MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Possibly Hacked?
Full Version: Possibly Hacked?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2

Justin

2006-03-05, 01:24 PM
This morning when I got on the computer, I noticed that there was a post in our announcements forum, and it said it was made by me at like 5:53 am. I wasn't awake at that time. I unapproved the post, and then went into the ACP and looked at the IPs that I had posted with. There was one at the very bottom that wasn't like ANY of my others. I looked it up, and it had a different hostname too. That IP was also a registration IP of our newest member.
Because I unapproved it, I went into the mod queue part of the ACP. There it was, that post, but it didn't have a username next to the username part. However, when I went into phpMyAdmin, the post was there, unapproved, but it said it was posted by me, with my user id of 1.

If this helps, the message was this:
Subject: Time to update MyBB 1.04!!!
Quote:If possible update before more people like me come along.
Now, I have upgraded to MyBB 1.04, and I've been updated for weeks.

To make things even stranger, posts that were there since I last logged on were read. Just to be safe, I changed my password.

What's going on here? Is this a security hole in MyBB?

Thanks,
- Belloman

Edit: I changed the subject of this thread from "Post by no one?"

Dennis Tsang

2006-03-05, 06:39 PM
Anything strange in your server logs?

Justin

2006-03-05, 06:45 PM
What do you mean by server logs?

I also wanted to mention that I banned the user, and also, that in the forum display page, the thread's last post shows up as 12-31-69 at 7:00 PM with no Last Poster, but in the post, it says it was posted Today at 5:53 PM. The last member who registered that had the same IP as that post has been banned, and seems to be impersonating a member at other forums, but the IP that this person registered at my forums had a different IP than the impersonated member, as well as a different email.

Dennis Tsang

2006-03-05, 06:53 PM
If you use cPanel, there's a section called "Access Logs" and you can see if the user tried to do anything funny in the URL (SQL injection or such). Or maybe your host has some other form of access logs (accessible from FTP or something else?)

Justin

2006-03-05, 07:06 PM
Okay, my host has cPanel. However, right now they are having server problems. I'll check ASAP and see if there is anything odd in there.

EDIT:
I've managed to get the access logs, but when I click on it, all that happens is the command prompt opens up and then closes, and that is it. How am I supposed to look at them? Maybe I'm looking at the same thing, but all we have is "Raw Access Logs."

Chris Boulton

2006-03-05, 10:13 PM
Yes - what you want are the raw access logs.

Now, it's been several years (maybe 3 or so) since i've used any sort of hosting with CPanel, but there is some way to download them (or you can access them via FTP/SFTP).

When you download it, open the file in a text editor of some sort.

Justin

2006-03-05, 10:36 PM
It seems that all the person did was register with the IP that the message was posted with.

Quote:129.21.228.88 - - [05/Mar/2006:09:01:19 +0000] "GET /member.php?action=register HTTP/1.1" 200 9923 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:22 +0000] "GET /jscripts/general.js HTTP/1.1" 200 7170 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:23 +0000] "GET /jscripts/resizeall.js HTTP/1.1" 200 1319 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:24 +0000] "GET /jscripts/menu.js HTTP/1.1" 200 1879 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:25 +0000] "GET /jscripts/mybb.js HTTP/1.1" 200 1176 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:25 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:27 +0000] "GET /images/popup_down.gif HTTP/1.1" 200 279 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:28 +0000] "GET /images/RCTgoBlue/menu.gif HTTP/1.1" 200 664 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:28 +0000] "GET /images/RCTgoBlue/nav_bit.gif HTTP/1.1" 200 61 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:28 +0000] "GET /images/RCTgoBlue/logo.jpg HTTP/1.1" 200 201039 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:35 +0000] "GET /images/RCTgoBlue/header.gif HTTP/1.1" 200 545 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:36 +0000] "POST /member.php HTTP/1.1" 200 15036 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:39 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:41 +0000] "GET /image.php?action=regimage&imagehash=905b187d7a79ab9cced901be4b485fc9 HTTP/1.1" 200 3607 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:01:41 +0000] "GET /images/RCTgoBlue/logo.jpg HTTP/1.1" 206 171897 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:02:59 +0000] "POST /member.php HTTP/1.1" 200 7935 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:03:02 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:03:28 +0000] "GET /member.php?action=login HTTP/1.1" 200 9491 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:09:03:30 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"

The IP/hostname was this:
Quote:IP Address:129.21.228.88
Hostname: svcqas03.rit.edu

I can't seem to find anything that they did wrong.

Chris Boulton

2006-03-06, 12:43 AM
It could be other POST requests they made to other scripts or even possibly (if your server has register globals on), SQL injection via a cookie.

Ryan Gordon

2006-03-06, 12:46 AM
Can you find the activity logs of the hour that thread was posted and post em here? (it doesnt have to be the whole hour; Just the parts that might be suspisious)

edit: Chris I thought that register globals was fixed in 1.04?

Justin

2006-03-06, 01:32 AM
Chris Boulton Wrote:It could be other POST requests they made to other scripts or even possibly (if your server has register globals on), SQL injection via a cookie.
According to the PHP Info in the ACP, register_globals is On.

The only other scripts we have is a custom downloads center and a poll script, nothing else.

And Tiki, I'm looking for those right now.

