Okay, my host emailled me today assuring it was nothing to do with the host

here is the fix:

Just to help out other forums in need (our forum threads end up high in google, so someone else might stumble across it with the same issue we had).

Vbulletin 3.54 and higher contains a html exploit. Malicious html code can be inserted in a thread title if the forum has not been patched with the following fix (note: Other versions haven't been tested yet).

Open up newthread.php
Find 'subject' => TYPE_STR,
Replace it with
'subject' => TYPE_NOHTML,

Top X stats also seems to contain an issue allowing a similar exploit. It does not filter out html from thread titles.

A fix can be found here.

Note that no real harm can be done to your server when someone used the above exploit.




source:


http://www.c4dportal.com/forum/showthread.php?t=560
Sp32 Reviewed by Sp32 on . Redirection hack - turkish hackers exploiting vbulletin Okay, my host emailled me today assuring it was nothing to do with the host here is the fix: Just to help out other forums in need (our forum threads end up high in google, so someone else might stumble across it with the same issue we had). Vbulletin 3.54 and higher contains a html exploit. Malicious html code can be inserted in a thread title if the forum has not been patched with the following fix (note: Other versions haven't been tested yet). Open up newthread.php Find Rating: 5