MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > 1.6.4 Security Vulnerability
Full Version: 1.6.4 Security Vulnerability
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10

eSVau

2011-10-14, 02:40 PM
(2011-10-14, 01:48 PM)Paul H. Wrote: [ -> ]I want to emphasize that everyone needs to check config.php. It's not verified by file verification and I found some pretty malicious/dangerous code in mine.

Be sure to entirely check config.php. Mine got modified too, hidden between 4000 empty lines Undecided

Paul H.

2011-10-14, 04:06 PM
(2011-10-14, 02:40 PM)eSVau Wrote: [ -> ]
(2011-10-14, 01:48 PM)Paul H. Wrote: [ -> ]I want to emphasize that everyone needs to check config.php. It's not verified by file verification and I found some pretty malicious/dangerous code in mine.

Be sure to entirely check config.php. Mine got modified too, hidden between 4000 empty lines Undecided

Yes, this happened with me too.

Ruby

2011-10-14, 04:11 PM
(2011-10-14, 01:48 PM)Paul H. Wrote: [ -> ]I want to emphasize that everyone needs to check config.php. It's not verified by file verification and I found some pretty malicious/dangerous code in mine.
Seems to be nearly the old one, but

$config['database']['type'] = 'mysql';
that's now: 
$config['database']['type'] = 'mysqli';


Nathan Malcolm

2011-10-14, 04:13 PM
That's nothing malicious. I'm using MySQLi.

Paul H.

2011-10-14, 04:17 PM
That's not malicious, it's just your database type.

Ruby

2011-10-14, 05:53 PM
Thanks to you both Wink

Well, I finally ran DiffMerge, comparing my just before downloaded forum with the downloaded original MyBB forum as adviced by Tomm in the first posting in this thread.

These are the results (I deleted in this logfile all identical and peerless files and the pathes to my compared folders): 

"Status","[...]\forums\","[..]\mybb_1604\Upload\"," 358 Identical / 373 Different / 1948 Files Without Peers / 182 Folders "

