منتدى استراحات زايد

This is my second time being hacked, so I would like to post some info here and solicit suggestions for the methods used and any other ideas.

The last time all .php and .html files had an exploit attached to the ends. This time only the index.php files and these were altered. Sorry about the graphic language - it isn't my doing. Also I truly recommend against checking that site - it runs some really tough Java exploits stuff that has been known to run some immediate info stealing activities, and is "sandbox" savvy.

/home/jintan/public_html/showthread.php

Quote:

/tmp/webalizer/index.html

Quote:

/www/admincp893893/index.php

Quote:

The initial error, and what continues even after cleaning the showthread.php file, is this:

Parse error: syntax error, unexpected ';', expecting T_VARIABLE or '$' in /home/jintan/public_html/showthread.php on line 354

Quote:
$vbulletin->userinfo['lastvisit'] = $tview;
}

$coventry = fetch_coventry('string');
$posts = $db->query_first("
SELECT MIN(postid) AS postid
FROM " . TABLE_PREFIX . "post
WHERE threadid = $threadinfo[threadid]
AND visible = 1
AND dateline > " . intval($vbulletin->userinfo['lastvisit']) . "
". ($coventry ? "AND userid NOT IN ($coventry)" : "") . "
LIMIT 1
");
Though that matches the same file stored in an older database.

After last time I disabled the Webalyzer, but that index.html file was still altered, although none of the stored .html files from when it was enabled before were altered this time.

Although this is not necessarily a vBulletin question, does anyone know a good method to run a string search of the entire database stored on the server? I can't see a method with FlashXP of the cPanel's own access options. Thanks. Tom

Edit - I see the wording is getting stepped on. The first **** is the "f" word, and the second group is "p ussy"