vBulletin Sites – Warning against hacks

chris .

In September, vBulletin posted a warning about a potential exploit in vBulletin 4/5 with the /install folder.

Since then we have seen a number of vB sites hacked.
First and foremost we’d recommend that you remove your /install (v4) or /core/install (v5) folders using FTP if you haven’t done so already. If you are on an earlier version we’d also recommend deleting your install folder too.

Second – make sure you have backups of your site files and database at all times. This can either be done manually via FTP and phpmyadmin, or using our Onsite Backups (£7.50+VAT for Entry Level Packages, £15+VAT for Premium Cloud, Dedi priced on request).

Third – make sure you always have the latest version of vBulletin installed – as a vB client, you should get an email alert when a new version is available.

If your site does get hacked, vBulletin has a useful guide for fixing your site:


And a more detailed guide which requires some knowledge of using root/SSH access: