MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Forum hacked
Full Version: Forum hacked
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

todd v.

2012-01-05, 04:52 PM
Our forum has been hacked and is attempting redirects and saying there is a trojan.
Infection Details
Infection: JS:Agent-PL [Trj]

My antivirus is pointing to javascript files and when I do a file verification from the admin panel it says they've all been changed. Even after a total replacement of them specifically. I'm running the latest version 1.65, Here's a link to the forum. http://mdpreparedness.com/forum/index.php

Any help is greatly appriciated!!
Also I have tried disabling all plugins and I have not installed the facebook plugin everyone seems to be having trouble with.

Paul H.

2012-01-05, 05:10 PM
Have you tried re-uploading all of MyBB? What plugins do you use?

Dylan M.

2012-01-05, 05:35 PM
If you're using the FB Connect plugin it has a known security hole (XSS vulnerability)

todd v.

2012-01-05, 07:28 PM
Okay so I went ahead and replace all the files, no joy. The I was seeing files from Tapatalk come up in the warnings so I deleted the folder and it seems to have taken care of it... I will visit their site and see if I'm out of date or whatever and report back so everyone will know if there's a venurability there or not.

yulasinio

2012-01-06, 10:40 AM
I'm using tapatalk, can you please let me know if you find out if it's at fault.

todd v.

2012-01-06, 01:14 PM
I have not gotten to the bottom of it yet but the Mobiquo folder was where the trojan was, no question about that. I also have the latest version installed so I'm not sure what the problem is. I am going to replace that folder with a fresh copy and see if it happens again. If so I will send the corrupted one to them to see if they can figure it out....

Dylan M.

2012-01-06, 03:17 PM
Do you have the file "tags.php" on your server. If so did it come from a plugin? We've another user who has been hacked via that file, which isn't part of the standard MyBB package.

hagz

2012-01-06, 06:52 PM
just checked my Mobiquo folder and i have no files like that inthere at all.

User 2877

2012-01-06, 07:11 PM
I think Avast started to have false positives. Otherwise it's a new MyBB vuln.

Diogo Parrinha

2012-01-06, 11:11 PM
I use Avast and the problem is here:
http://community.mybb.com/thread-111147.html

Despite the JS not being parsed it reports it as one because the code is there. However, MyBB prevents it from being parsed. It's a false positive in my opinion.
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Forum hacked