MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Malicious code removal
Full Version: Malicious code removal
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

DarknessDown

2013-08-14, 03:47 PM
Hello,

My forum was hacked and a malicious code was injected in most of the files (html, js, etc.). Since is only a single instance of javascript obfuscation, can someone tell me how to remove it? I understand that a search and remove code can be used but my knowledge stops at that... Considering the huge level of the infestation, manual removal is almost impossible and so is replacing the files, since that would lead to data loss.

Thanks a lot for all the help!

Best regards,

Darkness

Arbaz

2013-08-14, 03:53 PM
Download a fresh copy of MyBB from MyBB Downloads and replace all the files with the fresh downloaded files except for the config.php and settings.php files.

DarknessDown

2013-08-14, 03:57 PM
Thank you, but won't that affect the custom themes, images, etc.? Not to mention that the infestation has reached the custom theme I'm using.

Arbaz

2013-08-14, 04:01 PM
Well replacing all the files will fix the images part but when it comes to your custom theme, I would recommend you to go back to an at least a week old database backup.

DarknessDown

2013-08-14, 04:58 PM
Well, it appears to have worked. I removed the malicious code manually from the theme files, since the previous Admin failed to make any backup. I do hope I got it all out...

Thanks a lot for the help!

Josh H.

2013-08-15, 05:33 AM
Just make sure there aren't any unusual files leftover which could be backdoors for reinfection.

DarknessDown

2013-08-15, 09:37 AM
Thanks, Josh but I'm having some real issues with the "make sure" part. Any idea how I could do that, except manually verifying every single file?

New2mybb

2013-08-15, 11:35 AM
Run File Verification tool to check if any file is changed or not just check changed files if any and make sure that those are not contain backdoors
admincp > Tools & Maintenance > File Verification

Arbaz

2013-08-15, 04:57 PM
(2013-08-15, 05:33 AM)Josh H. Wrote: [ -> ]Just make sure there aren't any unusual files leftover which could be backdoors for reinfection.

(2013-08-15, 09:37 AM)DarknessDown Wrote: [ -> ]Thanks, Josh but I'm having some real issues with the "make sure" part. Any idea how I could do that, except manually verifying every single file?

I made you replace all your MyBB files so even if any malicious code was inserted, it should have been removed and all the files should have been overwritten.

Also, just take a look at all your files to see if there is any file that was not included in the default MyBB copy. If there is and you don't remember uploading it then delete the file immediately from your server. To be on the safe-side, before deleting it from your server, download it on your computer and post the contents of the file here so some can check it for you and tell you if it's malicious or not.

DarknessDown

2013-08-15, 05:59 PM
Already found that one, the other day, named yandex.php and containing both instances of the java obfuscation and recognized as malicious by AVG, sucuri.net and http://jsfiddle.net/
So far, no more errors have shown up but I'm keeping my eyes peeled Big Grin
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 Security Management and Support > Malicious code removal