
Old 30 Nov 2017, 17:37
CarolSEL CarolSEL is offline
Join Date: Aug 2010
Thanks Dave,
We're running on 4.2.4, and since the problem we previously had, have not reinstalled any but necessary (vB) plugins.
Host sent me back this reply (pretty much the same answer, but with specifics):
After reviewing the server and logs it appears that the compromise occurred completely within the VBulletin software and not through any form of malware on the site. This compromise was due to vulnerabilities of the End Of Life version of your software. I determined this by reviewing all access logs from that IP address as well as scanning the account for malware (finding 0 hits). I also scanned for standard CMS versions and this was the result.

==== End-Of-Life CMS Packages ====

vBulletin 4.2.1 /home/mydb
vBulletin /home/mydb/forums
vBulletin 4.2.4 /home/mydb/public_html/forums
vBulletin /home/mydb/public_html/moved pb html

The recommended course of action at this point it to fully update your live software while removing accessibility to any that are not being used at this time. Once updated I would also recommend searching for any sort of security based addon for that software that can help mitigate any future threats.
Aren't the older versions automatically overwritten with upgrades?
Reply With Quote