urgent - shell script in subscriptions.php

Discussion in 'vBulletin' started by erkinov, Jul 27, 2010.

  1. #1
    hi there,

    there is a shell script in my admin control panel, which is subscriptions.php in admincp folder. I put this
    define('DISABLE_HOOKS', true);  
    Code (markup):
    code in config.php and all plugins are disable, when i checked subscriptions.php shell script was gone but i need that plugins and when i remove the code in config.php shell script coming back.

    So what shold i do? please help me
     
    erkinov, Jul 27, 2010 IP
  2. digitalpoint

    digitalpoint Overlord of no one Staff

    Messages:
    38,334
    Likes Received:
    2,613
    Best Answers:
    462
    Trophy Points:
    710
    Digital Goods:
    29
    #2
    Make sure your files are NOT writable by the web server user... it's a security risk, and the web server really should only need read access to the files anyway.

    Once you do that, you should be able to track down what code is inserting the malicious stuff. My guess is that it's within a plug-in itself since it came back only after you enabled your plug-ins.
     
    digitalpoint, Jul 27, 2010 IP