MyBB Community Forums - I wasn't hacked, but beeing dumb

as i type this message, my forum is beeing hacked... i knew i shouldn't have updated to 1.6. .. oh maÄ%ÖL$$##'§%$""32432424nn...

i was chatting and someone told me, that "hihi" text appears for a short moment before showing the thread page...

picture1: the "hihi" are the first bytes of the page, BEFORE the doctype appears...

and a few MOMENTS later: picture 2
now it says "hihihi" .. so something is hacking my sh*t RIGHT NOW....

it seems that stuff only worked on the "show thread" page..
i checked the templates (doctype, headerinclude etc) and this "hihi" was NOWHERE in it ...

i quickly set my board to "closed" .. and now, the "hihi" or "hihihi" doesn't appear anymore.. so it seems they changed it back, even after i closed the board...

--
i can access today's http logs only by tomorrow, i will see what they did... F*CK .. and i thought 1.6 had outgrown at least the most basic exploits... oh darn, am i angry.

-UPDATE:
Problem solved, sorry for panicking too much, I was sure someone changed the live content of my pages... that pretty much turned off the better half of my brain -.-

It seems a plugin was the culprit, which managed to put out several instances of "hi" as a forgotten debug code. I don't know why it has never appeared before, but since i phyically squashed this thing now, everything seems good. the "hihi" output appears no more.

I changed the topic title to something more appropriate Blush

do you have html posting ON / html posting on chat box ??
we do not know any exploits on myBB latest versions !!

No offense but do you realise how many threads we get that say 1.6 has been hacked? Give it a quick search and you'll see how many. Then find me one which actually occurred because there is an exploit in the latest version of MyBB.

Answer: 0.

Do some research before you just blindly accuse the software. If you do have a valid proof of concept, then feel free to let us know by the contact form: http://www.mybb.com/contact - there are no current known exploits in 1.6.4.

Someone else was having the hihihi issue, it was a plugin. Don't remember which, though.

@Tomm M / frostschutz
Of course I searched for "hihi" and "hihihi" , result : 0

I haven't installed any plugin lately and it was pure incident that the "hihi" appeared at that moment when my icq chat partner told me so, because I was browsing my forum shortly before and never had such an output (not only today, but never never ...)
And I'd be honestly surprised if the plugins managed to create output before the doctype, but ok, I'm no plugin guru.

usually i install every update, but i still have 1.6.3. installed since the 1.6.4. claimed to fix no security related stuff.

btw: "blame" is nothing i'm looking for, i just need a hint how to protect my assets :ß

(2011-07-29, 11:49 AM)frostschutz Wrote: [ -> ]Someone else was having the hihihi issue, it was a plugin. Don't remember which, though.

http://community.mybb.com/thread-99915.html

Do you have this plugin (Signature Control) installed TStarGermany?

@faviouz: thx for pointing me there.
i know this plugin, i had it installed in the past, but deactivated it shortly after. let me do some more check on this.

update:
i have reactivated the plugin, and found this line in the source.

            if (in_array($post['usergroup'],$groups) == true) {
                echo "hi";
                $post['signature'] = $post['signature'];

- that pretty much looks like the culprit.
- yet i can't get it to display the "hi", even though the usergroup limitation settings applies to several of the posts in the threads which displayed the "hihi" and "hihihi".
- i will scratch the plugin physically now, revert the templates and edit the database manually concerning the active plugins.

Thank you for pointing me into this direction, I was pretty much panicking when I thought someone was changing the content of my pages "live".

@Tomm M: Sorry for the false alarm. When I got the varying output, I was sure someone was changing the content of my sites in live mode (and mistook the mulitple "hi" as "hihi" = laughter, thinking it was some hacker's way to express his joy), that definetely got me on the wrong foot.