Hacking Updates?

**benFF** · 01-26-2012 02:41 PM

So are we going to get an update on this?

Now the infected file has been taken off the vBSEO site, there is no way for us members to analyse what could have happened - thus we are totally reliant on you guys.

It's been 2 days now and we still don't know what danger could be lurking... we know how the exploit was implemented, but not what damage could be done - and how..

Could we please get updated?

**Brian Cummiskey** · 01-26-2012 03:53 PM

Juan posted an update a while ago:
*vBSEO Security Bulletin* All Supported Versions: Patch Release

**Juan Muriente** · 01-26-2012 04:10 PM

Originally Posted by benFF

So are we going to get an update on this?

I'll be adding a third (and final) post to the FAQ's and then add all three as a new thread within the announcements forum. At the moment we are compiling a list of all the rogue plugins identified so far.

**fishguy** · 01-26-2012 04:11 PM

He is probably wondering the same thing I am?

I am guessing they did not do this to simply add some arbitrary plug-in via an IFrame.

What was the intent of the hack?

Gather passwords from members?

Create a mailing list for spamming / marketing by niche.

etc.

Is there any danger to the end users of all the communities affected?

Thanks...

**Alan_SP** · 01-26-2012 07:42 PM

Actually, this is the most important thing, what they did with these plugins and what we now have to do if we are hit (and many of us probably are)? I removed plugin manually, but what now? Is this enough?

**Andrés Durán Hewitt** · 01-26-2012 07:46 PM

@fishguy, all of those questions are going to be answered in the upcoming FAQ thread.

@Alan, if you've already removed the rogue plugins, be sure to run this tool as well (vbseo_checkpluings2.zip): *vBSEO Security Bulletin* All Supported Versions: Patch Release

You need to unzip it, upload the *.php file to your forum root directory, and run it from your web browser to clean up your datastore.

**Alan_SP** · 01-26-2012 07:47 PM

Yes, I ran both check plugins, everything was ok.

**Andrés Durán Hewitt** · 01-26-2012 07:53 PM

Then you should be all set now

If you still go through further issues on this, please do let us know. We'll be happy to assist

**faculty** · 01-26-2012 08:02 PM

Hello1. Runing VBSEO 3.62. Patched the abstract file as mentioned on the Announcement3. Ran the checkplugins2 file (nothing has shown up)4. Repaired datastore templateresult:I am still getting 61 emails per minute with the invalid SQL warning

atabase error in vBulletin 3.8.2:Invalid SQL:SELECT * FROM datastore WHERE title='pluginlist';MySQL Error :Error Number :Request Date : Thursday, January 26th 2012 @ 02:38:14 AMError Date : Thursday, January 26th 2012 @ 02:38:14 AM

**Brian Cummiskey** · 01-26-2012 08:16 PM

replied to your other post. please don't double post.

Hacking Updates?

LinkBack

Thread Tools

Display

Hacking Updates?

Similar Threads

Hacking attempt today

vBulletin 3.x Hacking Attempt Crippled vBSEO

Strange hacking attempt

Google hacking, did anyone experience this?

General Hacking and Debugging of vB

Posting Permissions