"Folders","admin\","admin\",""
"Folders","admin\backups\","admin\backups\",""
"Different","admin\backups\index.html","admin\backups\index.html",""
"Folders","admin\inc\","admin\inc\",""
"Different","admin\inc\class_form.php","admin\inc\class_form.php",""
"Different","admin\inc\class_page.php","admin\inc\class_page.php",""
"Different","admin\inc\class_table.php","admin\inc\class_table.php",""
"Different","admin\inc\functions.php","admin\inc\functions.php",""
"Different","admin\inc\functions_themes.php","admin\inc\functions_themes.php",""
"Different","admin\inc\functions_view_manager.php","admin\inc\functions_view_manager.php",""
"Different","admin\inc\index.html","admin\inc\index.html",""
"Different","admin\index.php","admin\index.php",""
"Folders","admin\jscripts\","admin\jscripts\",""
"Different","admin\jscripts\admincp.js","admin\jscripts\admincp.js",""
"Folders","admin\jscripts\codepress\","admin\jscripts\codepress\",""
"Different","admin\jscripts\codepress\codepress.html","admin\jscripts\codepress\codepress.html",""
"Different","admin\jscripts\codepress\codepress.js","admin\jscripts\codepress\codepress.js",""
"Folders","admin\jscripts\codepress\engines\","admin\jscripts\codepress\engines\",""
"Different","admin\jscripts\codepress\engines\gecko.js","admin\jscripts\codepress\engines\gecko.js",""
"Different","admin\jscripts\codepress\engines\msie.js","admin\jscripts\codepress\engines\msie.js",""
"Different","admin\jscripts\codepress\engines\opera.js","admin\jscripts\codepress\engines\opera.js",""
"Folders","admin\jscripts\codepress\images\","admin\jscripts\codepress\images\",""
"Folders","admin\jscripts\codepress\languages\","admin\jscripts\codepress\languages\",""
"Different","admin\jscripts\codepress\languages\autoit.js","admin\jscripts\codepress\languages\autoit.js",""
ss",""
"Different","admin\jscripts\codepress\languages\css.js","admin\jscripts\codepress\languages\css.js",""
"Different","admin\jscripts\codepress\languages\generic.js","admin\jscripts\codepress\languages\generic.js",""
"Different","admin\jscripts\codepress\languages\html.js","admin\jscripts\codepress\languages\html.js",""
"Different","admin\jscripts\codepress\languages\javascript.js","admin\jscripts\codepress\languages\javascript.js",""
"Different","admin\jscripts\codepress\languages\mybb.js","admin\jscripts\codepress\languages\mybb.js",""
"Different","admin\jscripts\codepress\languages\php.js","admin\jscripts\codepress\languages\php.js",""
"Different","admin\jscripts\codepress\languages\text.js","admin\jscripts\codepress\languages\text.js",""
"Different","admin\jscripts\imodal.js","admin\jscripts\imodal.js",""
"Different","admin\jscripts\index.html","admin\jscripts\index.html",""
"Different","admin\jscripts\mycode_sandbox.js","admin\jscripts\mycode_sandbox.js",""
"Different","admin\jscripts\peeker.js","admin\jscripts\peeker.js",""
"Different","admin\jscripts\quick_perm_editor.js","admin\jscripts\quick_perm_editor.js",""
"Different","admin\jscripts\tabs.js","admin\jscripts\tabs.js",""
"Different","admin\jscripts\themes.js","admin\jscripts\themes.js",""
"Different","admin\jscripts\users.js","admin\jscripts\users.js",""
"Different","admin\jscripts\view_manager.js","admin\jscripts\view_manager.js",""
"Folders","admin\modules\","admin\modules\",""
"Folders","admin\modules\config\","admin\modules\config\",""
"Different","admin\modules\config\attachment_types.php","admin\modules\config\attachment_types.php",""
"Different","admin\modules\config\badwords.php","admin\modules\config\badwords.php",""
"Different","admin\modules\config\banning.php","admin\modules\config\banning.php",""
"Different","admin\modules\config\calendars.php","admin\modules\config\calendars.php",""
"Different","admin\modules\config\help_documents.php","admin\modules\config\help_documents.php",""
"Different","admin\modules\config\index.html","admin\modules\config\index.html",""
"Different","admin\modules\config\languages.php","admin\modules\config\languages.php",""
"Different","admin\modules\config\mod_tools.php","admin\modules\config\mod_tools.php",""
"Different","admin\modules\config\module_meta.php","admin\modules\config\module_meta.php",""
"Different","admin\modules\config\mycode.php","admin\modules\config\mycode.php",""
"Different","admin\modules\config\plugins.php","admin\modules\config\plugins.php",""
"Different","admin\modules\config\post_icons.php","admin\modules\config\post_icons.php",""
"Different","admin\modules\config\profile_fields.php","admin\modules\config\profile_fields.php",""
"Different","admin\modules\config\settings.php","admin\modules\config\settings.php",""
"Different","admin\modules\config\smilies.php","admin\modules\config\smilies.php",""
"Different","admin\modules\config\spiders.php","admin\modules\config\spiders.php",""
"Different","admin\modules\config\thread_prefixes.php","admin\modules\config\thread_prefixes.php",""
"Different","admin\modules\config\warning.php","admin\modules\config\warning.php",""
"Folders","admin\modules\forum\","admin\modules\forum\",""
"Different","admin\modules\forum\announcements.php","admin\modules\forum\announcements.php",""
"Different","admin\modules\forum\attachments.php","admin\modules\forum\attachments.php",""
"Different","admin\modules\forum\index.html","admin\modules\forum\index.html",""
"Different","admin\modules\forum\management.php","admin\modules\forum\management.php",""
"Different","admin\modules\forum\moderation_queue.php","admin\modules\forum\moderation_queue.php",""
"Different","admin\modules\forum\module_meta.php","admin\modules\forum\module_meta.php",""
"Folders","admin\modules\home\","admin\modules\home\",""
"Different","admin\modules\home\credits.php","admin\modules\home\credits.php",""
"Different","admin\modules\home\index.html","admin\modules\home\index.html",""
"Different","admin\modules\home\index.php","admin\modules\home\index.php",""
