MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > Hacked after upgrade?
Full Version: Hacked after upgrade?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

acherwinski

2010-02-16, 06:35 PM
Hello - I upgraded my installation to the latest MyBB version a few week ago. My shared Host provider reports that they are still finding hacks. Are there other holes I should try to plug. Is it possible that the problem is coming from other scripts installed on the my virtual server? Moodle and WordPress?

This the log the host reports cleaning up.

922 Fri 12 Feb 2010 08:17:33 PM CST : pico ./forums/inc/class_inc.php

954 Fri 12 Feb 2010 08:21:33 PM CST : rm ./forums/archive/post.php
955 Fri 12 Feb 2010 08:21:36 PM CST : grep -R "cialis" ./*|less
957 Fri 12 Feb 2010 08:21:43 PM CST : rm ./forums/inc/plugins/akis.php
958 Fri 12 Feb 2010 08:21:44 PM CST : grep -R "cialis" ./*|less

963 Fri 12 Feb 2010 08:21:59 PM CST : rm ./forums/inc/3rdparty/index.php

Thank you.

Matt

2010-02-16, 08:47 PM
What did you upgrade from??

acherwinski

2010-02-16, 10:46 PM
Hi Matt - I believe it was 1.4.9 to 1.4.11 .

Matt

2010-02-16, 10:50 PM
Well, none of the files you listed there are default MyBB files... ./inc/class_inc.php and ./archive/post.php aren't in MyBB, ./inc/3rdparty/index.php is actually index.html, and ./inc/plugins/akis.php is obviously a plugin file, so I'm not sure what these files are or how they got there... my advice would be to go through your file system and make sure there are no non-MyBB files there.

Diogo Parrinha

2010-02-16, 11:20 PM
Delete all files except config.php and settings.php. Upload all MyBB files - fresh ones but not replace config.php neither settings.php

Matt

2010-02-16, 11:21 PM
If you do that make sure to save your ./cache/themes/, ./uploads/ and ./uploads/avatars/ folders... you could check those folders manually for anything that shouldn't be there.

acherwinski

2010-02-17, 05:03 PM
Thank you - I will install a new set of files with the above exceptions. I think I did a clean install of the latest version on February 1, and after that my host reported problems and deleted an inserted file /forums/archive/post.php. (Cialias google bot redirect) It does appear to back.

Thanks - I will let you know what happens.

Diogo Parrinha

2010-02-17, 05:04 PM
If you do a clean installation and it gets back again, it's your probably

Matt

2010-02-17, 05:43 PM
What have you set the CHMODs of folders to??

acherwinski

2010-02-18, 12:12 AM
As per the upgrade instruction on the Wiki...

1. ./inc/settings.php = 777 for upgrade then back to 666
2. ./inc/config.php = 777 for upgrade then back to 755
3. ./uploads/ folder to 777, index file to 666
4. ./uploads/avatars/ folder to 777, index file to 666
5. ./inc/languages folder to 777, english and index files to 666
6. ./admin/backups folder to 777, index file to 666
7. ./cache folder to 777, index file to 666
8. ./cache/theme folder to 777, index file to 666

./cache/theme/theme1 left at 755
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.4 > MyBB 1.4 General Support > Hacked after upgrade?