Hello, Someone is logging into my root shell and running this following shell script. I own a vbulletin forum. and here the db refers to vbulletin forum. what that script is doing can anyone help me please... #!/bin/sh /usr/bin/mysql -uda_admin -pdfdsdfds << EOF use my_db; #DELETE FROM vbst_thread WHERE threadid LIKE ''; #DELETE FROM vbst_post WHERE threadid LIKE ''; DELETE FROM vbst_thread WHERE threadid LIKE '3047479'; DELETE FROM vbst_thread WHERE threadid LIKE '3194553'; DELETE FROM vbst_thread WHERE threadid LIKE '3207876'; DELETE FROM vbst_thread WHERE threadid LIKE '3212833'; DELETE FROM vbst_thread WHERE threadid LIKE '3214260'; DELETE FROM vbst_thread WHERE threadid LIKE '3216631'; DELETE FROM vbst_thread WHERE threadid LIKE '3219639'; DELETE FROM vbst_thread WHERE threadid LIKE '3230081'; DELETE FROM vbst_thread WHERE threadid LIKE '3230081'; DELETE FROM vbst_thread WHERE threadid LIKE '3233699'; DELETE FROM vbst_thread WHERE threadid LIKE '3233894'; DELETE FROM vbst_thread WHERE threadid LIKE '3234395'; DELETE FROM vbst_thread WHERE threadid LIKE '3242128'; DELETE FROM vbst_thread WHERE threadid LIKE '3245435'; DELETE FROM vbst_thread WHERE threadid LIKE '3266711'; DELETE FROM vbst_thread WHERE threadid LIKE '3314495'; DELETE FROM vbst_thread WHERE threadid LIKE '3342872'; DELETE FROM vbst_thread WHERE threadid LIKE '3354466'; DELETE FROM vbst_post WHERE threadid LIKE '3047479'; DELETE FROM vbst_post WHERE threadid LIKE '3194553'; DELETE FROM vbst_post WHERE threadid LIKE '3207876'; DELETE FROM vbst_post WHERE threadid LIKE '3212833'; DELETE FROM vbst_post WHERE threadid LIKE '3214260'; DELETE FROM vbst_post WHERE threadid LIKE '3216631'; DELETE FROM vbst_post WHERE threadid LIKE '3219639'; DELETE FROM vbst_post WHERE threadid LIKE '3230081'; DELETE FROM vbst_post WHERE threadid LIKE '3230081'; DELETE FROM vbst_post WHERE threadid LIKE '3233699'; DELETE FROM vbst_post WHERE threadid LIKE '3233894'; DELETE FROM vbst_post WHERE threadid LIKE '3234395'; DELETE FROM vbst_post WHERE threadid LIKE '3242128'; DELETE FROM vbst_post WHERE threadid LIKE '3245435'; DELETE FROM vbst_post WHERE threadid LIKE '3266711'; DELETE FROM vbst_post WHERE threadid LIKE '3314495'; DELETE FROM vbst_post WHERE threadid LIKE '3342872'; DELETE FROM vbst_post WHERE threadid LIKE '3354466'; EOF Code (markup): waiting for your reply...
Where did you find that script? Did you investigate when it was created or uploaded to your server? It looks like a maintenance script to clean out (delete) certain threads and the posts belonging to these threads.
Be sure you have the last VB release. You may run a security audit of your system to check for any flaw. You could use Nessus for instance.