"Different","admin\modules\home\module_meta.php","admin\modules\home\module_meta.php",""
"Different","admin\modules\home\preferences.php","admin\modules\home\preferences.php",""
"Different","admin\modules\home\version_check.php","admin\modules\home\version_check.php",""
"Different","admin\modules\index.html","admin\modules\index.html",""
"Folders","admin\modules\style\","admin\modules\style\",""
"Different","admin\modules\style\index.html","admin\modules\style\index.html",""
"Different","admin\modules\style\module_meta.php","admin\modules\style\module_meta.php",""
"Different","admin\modules\style\templates.php","admin\modules\style\templates.php",""
"Different","admin\modules\style\themes.php","admin\modules\style\themes.php",""
"Folders","admin\modules\tools\","admin\modules\tools\",""
"Different","admin\modules\tools\adminlog.php","admin\modules\tools\adminlog.php",""
"Different","admin\modules\tools\backupdb.php","admin\modules\tools\backupdb.php",""
"Different","admin\modules\tools\cache.php","admin\modules\tools\cache.php",""
"Different","admin\modules\tools\file_verification.php","admin\modules\tools\file_verification.php",""
"Different","admin\modules\tools\index.html","admin\modules\tools\index.html",""
"Different","admin\modules\tools\mailerrors.php","admin\modules\tools\mailerrors.php",""
"Different","admin\modules\tools\maillogs.php","admin\modules\tools\maillogs.php",""
"Different","admin\modules\tools\modlog.php","admin\modules\tools\modlog.php",""
"Different","admin\modules\tools\module_meta.php","admin\modules\tools\module_meta.php",""
"Different","admin\modules\tools\optimizedb.php","admin\modules\tools\optimizedb.php",""
"Different","admin\modules\tools\php_info.php","admin\modules\tools\php_info.php",""
"Different","admin\modules\tools\recount_rebuild.php","admin\modules\tools\recount_rebuild.php",""
"Different","admin\modules\tools\statistics.php","admin\modules\tools\statistics.php",""
"Different","admin\modules\tools\system_health.php","admin\modules\tools\system_health.php",""
"Different","admin\modules\tools\tasks.php","admin\modules\tools\tasks.php",""
"Different","admin\modules\tools\warninglog.php","admin\modules\tools\warninglog.php",""
"Folders","admin\modules\user\","admin\modules\user\",""
"Different","admin\modules\user\admin_permissions.php","admin\modules\user\admin_permissions.php",""
"Different","admin\modules\user\banning.php","admin\modules\user\banning.php",""
"Different","admin\modules\user\group_promotions.php","admin\modules\user\group_promotions.php",""
"Different","admin\modules\user\groups.php","admin\modules\user\groups.php",""
"Different","admin\modules\user\index.html","admin\modules\user\index.html",""
"Different","admin\modules\user\mass_mail.php","admin\modules\user\mass_mail.php",""
"Different","admin\modules\user\module_meta.php","admin\modules\user\module_meta.php",""
"Different","admin\modules\user\titles.php","admin\modules\user\titles.php",""
"Different","admin\modules\user\users.php","admin\modules\user\users.php",""
"Folders","admin\styles\","admin\styles\",""
"Folders","admin\styles\default\","admin\styles\default\",""
"Folders","admin\styles\default\images\","admin\styles\default\images\",""
"Folders","admin\styles\default\images\icons\","admin\styles\default\images\icons\",""
"Different","admin\styles\default\images\icons\index.html","admin\styles\default\images\icons\index.html",""
"Different","admin\styles\default\images\index.html","admin\styles\default\images\index.html",""
"Different","admin\styles\default\imodal.css","admin\styles\default\imodal.css",""
"Different","admin\styles\default\index.html","admin\styles\default\index.html",""
"Different","admin\styles\default\login.css","admin\styles\default\login.css",""
"Different","admin\styles\default\main.css","admin\styles\default\main.css",""
"Different","admin\styles\default\style.php","admin\styles\default\style.php",""
"Different","admin\styles\index.html","admin\styles\index.html",""
"Folders","admin\styles\sharepoint\","admin\styles\sharepoint\",""
"Folders","admin\styles\sharepoint\images\","admin\styles\sharepoint\images\",""
"Folders","admin\styles\sharepoint\images\icons\","admin\styles\sharepoint\images\icons\",""
"Different","admin\styles\sharepoint\images\icons\index.html","admin\styles\sharepoint\images\icons\index.html",""
"Different","admin\styles\sharepoint\images\index.html","admin\styles\sharepoint\images\index.html",""
"Different","admin\styles\sharepoint\index.html","admin\styles\sharepoint\index.html",""
"Different","admin\styles\sharepoint\main.css","admin\styles\sharepoint\main.css",""
"Different","admin\styles\sharepoint\style.php","admin\styles\sharepoint\style.php",""
"Different","announcements.php","announcements.php",""
"Folders","archive\","archive\",""
"Different","archive\global.php","archive\global.php",""
"Different","archive\index.php","archive\index.php",""
"Different","archive\print.css","archive\print.css",""
"Different","archive\screen.css","archive\screen.css",""
"Different","attachment.php","attachment.php",""
"Folders","cache\","cache\",""
"Different","cache\index.html","cache\index.html",""
"Folders","cache\themes\","cache\themes\",""
"Different","cache\themes\index.html","cache\themes\index.html",""
"Different","calendar.php","calendar.php",""
"Different","captcha.php","captcha.php",""
"Different","css.php","css.php",""
"Different","editpost.php","editpost.php",""
"Different","forumdisplay.php","forumdisplay.php",""
"Different","global.php","global.php",""
"Folders","images\","images\",""
"Folders","images\attachtypes\","images\attachtypes\",""
"Folders","images\avatars\","images\avatars\",""
"Folders","images\codebuttons\","images\codebuttons\",""
"Folders","images\english\","images\english\",""
"Folders","images\groupimages\","images\groupimages\",""
