2011-08-19, 01:04 AM
Well, I was doing some cleaning around my forum and I happened to go into the Uploads folder to find a directory that looked suspicious "201108" and a file called mct.php which also looked suspicious. I opened mct.php in notepad++ and it seems to be a shell, here are the first couple of lines... I doubt anything that was from MyBB would look like this. If you'd like to see the whole file, I'll show it as well.
What should I do with this file? Well, obviously delete it, but how were they able to upload the shell file in the first place? Is it because my CHMOD settings are wrong on my Uploads folder? This really scared me... I've already experienced my forum being hacked twice and I don't want it to continue happening. Any help is much appreciated... I'm scared, lol.
<link rel="SHORTCUT ICON" href="http://dhanabadee.com/logo.png">
<center><img src="http://sidoarjocyber.freeforums.org/download/file.php?logo=Logo.png"/></p></center>
<title>Teguh Shell c0de </title>
What should I do with this file? Well, obviously delete it, but how were they able to upload the shell file in the first place? Is it because my CHMOD settings are wrong on my Uploads folder? This really scared me... I've already experienced my forum being hacked twice and I don't want it to continue happening. Any help is much appreciated... I'm scared, lol.