[hunter1985]

Hello my website appears to have security issues from using vBulletin 4.2.5, those javascript files appears to be needing updated or fixed before things gets worse

https://sitecheck.sucuri.net/results/apg-clan.org

[yilmaz]

Re-upload files in clientscript folder to ftp

[marikko]

I have the same issue. Somebody is altering files like /clientscript/vbulletin_md5.js
with some redirecting / malware code.

Any tipps on how to fix this? How can they even access my files?

I did reupload all the clientscript files and this fixes it, but one or two weeks later the malware stuff is back and the files were altered again by some hacker...

Already changed all passwords, added htaccess etc. but it does not help.

[Hostboard]

You really should re-upload ALL the vBulletin files, change all your passwords (vBulletin, hosting, FTP, etc.) Also check who belongs to the admin group and make sure no one is there that is not supposed to be.

[TheLastSuperman]

There is some code more than likely, hidden within one of your plugins or within a template, it may link out to something (that then renders the malicious code) making it harder to find.

Edit each of your plugins, then scroll down to the bottom, if you see a large gap in space or anything that looks like added code, paste it here for review.

You can use this guide:
https://forum.vbulletin.com/blogs/mi...vbulletin-site

There was also another guide by Zachery or Trevor I believe from back then, that is also relevant and useful but I couldn't locate the link, you may wish to search for that one (I believe it's a forum post versus a blog post etc). Edit: Found it - https://forum.vbulletin.com/blogs/za...ve-been-hacked