"Folders","images\groupimages\english\","images\groupimages\english\",""
"Folders","images\icons\","images\icons\",""
"Different","images\index.html","images\index.html",""
"Folders","images\modcp\","images\modcp\",""
"Folders","images\smilies\","images\smilies\",""
"Folders","images\toplinks\","images\toplinks\",""
"Folders","images\usercp\","images\usercp\",""
"Folders","inc\","inc\",""
"Folders","inc\3rdparty\","inc\3rdparty\",""
"Folders","inc\3rdparty\diff\","inc\3rdparty\diff\",""
"Different","inc\3rdparty\diff\Diff.php","inc\3rdparty\diff\Diff.php",""
"Different","inc\3rdparty\diff\Diff3.php","inc\3rdparty\diff\Diff3.php",""
"Folders","inc\3rdparty\diff\Diff\","inc\3rdparty\diff\Diff\",""
"Folders","inc\3rdparty\diff\Diff\Engine\","inc\3rdparty\diff\Diff\Engine\",""
"Different","inc\3rdparty\diff\Diff\Engine\index.html","inc\3rdparty\diff\Diff\Engine\index.html",""
"Different","inc\3rdparty\diff\Diff\Engine\native.php","inc\3rdparty\diff\Diff\Engine\native.php",""
"Different","inc\3rdparty\diff\Diff\Engine\shell.php","inc\3rdparty\diff\Diff\Engine\shell.php",""
"Different","inc\3rdparty\diff\Diff\Engine\string.php","inc\3rdparty\diff\Diff\Engine\string.php",""
"Different","inc\3rdparty\diff\Diff\Engine\xdiff.php","inc\3rdparty\diff\Diff\Engine\xdiff.php",""
"Different","inc\3rdparty\diff\Diff\index.html","inc\3rdparty\diff\Diff\index.html",""
"Different","inc\3rdparty\diff\Diff\Mapped.php","inc\3rdparty\diff\Diff\Mapped.php",""
"Different","inc\3rdparty\diff\Diff\Renderer.php","inc\3rdparty\diff\Diff\Renderer.php",""
"Folders","inc\3rdparty\diff\Diff\Renderer\","inc\3rdparty\diff\Diff\Renderer\",""
"Different","inc\3rdparty\diff\Diff\Renderer\index.html","inc\3rdparty\diff\Diff\Renderer\index.html",""
"Different","inc\3rdparty\diff\Diff\Renderer\inline.php","inc\3rdparty\diff\Diff\Renderer\inline.php",""
"Different","inc\3rdparty\diff\Diff\Renderer\unified.php","inc\3rdparty\diff\Diff\Renderer\unified.php",""
"Different","inc\3rdparty\diff\Diff\ThreeWay.php","inc\3rdparty\diff\Diff\ThreeWay.php",""
"Different","inc\3rdparty\diff\index.html","inc\3rdparty\diff\index.html",""
"Different","inc\3rdparty\index.html","inc\3rdparty\index.html",""
"Different","inc\adminfunctions_templates.php","inc\adminfunctions_templates.php",""
"Folders","inc\cachehandlers\","inc\cachehandlers\",""
"Different","inc\cachehandlers\disk.php","inc\cachehandlers\disk.php",""
"Different","inc\cachehandlers\eaccelerator.php","inc\cachehandlers\eaccelerator.php",""
"Different","inc\cachehandlers\index.html","inc\cachehandlers\index.html",""
"Different","inc\cachehandlers\memcache.php","inc\cachehandlers\memcache.php",""
"Different","inc\cachehandlers\xcache.php","inc\cachehandlers\xcache.php",""
"Folders","inc\captcha_fonts\","inc\captcha_fonts\",""
"Different","inc\captcha_fonts\index.html","inc\captcha_fonts\index.html",""
"Different","inc\captcha_fonts\read_me.html","inc\captcha_fonts\read_me.html",""
"Different","inc\class_bitwise.php","inc\class_bitwise.php",""
"Different","inc\class_core.php","inc\class_core.php",""
"Different","inc\class_custommoderation.php","inc\class_custommoderation.php",""
"Different","inc\class_datacache.php","inc\class_datacache.php",""
"Different","inc\class_error.php","inc\class_error.php",""
"Different","inc\class_feedgeneration.php","inc\class_feedgeneration.php",""
"Different","inc\class_feedparser.php","inc\class_feedparser.php",""
"Different","inc\class_graph.php","inc\class_graph.php",""
"Different","inc\class_language.php","inc\class_language.php",""
"Different","inc\class_mailhandler.php","inc\class_mailhandler.php",""
"Different","inc\class_moderation.php","inc\class_moderation.php",""
"Different","inc\class_parser.php","inc\class_parser.php",""
"Different","inc\class_plugins.php","inc\class_plugins.php",""
"Different","inc\class_session.php","inc\class_session.php",""
"Different","inc\class_templates.php","inc\class_templates.php",""
"Different","inc\class_timers.php","inc\class_timers.php",""
"Different","inc\class_xml.php","inc\class_xml.php",""
"Different","inc\datahandler.php","inc\datahandler.php",""
"Folders","inc\datahandlers\","inc\datahandlers\",""
"Different","inc\datahandlers\event.php","inc\datahandlers\event.php",""
"Different","inc\datahandlers\index.html","inc\datahandlers\index.html",""
"Different","inc\datahandlers\pm.php","inc\datahandlers\pm.php",""
"Different","inc\datahandlers\post.php","inc\datahandlers\post.php",""
"Different","inc\datahandlers\user.php","inc\datahandlers\user.php",""
"Different","inc\db_mysql.php","inc\db_mysql.php",""
"Different","inc\db_mysqli.php","inc\db_mysqli.php",""
"Different","inc\db_pdo.php","inc\db_pdo.php",""
"Different","inc\db_pgsql.php","inc\db_pgsql.php",""
"Different","inc\db_sqlite.php","inc\db_sqlite.php",""
"Different","inc\functions.php","inc\functions.php",""
"Different","inc\functions_archive.php","inc\functions_archive.php",""
"Different","inc\functions_calendar.php","inc\functions_calendar.php",""
"Different","inc\functions_compat.php","inc\functions_compat.php",""
"Different","inc\functions_forumlist.php","inc\functions_forumlist.php",""
"Different","inc\functions_image.php","inc\functions_image.php",""
"Different","inc\functions_indicators.php","inc\functions_indicators.php",""
"Different","inc\functions_massmail.php","inc\functions_massmail.php",""
"Different","inc\functions_modcp.php","inc\functions_modcp.php",""
"Different","inc\functions_online.php","inc\functions_online.php",""
"Different","inc\functions_post.php","inc\functions_post.php",""
"Different","inc\functions_posting.php","inc\functions_posting.php",""
"Different","inc\functions_rebuild.php","inc\functions_rebuild.php",""
"Different","inc\functions_search.php","inc\functions_search.php",""
"Different","inc\functions_serverstats.php","inc\functions_serverstats.php",""
