Hi, my webhost has disabled a file of mybb forum because it is "insecure and exploited to send out spam." Is this a known issue and is there a fix, or ? Not sure I should mention the file name here as I don't want to promote the issue.
They gave some instructions but have not touched it yet.
Please pm if you can address this, want the file name and what they said I need to do, and your recommendations.
Thank you
Run a File Verification Check from the ACP. If it shows the file hasn't been modified then it's a false positive.
(2016-08-04, 08:12 PM)Nathan Malcolm Wrote: [ -> ]Run a File Verification Check from the ACP. If it shows the file hasn't been modified then it's a false positive.
Thank you.
It shows 3 files have been changed.
forum/attachments.php
forum/management.php
forum/module_meta.php
Not sure if that has anything to do with any problems. I am using Vienna theme.
Should also note my actual website was hacked--and webhost is running scan to try to nail all files that need correcting. Their find on the forum file was prior to that and really an aside from what Google had informed me about and so not sure if it's a real issue.
(2016-08-04, 08:37 PM)ConfusedVic Wrote: [ -> ] (2016-08-04, 08:12 PM)Nathan Malcolm Wrote: [ -> ]Run a File Verification Check from the ACP. If it shows the file hasn't been modified then it's a false positive.
Thank you.
It shows 3 files have been changed.
forum/attachments.php
forum/management.php
forum/module_meta.php
Not sure if that has anything to do with any problems. I am using Vienna theme.
Should also note my actual website was hacked--and webhost is running scan to try to nail all files that need correcting. Their find on the forum file was prior to that and really an aside from what Google had informed me about and so not sure if it's a real issue.
Probably would want to replace those modified files with default ones.
Wait for your web hosts scan to come back and paste what they find here so we can provide you with a more concrete path forward.
(2016-08-05, 01:40 PM)Alex - A2Hosting Wrote: [ -> ] (2016-08-04, 08:37 PM)ConfusedVic Wrote: [ -> ] (2016-08-04, 08:12 PM)Nathan Malcolm Wrote: [ -> ]Run a File Verification Check from the ACP. If it shows the file hasn't been modified then it's a false positive.
Thank you.
It shows 3 files have been changed.
forum/attachments.php
forum/management.php
forum/module_meta.php
Not sure if that has anything to do with any problems. I am using Vienna theme.
Should also note my actual website was hacked--and webhost is running scan to try to nail all files that need correcting. Their find on the forum file was prior to that and really an aside from what Google had informed me about and so not sure if it's a real issue.
Probably would want to replace those modified files with default ones.
Wait for your web hosts scan to come back and paste what they find here so we can provide you with a more concrete path forward.
Thanks. I wondered if those were due to the disabling of the php file that threw the "insecure" info to them. Still waiting to hear from them about scan.
It took until last night to finally get some sort of response from the webhost. They never gave a report last Thursday or since. Part of the problem is that my server/host outsourced webhosting to another company and they are the actual webhost and tech help but refuse to deal directly with customers. So have to speak with people who aren't into the website tech issues and they transmit to the actual tech help, which doesn't seem very good anymore. .
They figured because I had changed my passwords several times over the last few days, and they scanned my site and had blocked the ips of some of the spammer/hackers, that meant the existing inserted file that was generating the cloaked urls onto my site was a dead file. But it was still active and increasing variants of the spam urls. They simply don't get it, even when I sent new google info showing new inserted links 3 days after the scan.
I finally found the inserted file and deleted it last night--not sure how it was missed by them or the many searches I did previously, and google has cleared my site for now.
I don't feel confident it won't get hacked again. I am trying to figure out how to get the keys for ssh, as my webhost does have that but haven't figured out PuTTY or the other options and was hoping to still use filezilla--just a lot of figuring it out.
However, regarding the forum, I did not address the issue with the php files yet.
As noted above when I did the file verification 3 changes had been made
The changed files were in the admin/modules/forum/ the ones listed above.
This is what the server sent when they first disabled the one php file for the forum. Removing the file name again.
>>>The following file on your web hosting space have been disabled because they were insecure and exploited to send out spam:
./public/forum/*****.php
Please immediately change the FTP passwords and remove any clear text files containing unencrypted user names and passwords. Kindly review all the code and content to ensure no further vulnerabilities remain. Please ensure that any files you upload to your website are secure as well. <<<<
I also looked at the PHP information in tools and it shows an error php file and 2 under it---so not sure if you want to see that pasted here.
So that's where it's at. I am planning to look at the file, and clean it if there's anything there, but if it's a weakness, I imagine with the spammers I am being hit with, it will be exploited.
Also Alex, I am interested in moving my site and forum to your webhosting if you wouldn't mind pming me concerning that. I spent quite a bit of time reviewing what that company offers the last few days and I think it might serve me better.
Thank you for your time
I just tried to access the php file to clean it and it won't allow me to view it or download it. Makes it a little difficult trying to clean it.
Going through the admin panel, this is what the PHP Info states
Warning [2] phpinfo() has been disabled for security reasons - Line: 24 - File: admin/modules/tools/php_info.php PHP 5.3.28 (Linux)
File
Line
Function[PHP]
errorHandler->error
/admin/modules/tools/php_info.php
24
phpinfo
/admin/index.php
770
require
Some hosts disable the phpinfo() function because it gives clues to hackers. MyBB has this on a page only accessible to Administrators (guests and regular users will never see it), but if your host has it disabled, you can't use it.
I just got a message from my server that the webhost is going to enable permissions so I can edit the file. But would like input about what I should be doing with regards to it being a possible risk.
Thank you