Hello,
I just updated my friends MyBB forum, the Firefox forum (
www.firefox.dajoob.com ), and would like to know how to remove the "defaced my Tz4r" on the index.php.
Thanks!
OK, I did that, but I can't find the access logs.
So, one question. What files do index.php and admin/forums.php request?
The hack involves a javascript overlay of the page, but the hacker has also appeared to change things in the admin cp such as the board url, which is now set to
http://www.free-hoster.cc/users/halis/ (just check the latest post links to confirm this).
The hack only seems to affect the index.php, so look in the index template for javascript. All javascript should be contained in the header_include template, so it should be easy to see the javascript that is causing this hack...
Remove this from the name/description of the Announcements forum:
Code:
<HTML><HEAD><TITLE>Tz4r wAs here</TITLE><BASE href=http://www.free-hoster.cc/users/halis/>
<META http-equiv=Content-Type content="text/html; charset=windows-1254">
<META content="MSHTML 6.00.2900.2604" name=GENERATOR></HEAD>
<BODY bgColor=#000000>
<DIV id=Layer1 style="BORDER-RIGHT: #000000 1px; BORDER-TOP: #000000 1px; Z-INDEX: 1; LEFT: 0px; BORDER-LEFT: #000000 1px; WIDTH: 1000px; BORDER-BOTTOM: #000000 1px; POSITION: absolute; TOP: 0px; HEIGHT: 1000px; BACKGROUND-COLOR: #000000; layer-background-color: #ccccc"><STRONG><FONT face=Verdana color=#777777 ><!DOCTYPE PUBLIC ?- W3C DTD HTML 4.01 Transitional EN?><BGSOUND src="assholesturkishboy_dosyalar/goth.wav" loop=5>
<SCRIPT language=JavaScript>
<!--
var current = 0
var x = 0
var y = 0
var speed = 100
var speed2 = 2000
function initArray(n) {
this.length = n;
for (var i =1; i <= n; i++) {
this[i] = ' '
}
}
typ = new initArray(5)
typ[0]="Tz4r"
typ[1]="in your live..."
function typnslide() {
var m = typ[current]
window.status = m.substring(0, x++)
if (x == m.length + 1) {
x = 0
setTimeout("typnslide2()", speed2)
}
else {
setTimeout("typnslide()", speed)
}
}
function typnslide2() {
var m = typ[current]
window.status = m.substring(m.length, y++)
if (y == m.length) {
y = 0
current++
if (current > typ.length - 1) {
current = 0
}
setTimeout("typnslide()", speed)
}
else{
setTimeout("typnslide2()", speed)
}
}
typnslide();
//-->
</SCRIPT>
<BR> <BR><BR>
<CENTER><IMG src="http://booger.ihatemyisp.net/booger.gif" border=none> <BR><BR><BR><BR><BR><BR><BR></FONT><FONT size=6><FONT face=Verdana color=#00ff00 ?- W3C DTD HTML 4.01 Transitional EN?>..:: Defaced By Tz4r ::..</FONT><FONT face=Verdana color=#777777 ><!DOCTYPE PUBLIC ?- W3C DTD HTML 4.01 Transitional EN?> <BR> </FONT></FONT>
<P><FONT face=Verdana color=#777777 size=6 ><!DOCTYPE PUBLIC ?- W3C DTD HTML 4.01 Transitional EN?><BR></FONT><FONT face=Verdana color=#777777 ><!DOCTYPE PUBLIC ?- W3C DTD HTML 4.01 Transitional EN?><FONT size=5><BR><BR><BR></FONT></FONT><FONT face=Verdana color=#a7a5a9 size=5 ><!DOCTYPE PUBLIC ?- W3C DTD HTML 4.01 Transitional EN?></FONT><BR><BR><BR><BR>
<MARQUEE><FONT face=Tahoma color=#ff0000 size=4><U></U><SPAN style="FONT-WEIGHT: 700; COLOR: #ffffff"><B><SPAN style="FONT-SIZE: 11pt; COLOR: red; FONT-FAMILY: 'Trebuchet MS'"> Tz4r wAs here</SPAN></B></SPAN></FONT></MARQUEE><BR><BR><% reponse.end()%></P></CENTER></STRONG></DIV></SCRIPT>
<SCRIPT language=JavaScript>
puchtit="]-[::AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE !::]-[";
letrero2="�.��.����`��._.��.��.����`��..�";
letrero1="�.��.����`��._.��.��.�����`��._.��.��.����";;ultimo1=letrero1.length-1;
ultimo2=letrero2.length-1;
tiempo=setTimeout("scroll()",.1);
function scroll()
{
aux1=letrero1.charAt(ultimo1-1);
letrero1=aux1+letrero1.substring(0,ultimo1-1);
aux2=letrero2.charAt(0);
letrero2=letrero2.substring(1,ultimo2+1)+aux2;
window.status="(" + letrero2 + puchtit + letrero1 + ")";
tiempo=setTimeout("scroll()",.1);
return true;
}
// -->
Yay! That worked DennisTT! Thanks!
Cool_Guy