"Different","inc\functions_task.php","inc\functions_task.php",""
"Different","inc\functions_time.php","inc\functions_time.php",""
"Different","inc\functions_upload.php","inc\functions_upload.php",""
"Different","inc\functions_user.php","inc\functions_user.php",""
"Different","inc\functions_warnings.php","inc\functions_warnings.php",""
"Different","inc\index.html","inc\index.html",""
"Different","inc\init.php","inc\init.php",""
"Folders","inc\languages\","inc\languages\",""
"Different","inc\languages\english.php","inc\languages\english.php",""
"Folders","inc\languages\english\","inc\languages\english\",""
"Folders","inc\languages\english\admin\","inc\languages\english\admin\",""
"Different","inc\languages\english\admin\config_attachment_types.lang.php","inc\languages\english\admin\config_attachment_types.lang.php",""
"Different","inc\languages\english\admin\config_badwords.lang.php","inc\languages\english\admin\config_badwords.lang.php",""
"Different","inc\languages\english\admin\config_banning.lang.php","inc\languages\english\admin\config_banning.lang.php",""
"Different","inc\languages\english\admin\config_calendars.lang.php","inc\languages\english\admin\config_calendars.lang.php",""
"Different","inc\languages\english\admin\config_help_documents.lang.php","inc\languages\english\admin\config_help_documents.lang.php",""
"Different","inc\languages\english\admin\config_languages.lang.php","inc\languages\english\admin\config_languages.lang.php",""
"Different","inc\languages\english\admin\config_mod_tools.lang.php","inc\languages\english\admin\config_mod_tools.lang.php",""
"Different","inc\languages\english\admin\config_module_meta.lang.php","inc\languages\english\admin\config_module_meta.lang.php",""
"Different","inc\languages\english\admin\config_mycode.lang.php","inc\languages\english\admin\config_mycode.lang.php",""
"Different","inc\languages\english\admin\config_plugins.lang.php","inc\languages\english\admin\config_plugins.lang.php",""
"Different","inc\languages\english\admin\config_post_icons.lang.php","inc\languages\english\admin\config_post_icons.lang.php",""
"Different","inc\languages\english\admin\config_profile_fields.lang.php","inc\languages\english\admin\config_profile_fields.lang.php",""
"Different","inc\languages\english\admin\config_settings.lang.php","inc\languages\english\admin\config_settings.lang.php",""
"Different","inc\languages\english\admin\config_smilies.lang.php","inc\languages\english\admin\config_smilies.lang.php",""
"Different","inc\languages\english\admin\config_spiders.lang.php","inc\languages\english\admin\config_spiders.lang.php",""
"Different","inc\languages\english\admin\config_thread_prefixes.lang.php","inc\languages\english\admin\config_thread_prefixes.lang.php",""
"Different","inc\languages\english\admin\config_warning.lang.php","inc\languages\english\admin\config_warning.lang.php",""
"Different","inc\languages\english\admin\forum_akismet.lang.php","inc\languages\english\admin\forum_akismet.lang.php",""
"Different","inc\languages\english\admin\forum_announcements.lang.php","inc\languages\english\admin\forum_announcements.lang.php",""
"Different","inc\languages\english\admin\forum_attachments.lang.php","inc\languages\english\admin\forum_attachments.lang.php",""
"Different","inc\languages\english\admin\forum_management.lang.php","inc\languages\english\admin\forum_management.lang.php",""
"Different","inc\languages\english\admin\forum_moderation_queue.lang.php","inc\languages\english\admin\forum_moderation_queue.lang.php",""
"Different","inc\languages\english\admin\forum_module_meta.lang.php","inc\languages\english\admin\forum_module_meta.lang.php",""
"Different","inc\languages\english\admin\global.lang.php","inc\languages\english\admin\global.lang.php",""
"Different","inc\languages\english\admin\home_credits.lang.php","inc\languages\english\admin\home_credits.lang.php",""
"Different","inc\languages\english\admin\home_dashboard.lang.php","inc\languages\english\admin\home_dashboard.lang.php",""
"Different","inc\languages\english\admin\home_module_meta.lang.php","inc\languages\english\admin\home_module_meta.lang.php",""
"Different","inc\languages\english\admin\home_preferences.lang.php","inc\languages\english\admin\home_preferences.lang.php",""
"Different","inc\languages\english\admin\home_version_check.lang.php","inc\languages\english\admin\home_version_check.lang.php",""
"Different","inc\languages\english\admin\index.html","inc\languages\english\admin\index.html",""
"Different","inc\languages\english\admin\style_module_meta.lang.php","inc\languages\english\admin\style_module_meta.lang.php",""
"Different","inc\languages\english\admin\style_templates.lang.php","inc\languages\english\admin\style_templates.lang.php",""
"Different","inc\languages\english\admin\style_themes.lang.php","inc\languages\english\admin\style_themes.lang.php",""
"Different","inc\languages\english\admin\tools_adminlog.lang.php","inc\languages\english\admin\tools_adminlog.lang.php",""
"Different","inc\languages\english\admin\tools_backupdb.lang.php","inc\languages\english\admin\tools_backupdb.lang.php",""
"Different","inc\languages\english\admin\tools_cache.lang.php","inc\languages\english\admin\tools_cache.lang.php",""
"Different","inc\languages\english\admin\tools_file_verification.lang.php","inc\languages\english\admin\tools_file_verification.lang.php",""
"Different","inc\languages\english\admin\tools_mailerrors.lang.php","inc\languages\english\admin\tools_mailerrors.lang.php",""
"Different","inc\languages\english\admin\tools_maillogs.lang.php","inc\languages\english\admin\tools_maillogs.lang.php",""
"Different","inc\languages\english\admin\tools_modlog.lang.php","inc\languages\english\admin\tools_modlog.lang.php",""
"Different","inc\languages\english\admin\tools_module_meta.lang.php","inc\languages\english\admin\tools_module_meta.lang.php",""
