At approximately 3am GMT+0 on Feb 4th we discovered that we believe through an exploit in vBSEO there was a PHP drop-script (a script that doesn't trigger antivirus alerts, but is intended to execute malicious code on your server) placed in some of our modifications in the past 9 hours approx. (For those who run VBSEO you should follow the instructions here, if you have not done so already *vBSEO Security Bulletin* All Supported Versions: Patch Release - vBulletin SEO Forums). If you use vBSEO you should also clear your cookies.

The only people affected by this are people who downloaded the following modifications any time after 17:55 GMT+0 on Feb 3rd.:

  • vBShout 5.4.8, 6.0.0 or 6.0.1
  • vBOptimise 2.0.1, 2.3.0 or 3.0.0 beta
  • vBSlider 1.0.6 or 1.0.7
  • vBSecurity 1.0.1

Both Lite and Pro versions are affected.

The following files are NOT intended to be there and should be deleted immediately if found on your server:

  • dbtech/vbsecurity/hooks/index.php
  • dbtech/vbshout/hooks/index.php
  • dbtech/vbshout_pro/hooks/index.php
  • dbtech/vbslider/hooks/index.php
  • includes/xml/index.php
  • vb/cache/observer/index.php
  • vboptimise/images/index.php


If you have not received a PM/email from us we have NO reason to believe you have been affected, and this announcement is being made purely in the interests of completely open communication with our users/customers. Only 3 customers were potentially affected.


We apologise for the inconvenience

Discuss this news here.