Bug Hacking FileStore72

[Portekoi]

Hi,

I just notice that my website have been hacked with the FileStore72 redirection.

I've the last version of VBulletin (3.8.11)and DBSEO (2.0.42).

How can I clean my forum?

Thanks,

Portekoi

 

[Portekoi]

I've rename and had an htpasswd on the admin/mod folders. I hope it will be ok.

 

[Fillip H.]

This is not a bug in DragonByte SEO

The most important thing you need to do is look in your Plugin Manager in vBulletin for any suspicious plugins, most commonly ones simply named "vBulletin" and/or ones containing the word "base64".

 

[Portekoi]

I have only DragonByte SEO in my plugin list... I've remove the hack (temporally maybe) by changing the option in the `Use Remote YUI` options and had htpasswd.

 

[Fillip H.]

I have only DragonByte SEO in my plugin list...

That doesn't mean DBSEO was the culprit. If DBSEO was the culprit, wouldn't this forum be absolutely flooded by people being hacked this way, since the vast majority of our customers use DBSEO and do not use the same kind of protections you've applied?

 

[Portekoi]

Of course you right. I was just looking for a solution and I saw an email alert few days ago about partial xss hack so I've thunk it was that. Thanks for your help.

 

[Fillip H.]

That was for an entirely different mod, vBSecurity. Furthermore, that partial exploit could not possibly result in FileStore hacks because it doesn't give an attacker the ability to modify your database in any way

 

[DragonByte Technologies]

Hello @Portekoi,

We hope your ticket regarding DragonByte SEO has been addressed to your satisfaction. This ticket has now been closed.

If your ticket has not been resolved, you can reply to this thread at any point in the next 7 days in order to reopen the ticket, afterwards this thread will be closed.

Please do not reply to this thread if your ticket has been resolved.

Thank you.


- DragonByte Technologies, Ltd.