"Different","inc\languages\english\admin\tools_optimizedb.lang.php","inc\languages\english\admin\tools_optimizedb.lang.php",""
"Different","inc\languages\english\admin\tools_php_info.lang.php","inc\languages\english\admin\tools_php_info.lang.php",""
"Different","inc\languages\english\admin\tools_recount_rebuild.lang.php","inc\languages\english\admin\tools_recount_rebuild.lang.php",""
"Different","inc\languages\english\admin\tools_statistics.lang.php","inc\languages\english\admin\tools_statistics.lang.php",""
"Different","inc\languages\english\admin\tools_system_health.lang.php","inc\languages\english\admin\tools_system_health.lang.php",""
"Different","inc\languages\english\admin\tools_tasks.lang.php","inc\languages\english\admin\tools_tasks.lang.php",""
"Different","inc\languages\english\admin\tools_warninglog.lang.php","inc\languages\english\admin\tools_warninglog.lang.php",""
"Different","inc\languages\english\admin\user_admin_permissions.lang.php","inc\languages\english\admin\user_admin_permissions.lang.php",""
"Different","inc\languages\english\admin\user_banning.lang.php","inc\languages\english\admin\user_banning.lang.php",""
"Different","inc\languages\english\admin\user_group_promotions.lang.php","inc\languages\english\admin\user_group_promotions.lang.php",""
"Different","inc\languages\english\admin\user_groups.lang.php","inc\languages\english\admin\user_groups.lang.php",""
"Different","inc\languages\english\admin\user_mass_mail.lang.php","inc\languages\english\admin\user_mass_mail.lang.php",""
"Different","inc\languages\english\admin\user_module_meta.lang.php","inc\languages\english\admin\user_module_meta.lang.php",""
"Different","inc\languages\english\admin\user_titles.lang.php","inc\languages\english\admin\user_titles.lang.php",""
"Different","inc\languages\english\admin\user_users.lang.php","inc\languages\english\admin\user_users.lang.php",""
"Different","inc\languages\english\akismet.lang.php","inc\languages\english\akismet.lang.php",""
"Different","inc\languages\english\announcements.lang.php","inc\languages\english\announcements.lang.php",""
"Different","inc\languages\english\archive.lang.php","inc\languages\english\archive.lang.php",""
"Different","inc\languages\english\calendar.lang.php","inc\languages\english\calendar.lang.php",""
"Different","inc\languages\english\customhelpdocs.lang.php","inc\languages\english\customhelpdocs.lang.php",""
"Different","inc\languages\english\customhelpsections.lang.php","inc\languages\english\customhelpsections.lang.php",""
"Different","inc\languages\english\datahandler_event.lang.php","inc\languages\english\datahandler_event.lang.php",""
"Different","inc\languages\english\datahandler_pm.lang.php","inc\languages\english\datahandler_pm.lang.php",""
"Different","inc\languages\english\datahandler_post.lang.php","inc\languages\english\datahandler_post.lang.php",""
"Different","inc\languages\english\datahandler_user.lang.php","inc\languages\english\datahandler_user.lang.php",""
"Different","inc\languages\english\editpost.lang.php","inc\languages\english\editpost.lang.php",""
"Different","inc\languages\english\forumdisplay.lang.php","inc\languages\english\forumdisplay.lang.php",""
"Different","inc\languages\english\global.lang.php","inc\languages\english\global.lang.php",""
"Different","inc\languages\english\helpdocs.lang.php","inc\languages\english\helpdocs.lang.php",""
"Different","inc\languages\english\helpsections.lang.php","inc\languages\english\helpsections.lang.php",""
"Different","inc\languages\english\index.html","inc\languages\english\index.html",""
"Different","inc\languages\english\index.lang.php","inc\languages\english\index.lang.php",""
"Different","inc\languages\english\mailhandler.lang.php","inc\languages\english\mailhandler.lang.php",""
"Different","inc\languages\english\managegroup.lang.php","inc\languages\english\managegroup.lang.php",""
"Different","inc\languages\english\member.lang.php","inc\languages\english\member.lang.php",""
"Different","inc\languages\english\memberlist.lang.php","inc\languages\english\memberlist.lang.php",""
"Different","inc\languages\english\messages.lang.php","inc\languages\english\messages.lang.php",""
"Different","inc\languages\english\misc.lang.php","inc\languages\english\misc.lang.php",""
"Different","inc\languages\english\modcp.lang.php","inc\languages\english\modcp.lang.php",""
"Different","inc\languages\english\moderation.lang.php","inc\languages\english\moderation.lang.php",""
"Different","inc\languages\english\newreply.lang.php","inc\languages\english\newreply.lang.php",""
"Different","inc\languages\english\newthread.lang.php","inc\languages\english\newthread.lang.php",""
"Different","inc\languages\english\online.lang.php","inc\languages\english\online.lang.php",""
"Different","inc\languages\english\polls.lang.php","inc\languages\english\polls.lang.php",""
"Different","inc\languages\english\portal.lang.php","inc\languages\english\portal.lang.php",""
"Different","inc\languages\english\printthread.lang.php","inc\languages\english\printthread.lang.php",""
"Different","inc\languages\english\private.lang.php","inc\languages\english\private.lang.php",""
"Different","inc\languages\english\ratethread.lang.php","inc\languages\english\ratethread.lang.php",""
"Different","inc\languages\english\report.lang.php","inc\languages\english\report.lang.php",""
"Different","inc\languages\english\reputation.lang.php","inc\languages\english\reputation.lang.php",""
"Different","inc\languages\english\search.lang.php","inc\languages\english\search.lang.php",""
"Different","inc\languages\english\sendthread.lang.php","inc\languages\english\sendthread.lang.php",""
"Different","inc\languages\english\showteam.lang.php","inc\languages\english\showteam.lang.php",""
"Different","inc\languages\english\showthread.lang.php","inc\languages\english\showthread.lang.php",""
