After a bit of searching I have narrowed down the hack it belongs to. It was a rules and agreement hack (which I cannot find on vbulletin.org anymore for some reason and does not contain a link) that I used to make users agree to a set of rules before they uploaded a picture or joined in a roleplay. The script should only have executed on http://xxxxxx.com/gallery/uploadphoto.php
but I assume it was checking the database on every url to see if it matched one it had to trigger. I have now disabled the product and upon testing everything appears to now work as it should.
Is there going to be an easy way of coding in an agreement that users will need to accept the first time they attempt to upload a picture (but only the first time for each account) to the gallery?