I've done some of my own research and I've found that Kaspersky (my internet protection) has been reporting false threats but I've noticed that all my sites acp's including one of mybb has it come up and I'm starting to get concerned.
I have no idea how to tell if this is something to be worried about but kaspersky only displays the messages within the admin login page.
Delete your admin folder and reupload it all from a fresh download to make sure there's nothing in there that shouldn't be.
Thanks Matt, I've tried removing the folder and re-uploading. I've actually totally removed all the folders within my MyBB site and the threat just comes back, I've also noticed that my site now has a blocked script "zettapetta.com" and from what I've read it's caused by infected servers.
Hopefully my hosting provider will sort it out if it is due to the server being infected.
Could someone post the contents of a default inc/config.php file
My hosts removed anything while they carried out their investigation please? I'm trying to set my site back up.
Config File:
<?php
/**
* Database configuration
*
* Please see the MyBB Wiki for advanced
* database configuration for larger installations
* http://wiki.mybboard.net/
*/
$config['database']['type'] = 'mysqli';
$config['database']['database'] = '';
$config['database']['table_prefix'] = 'mybb_';
$config['database']['hostname'] = 'localhost';
$config['database']['username'] = 'root';
$config['database']['password'] = '';
/**
* Admin CP directory
* For security reasons, it is recommended you
* rename your Admin CP directory. You then need
* to adjust the value below to point to the
* new directory.
*/
$config['admin_dir'] = 'admin';
/**
* Hide all Admin CP links
* If you wish to hide all Admin CP links
* on the front end of the board after
* renaming your Admin CP directory, set this
* to 1.
*/
$config['hide_admin_links'] = 0;
/**
* Data-cache configuration
* The data cache is a temporary cache
* of the most commonly accessed data in MyBB.
* By default, the database is used to store this data.
*
* If you wish to use the file system (cache/ directory), MemCache or eAccelerator
* you can change the value below to 'files', 'memcache' or 'eaccelerator' from 'db'.
*/
$config['cache_store'] = 'db';
/**
* Memcache configuration
* If you are using memcache as your data-cache,
* you need to configure the hostname and port
* of your memcache server below.
*
* If not using memcache, ignore this section.
*/
$config['memcache_host'] = 'localhost';
$config['memcache_port'] = 11211;
/**
* Super Administrators
* A comma separated list of user IDs who cannot
* be edited, deleted or banned in the Admin CP.
* The administrator permissions for these users
* cannot be altered either.
*/
$config['super_admins'] = '1';
/**
* Database Encoding
* If you wish to set an encoding for MyBB uncomment
* the line below (if it isn't already) and change
* the current value to the mysql charset:
* http://dev.mysql.com/doc/refman/5.1/en/charset-mysql.html
*/
$config['database']['encoding'] = 'utf8';
/**
* Automatic Log Pruning
* The MyBB task system can automatically prune
* various log files created by MyBB.
* To enable this functionality for the logs below, set the
* the number of days before each log should be pruned.
* If you set the value to 0, the logs will not be pruned.
*/
$config['log_pruning'] = array(
'admin_logs' => 365, // Administrator logs
'mod_logs' => 365, // Moderator logs
'task_logs' => 30, // Scheduled task logs
'mail_logs' => 180, // Mail error logs
'user_mail_logs' => 180, // User mail logs
'promotion_logs' => 180 // Promotion logs
);
?>
(2010-05-09, 10:55 PM)ZarzÄ…dca Wrote: [ -> ]Config File:
<?php
/**
* Database configuration
*
* Please see the MyBB Wiki for advanced
* database configuration for larger installations
* http://wiki.mybboard.net/
*/
$config['database']['type'] = 'mysqli';
$config['database']['database'] = '';
$config['database']['table_prefix'] = 'mybb_';
$config['database']['hostname'] = 'localhost';
$config['database']['username'] = 'root';
$config['database']['password'] = '';
/**
* Admin CP directory
* For security reasons, it is recommended you
* rename your Admin CP directory. You then need
* to adjust the value below to point to the
* new directory.
*/
$config['admin_dir'] = 'admin';
/**
* Hide all Admin CP links
* If you wish to hide all Admin CP links
* on the front end of the board after
* renaming your Admin CP directory, set this
* to 1.
*/
$config['hide_admin_links'] = 0;
/**
* Data-cache configuration
* The data cache is a temporary cache
* of the most commonly accessed data in MyBB.
* By default, the database is used to store this data.
*
* If you wish to use the file system (cache/ directory), MemCache or eAccelerator
* you can change the value below to 'files', 'memcache' or 'eaccelerator' from 'db'.
*/
$config['cache_store'] = 'db';
/**
* Memcache configuration
* If you are using memcache as your data-cache,
* you need to configure the hostname and port
* of your memcache server below.
*
* If not using memcache, ignore this section.
*/
$config['memcache_host'] = 'localhost';
$config['memcache_port'] = 11211;
/**
* Super Administrators
* A comma separated list of user IDs who cannot
* be edited, deleted or banned in the Admin CP.
* The administrator permissions for these users
* cannot be altered either.
*/
$config['super_admins'] = '1';
/**
* Database Encoding
* If you wish to set an encoding for MyBB uncomment
* the line below (if it isn't already) and change
* the current value to the mysql charset:
* http://dev.mysql.com/doc/refman/5.1/en/charset-mysql.html
*/
$config['database']['encoding'] = 'utf8';
/**
* Automatic Log Pruning
* The MyBB task system can automatically prune
* various log files created by MyBB.
* To enable this functionality for the logs below, set the
* the number of days before each log should be pruned.
* If you set the value to 0, the logs will not be pruned.
*/
$config['log_pruning'] = array(
'admin_logs' => 365, // Administrator logs
'mod_logs' => 365, // Moderator logs
'task_logs' => 30, // Scheduled task logs
'mail_logs' => 180, // Mail error logs
'user_mail_logs' => 180, // User mail logs
'promotion_logs' => 180 // Promotion logs
);
?>
Thanks mate.
Warning to anyone reading this is a pain to get rid off, I still haven't myself. I've re-uploaded everything too
Maybe also try deleting your theme and re-uploading a new copy, its possible the code is stored in the database template data.
You msut be having virus in system too thats how they have reached to your acp .
Scan you full p.c
(2010-05-10, 09:57 AM)KILL_ME Wrote: [ -> ]You msut be having virus in system too thats how they have reached to your acp .
Scan you full p.c
My computers clean, I've done various checks by alternative virus scanners too.
Quite a few people have been effected by this "zettabetta.com" and it appears that it's server based as others have also reported that they're clean and nothing has really been damaged. The hacker has just uploaded html files inside a folder called .files and other silly titled .php ones. I've managed to remove the threat from my forum but wordpress is still hit, this is a massive threat to ALL wordpress users. Please check and make sure you're aware of this threat, seems to be spreading rapidly.
(2010-05-10, 09:57 AM)KILL_ME Wrote: [ -> ]You msut be having virus in system too thats how they have reached to your acp .
Scan you full p.c
Why would a virus on someone else's PC have an effect on a server?
From what i gather form his post, its the other way around. The infected servers are holding the virus