"Different","inc\languages\english\stats.lang.php","inc\languages\english\stats.lang.php",""
"Different","inc\languages\english\syndication.lang.php","inc\languages\english\syndication.lang.php",""
"Different","inc\languages\english\usercp.lang.php","inc\languages\english\usercp.lang.php",""
"Different","inc\languages\english\usercpnav.lang.php","inc\languages\english\usercpnav.lang.php",""
"Different","inc\languages\english\warnings.lang.php","inc\languages\english\warnings.lang.php",""
"Different","inc\languages\english\xmlhttp.lang.php","inc\languages\english\xmlhttp.lang.php",""
"Different","inc\languages\index.html","inc\languages\index.html",""
"Folders","inc\mailhandlers\","inc\mailhandlers\",""
"Different","inc\mailhandlers\index.html","inc\mailhandlers\index.html",""
"Different","inc\mailhandlers\php.php","inc\mailhandlers\php.php",""
"Different","inc\mailhandlers\smtp.php","inc\mailhandlers\smtp.php",""
"Different","inc\mybb_group.php","inc\mybb_group.php",""
"Folders","inc\plugins\","inc\plugins\",""
"Different","inc\plugins\akismet.php","inc\plugins\akismet.php",""
"Different","inc\plugins\hello.php","inc\plugins\hello.php",""
"Different","inc\plugins\index.html","inc\plugins\index.html",""
"Different","inc\settings.php","inc\settings.php",""
"Folders","inc\tasks\","inc\tasks\",""
"Different","inc\tasks\backupdb.php","inc\tasks\backupdb.php",""
"Different","inc\tasks\checktables.php","inc\tasks\checktables.php",""
"Different","inc\tasks\dailycleanup.php","inc\tasks\dailycleanup.php",""
"Different","inc\tasks\delayedmoderation.php","inc\tasks\delayedmoderation.php",""
"Different","inc\tasks\hourlycleanup.php","inc\tasks\hourlycleanup.php",""
"Different","inc\tasks\index.html","inc\tasks\index.html",""
"Different","inc\tasks\logcleanup.php","inc\tasks\logcleanup.php",""
"Different","inc\tasks\massmail.php","inc\tasks\massmail.php",""
"Different","inc\tasks\promotions.php","inc\tasks\promotions.php",""
"Different","inc\tasks\threadviews.php","inc\tasks\threadviews.php",""
"Different","inc\tasks\usercleanup.php","inc\tasks\usercleanup.php",""
"Different","inc\tasks\userpruning.php","inc\tasks\userpruning.php",""
"Different","index.php","index.php",""
"Folders","jscripts\","jscripts\",""
"Different","jscripts\autocomplete.js","jscripts\autocomplete.js",""
"Different","jscripts\captcha.js","jscripts\captcha.js",""
"Different","jscripts\controls.js","jscripts\controls.js",""
"Different","jscripts\dragdrop.js","jscripts\dragdrop.js",""
"Different","jscripts\editor.js","jscripts\editor.js",""
"Folders","jscripts\editor_themes\","jscripts\editor_themes\",""
"Folders","jscripts\editor_themes\default\","jscripts\editor_themes\default\",""
"Folders","jscripts\editor_themes\default\images\","jscripts\editor_themes\default\images\",""
"Different","jscripts\editor_themes\default\images\index.html","jscripts\editor_themes\default\images\index.html",""
"Different","jscripts\editor_themes\default\index.html","jscripts\editor_themes\default\index.html",""
"Different","jscripts\editor_themes\default\stylesheet.css","jscripts\editor_themes\default\stylesheet.css",""
"Different","jscripts\editor_themes\index.html","jscripts\editor_themes\index.html",""
"Folders","jscripts\editor_themes\Office_2007\","jscripts\editor_themes\Office_2007\",""
"Folders","jscripts\editor_themes\Office_2007\images\","jscripts\editor_themes\Office_2007\images\",""
"Different","jscripts\editor_themes\Office_2007\images\index.html","jscripts\editor_themes\Office_2007\images\index.html",""
"Different","jscripts\effects.js","jscripts\effects.js",""
"Different","jscripts\general.js","jscripts\general.js",""
"Different","jscripts\index.html","jscripts\index.html",""
"Different","jscripts\inline_edit.js","jscripts\inline_edit.js",""
"Different","jscripts\inline_moderation.js","jscripts\inline_moderation.js",""
"Different","jscripts\popup_menu.js","jscripts\popup_menu.js",""
"Different","jscripts\post.js","jscripts\post.js",""
"Different","jscripts\prototype.js","jscripts\prototype.js",""
"Different","jscripts\rating.js","jscripts\rating.js",""
"Different","jscripts\scriptaculous.js","jscripts\scriptaculous.js",""
"Different","jscripts\slider.js","jscripts\slider.js",""
"Different","jscripts\thread.js","jscripts\thread.js",""
"Different","jscripts\usercp.js","jscripts\usercp.js",""
"Different","jscripts\validator.js","jscripts\validator.js",""
"Different","managegroup.php","managegroup.php",""
"Different","member.php","member.php",""
"Different","memberlist.php","memberlist.php",""
"Different","misc.php","misc.php",""
"Different","modcp.php","modcp.php",""
"Different","moderation.php","moderation.php",""
"Different","newreply.php","newreply.php",""
"Different","newthread.php","newthread.php",""
"Different","online.php","online.php",""
"Different","polls.php","polls.php",""
"Different","portal.php","portal.php",""
"Different","printthread.php","printthread.php",""
"Different","private.php","private.php",""
"Different","ratethread.php","ratethread.php",""
"Different","report.php","report.php",""
"Different","reputation.php","reputation.php",""
"Different","rss.php","rss.php",""
"Different","search.php","search.php",""
"Different","sendthread.php","sendthread.php",""
"Different","showteam.php","showteam.php",""
"Different","showthread.php","showthread.php",""
"Different","stats.php","stats.php",""
"Different","syndication.php","syndication.php",""
"Different","task.php","task.php",""
"Folders","uploads\","uploads\",""
"Folders","uploads\avatars\","uploads\avatars\",""
"Different","uploads\avatars\index.html","uploads\avatars\index.html",""
"Different","uploads\index.html","uploads\index.html",""
"Different","usercp.php","usercp.php",""
"Different","usercp2.php","usercp2.php",""
"Different","warnings.php","warnings.php",""
"Different","xmlhttp.php","xmlhttp.php",""

