Oh yeah it is. Get it deleted asap and do a complete scan of all your files. I would close your site asap. Do a complete backup of files and database. Then go over all your files locally with notepad looking for anything suspicious.
Go now.
That shell is one of the most popular hacker shells written by Mulciber. I have crossed paths with him at Hack Forums. He may or may not be the penetrator as his shell is publically available. Just follow my suggestions and let's hope you're not rooted. If you have other sites on that account they are subject to this shell as well. Change all passwords immediately too. They are compromised...that includes your DB info that is listed in config.php. It's probably one of the first pages they looked at. I believe the Mulcishell allows for DB dump. If you haven't acted quickly enough then they have your database.
What version of MyBB were you running? Anything lower than 1.4.7 had an exploitable security hole and you should be upgrading whenever MyBB has a release with security fixes.
I don't quite now how to update, It's 1.4.6
Thanks for the reply though
If you're on 1.4.6 you've been vulnerable to a serious security vulnerability for
way too long. Upgrade to 1.4.8 as soon as physically possible. Didn't you see the yellow version checker message on the ACP home??
[Wiki: Upgrading] (Broken link, head over to docs.mybb.com instead)
If you're unsure, ask, that's much better than running a forum with a known issue that means you can be hacked.
Ah, thank-you
I've updated to 1.4.8 and have told all my admins - staff to change their passwords
What else can I do now?
I thought I outlined very well what you should do.
Okay thanks
Just unsure on this bit; "Then go over all your files locally with notepad looking for anything suspicious."
I usually do file searches for things like exec( or other signs of a shell. You are looking for backdoors. It's not enough to delete one file and change passwords. It's likely they have left themselves another entry point. Possibly a hidden file or a member with admin rights you haven't noticed.
Moving to General Support.
Thanks for all the support guys
I want to check my forums files for rootkits
How would I go about doing this?
I think I've noticed something suspicous, I've checked every place in my site directory and have deleted all the
mshell.php files but there are three left that will not delete
/public_html/Forum/cache/themes/theme38/mshell.php
/public_html/Forum/cache/themes/theme30/mshell.php
/public_html/Forum/cache/themes/theme1/mshell.php
Nothing bad has happened as of yet, but you can never be too sure