MyBB Community Forums

I did look on FTP and didn't see anything that shouldn't be there.

(2012-01-15, 03:08 AM)markwesley Wrote: [ -> ]I found the following code starting on line 2119 and ending on line 2141 in my config.php file should it be there and what does it do?

What?? More than 2000 lines in your config.php file??? There's something wrong with it...

(2012-01-15, 03:26 AM)GamerVoid Wrote: [ -> ]You could also check your site through Sucuri: http://sitecheck.sucuri.net/scanner/

CHMOD inc/config.php to 444.
Are you running MyBB 1.6.5? Because there was a 1.6.4 exploit in index.php that allowed modification of files such as config.php

He could have had the exploit happen with 1.6.4 and since inc/config.php is not changed during upgrades, it transferred over.

I ran http://forum.my-notepad.biz/ through sucuri. No malicious JS files that I can see, so I think you are in the clear.

@Paul - I thought a clean index.php was packaged w/ 1.6.5? Edit: misread your post. Sorry

At OP - delete those extra some 2000 blank lines too just for cleanliness' sake. MyBB's code is fairly distinguishable in config.php. It is considerably English-like, and not cURLy...

I am on 1.6.5 yes, Paul can I send you my details to login and check if you have time please as I'm really tired and am not 100% sure what to look for/do.

Sure, you can send them to me

Thank you, I have sent the PM.

Patched up inc/config.php and looked around for any files, I didn't find any. You should be good to go

Thank you for your time Paul, it's much appreciated.

You're welcome