Any advice, please Huh

pavemen

2011-10-14, 05:58 PM
are you sure you are comparing the same versions of MyBB? It looks like every file is different.
If you are using 1.6.4 now, then I suggest you just upload all the latest files and then verify config.php is valid (by opening the file) and then deleting /inc/settings.php so MyBB can recreate it.

Ruby

2011-10-14, 06:06 PM
Yes, I am using MyBB 1.6.4

I fixed the index.php file which was infected too, 2 days after running the upgrade, on october 8th

I am comparing my forum version 1.6.4. to the downloaded original of MyBB ... both downloads from today, after fixing the infected files, I fixed them yesterday.

pavemen

2011-10-14, 06:09 PM
but if you run file verification they all show as changed, or only the diff output is showing as changed?

Ruby

2011-10-14, 06:13 PM
I ran DiffMerge under all options. It came up with the same results.
I do have the original logfile with all files, thus with the identical and peerless files, which I deleted manually out of this logfile, because we won't see(*) identical and peerless files ..

But if you would like to see them, I can post the original logfile too Undecided

(*)We want to see, but perhaps not in this thread Big Grin

----------------------

edit:

I tried to find out, where the differences are, between some of these files, but I could not find differences, but me, I am not at home with php.

I am going to zip my forum, and I will give one of our experts here on the forum the link to the infected forum.zip by PM ..

----------------------

But please tell me, what do I need to do now? Huh

----------------------

It seems I am still learning how to upgrade a forum ... ;-(
Well .. I am trying it once more ..

and no, I didn't change the files myself, I can't .. I am not able to change php files.

Pages: 1 2 3 4 5 6 7 8 9 10
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > 1.6.4 Security Vulnerability