MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Weird files in my Uploads folder including a shell file? HELP!
Full Version: Weird files in my Uploads folder including a shell file? HELP!
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Forum Source

2011-08-19, 01:04 AM
Well, I was doing some cleaning around my forum and I happened to go into the Uploads folder to find a directory that looked suspicious "201108" and a file called mct.php which also looked suspicious. I opened mct.php in notepad++ and it seems to be a shell, here are the first couple of lines... I doubt anything that was from MyBB would look like this. If you'd like to see the whole file, I'll show it as well.

<link rel="SHORTCUT ICON" href="http://dhanabadee.com/logo.png">

<center><img src="http://sidoarjocyber.freeforums.org/download/file.php?logo=Logo.png"/></p></center>

<title>Teguh Shell c0de </title>

What should I do with this file? Well, obviously delete it, but how were they able to upload the shell file in the first place? Is it because my CHMOD settings are wrong on my Uploads folder? This really scared me... I've already experienced my forum being hacked twice and I don't want it to continue happening. Any help is much appreciated... I'm scared, lol.

Nishimi

2011-08-19, 01:06 AM
First of all, the folder "201108" is just for attachments uploaded in August 2011.

Someone uploaded it as an attachment on your forum. Check out the attachment manager in the "Forums & Posts" tab in the Admin CP.

Forum Source

2011-08-19, 01:09 AM
(2011-08-19, 01:06 AM)NaXuh Wrote: [ -> ]First of all, the folder "201108" is just for attachments uploaded in August 2011.

Someone uploaded it as an attachment on your forum. Check out the attachment manager in the "Forums & Posts" tab in the Admin CP.

Oh, so the 201108 file is nothing, whew... But the mct.php file wasn't even in the 201108 directory.

Nathan Malcolm

2011-08-19, 02:10 AM
Even if it was uploaded as an attachment, it couldn't be directly executed. But given the file name, it wasn't uploaded as an attachment. Check server logs for suspicious activity. Might also be a good idea to change your ftp/control panel passwords.

Forum Source

2011-08-19, 02:17 AM
(2011-08-19, 02:10 AM)Malcolm. Wrote: [ -> ]Even if it was uploaded as an attachment, it couldn't be directly executed. But given the file name, it wasn't uploaded as an attachment. Check server logs for suspicious activity. Might also be a good idea to change your ftp/control panel passwords.

Will do, I'll create a new FTP account with a more complex password.

And since it wasn't uploaded as an attatchment it could be directly executed, right? By simply going to http://mydomain.com/Uploads/mct.php? Either way, it's deleted now, I juts want to make sure this doesn't happen again. Could this have been because Uploads is CHMODed to something it shouldn't be?
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Weird files in my Uploads folder including a shell file? HELP!