2012-10-09, 11:44 PM
2012-10-10, 02:23 AM
I've removed the link but I can tell you that it's a PHP web shell used to backdoor websites. You should delete it immediately and check if any other shells have been uploaded.
You should also check that none of the core MyBB files have been modified without your knowledge.
ACP > Tools & Maintenance > File Verification
I advise that you change your FTP, MySQL, and cPanel passwords to make sure the attacker doesn't have access to any of those.
Lastly, check your access logs and search for inc_ini.php to see how the attacker managed to upload the shell. That's your best bet at discovering how you were compromised.
You should also check that none of the core MyBB files have been modified without your knowledge.
ACP > Tools & Maintenance > File Verification
I advise that you change your FTP, MySQL, and cPanel passwords to make sure the attacker doesn't have access to any of those.
Lastly, check your access logs and search for inc_ini.php to see how the attacker managed to upload the shell. That's your best bet at discovering how you were compromised.
2012-10-10, 02:30 AM
Consider my Advanced File Verification plugin to check for non-standard MyBB files on you account and then generate checksums for them if you accept the file(s). It will store the checksums and timestamps for comparison later.
See me signature for link to the site. The plugin is free.
See me signature for link to the site. The plugin is free.