MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Help with a hacked index
Full Version: Help with a hacked index
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

Dardango

2008-01-23, 04:54 PM
Hey:

Some a-hole hacked a board for one of the sites I manage.

He replaced the index.php with his own index.php with his little message.

I overwrote his index.php with my own, but now I'm getting this message:

Direct initialization of this file is not allowed.

Please make sure IN_MYBB is defined.

What's the fix for this? Also, how I can find this moron's IP?

ct2k7

2008-01-23, 04:57 PM
Check your server logs, and any logs for any upload services.
Can you post the link to your forum please?
Make an immediate backup of your files and database to your hard drive. If possible, you may also need the hacked index page.

Dardango

2008-01-23, 05:16 PM
Of course the index is not working, but here's the main section:

http://www.frankmccomb.info/board/forumd....php?fid=2

Dale Hay

2008-01-23, 05:44 PM
Make sure at the top of the INDEX.PHP file you have this (underneath the commented stuff at the top)

define("IN_MYBB", 1);

Dardango

2008-01-23, 06:02 PM
Dale Hay Wrote:Make sure at the top of the INDEX.PHP file you have this (underneath the commented stuff at the top)

define("IN_MYBB", 1);

After which part exactly?

At the very top?

Dale Hay

2008-01-23, 06:04 PM
Yeah, beneath this bit:
/**
 * MyBB 1.2
 * Copyright © 2006 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybboard.net
 * License: http://www.mybboard.net/eula.html
 *
 * $Id: index.php 3595 2008-01-09 00:10:57Z Tikitiki $
 */

So it should look like this:
/**
 * MyBB 1.2
 * Copyright © 2006 MyBB Group, All Rights Reserved
 *
 * Website: http://www.mybboard.net
 * License: http://www.mybboard.net/eula.html
 *
 * $Id: index.php 3595 2008-01-09 00:10:57Z Tikitiki $
 */
define("IN_MYBB", 1);

Dardango

2008-01-23, 09:05 PM
Thanks dudes. It helped.

How do you think this guy got in like that?

Here's a copy of the hackpage I save for future reference

http://www.frankmccomb.info/board/dispos.../index.php

DCR

2008-01-23, 09:46 PM
Dardango Wrote:Thanks dudes. It helped.

How do you think this guy got in like that?

Here's a copy of the hackpage I save for future reference

http://www.frankmccomb.info/board/dispos.../index.php

There were multiple high risk vulnerabilities in 1.2.10 and 1.2.11 that if a person knew what they were doing, they could take over the whole website.

That's why it's always important to keep your Forums running with the latest version.

Dale Hay

2008-01-24, 12:02 AM
Dardango Wrote:How do you think this guy got in like that?

As DCR said it could be because you haven't updated to the latest version OR you gave out your FTP/Host CP settings to someone else.

ct2k7

2008-01-24, 04:32 PM
Has anyone threatened to hack the board?

It says: I do what I say
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Help with a hacked index