Edit:
Quote:129.21.228.88 - - [05/Mar/2006:10:50:49 +0000] "GET /index.php HTTP/1.1" 200 34007 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:50:53 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:02 +0000] "GET /forumdisplay.php?fid=9 HTTP/1.1" 200 29127 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:07 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:09 +0000] "GET /images/pixel.gif HTTP/1.1" 200 68 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:09 +0000] "GET /images/newfolder.gif HTTP/1.1" 200 215 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:09 +0000] "GET /images/english/newthread.gif HTTP/1.1" 200 3142 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:09 +0000] "GET /images/folder.gif HTTP/1.1" 200 273 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:12 +0000] "GET /images/hotfolder.gif HTTP/1.1" 200 309 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:13 +0000] "GET /images/lockfolder.gif HTTP/1.1" 200 451 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:13 +0000] "GET /images/newhotfolder.gif HTTP/1.1" 200 285 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:13 +0000] "GET /images/dot_folder.gif HTTP/1.1" 200 1060 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:17 +0000] "GET /newthread.php?fid=9 HTTP/1.1" 200 9259 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:20 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:27 +0000] "GET /forumdisplay.php?fid=55 HTTP/1.1" 200 55616 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:30 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:39 +0000] "GET /newthread.php?fid=55 HTTP/1.1" 200 9260 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:51:43 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:06 +0000] "GET /newthread.php?fid=55 HTTP/1.1" 200 26685 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:09 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:11 +0000] "GET /images/icons/wink.gif HTTP/1.1" 200 698 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:11 +0000] "GET /images/icons/wub.gif HTTP/1.1" 200 1410 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:11 +0000] "GET /images/icons/unsure.gif HTTP/1.1" 200 1101 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:12 +0000] "GET /images/icons/w00t.gif HTTP/1.1" 200 650 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:13 +0000] "GET /jscripts/codebuttons.js HTTP/1.1" 200 9043 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:13 +0000] "GET /images/icons/tongue.gif HTTP/1.1" 200 698 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:13 +0000] "GET /images/icons/smile.gif HTTP/1.1" 200 699 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:15 +0000] "GET /images/icons/sad.gif HTTP/1.1" 200 698 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:15 +0000] "GET /images/icons/ohmy.gif HTTP/1.1" 200 698 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:15 +0000] "GET /images/icons/laugh.gif HTTP/1.1" 200 690 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:15 +0000] "GET /images/icons/mad.gif HTTP/1.1" 200 699 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:16 +0000] "GET /images/icons/huh.gif HTTP/1.1" 200 708 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:16 +0000] "GET /images/icons/crying.gif HTTP/1.1" 200 1088 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:16 +0000] "GET /images/icons/excl.gif HTTP/1.1" 200 1131 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:17 +0000] "GET /images/icons/cool.gif HTTP/1.1" 200 696 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:17 +0000] "GET /images/icons/blushing.gif HTTP/1.1" 200 1136 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:18 +0000] "GET /images/icons/blink.gif HTTP/1.1" 200 1088 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:18 +0000] "GET /images/icons/biggrin.gif HTTP/1.1" 200 696 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:18 +0000] "GET /images/smilies/smile.gif HTTP/1.1" 200 699 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:19 +0000] "GET /images/smilies/biggrin.gif HTTP/1.1" 200 696 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:19 +0000] "GET /images/smilies/sad.gif HTTP/1.1" 200 698 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:19 +0000] "GET /images/smilies/mad.gif HTTP/1.1" 200 699 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:19 +0000] "GET /images/smilies/wink.gif HTTP/1.1" 200 698 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:20 +0000] "GET /images/smilies/tongue.gif HTTP/1.1" 200 698 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:21 +0000] "GET /images/smilies/ohmy.gif HTTP/1.1" 200 698 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:21 +0000] "GET /images/smilies/laugh.gif HTTP/1.1" 200 690 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:21 +0000] "GET /images/smilies/huh.gif HTTP/1.1" 200 708 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:21 +0000] "GET /images/smilies/blink.gif HTTP/1.1" 200 1088 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:22 +0000] "GET /images/smilies/cool.gif HTTP/1.1" 200 696 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:22 +0000] "GET /images/smilies/w00t.gif HTTP/1.1" 200 650 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:23 +0000] "GET /images/smilies/crying.gif HTTP/1.1" 200 1088 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:23 +0000] "GET /images/smilies/blushing.gif HTTP/1.1" 200 1136 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:23 +0000] "GET /images/smilies/unsure.gif HTTP/1.1" 200 1101 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:24 +0000] "GET /images/smilies/confused1.gif HTTP/1.1" 200 345 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:24 +0000] "GET /images/smilies/mellow.gif HTTP/1.1" 200 698 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:24 +0000] "GET /images/smilies/glare.gif HTTP/1.1" 200 468 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:25 +0000] "GET /images/smilies/scared.gif HTTP/1.1" 200 660 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:25 +0000] "GET /images/smilies/sleep.gif HTTP/1.1" 200 697 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:26 +0000] "GET /images/smilies/rolleyes.gif HTTP/1.1" 200 705 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:26 +0000] "GET /images/smilies/wub.gif HTTP/1.1" 200 1410 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:26 +0000] "GET /images/smilies/getmore/devil.gif HTTP/1.1" 200 1146 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:27 +0000] "GET /images/smilies/getmore/excl.gif HTTP/1.1" 200 1131 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:28 +0000] "GET /images/smilies/getmore/chris.gif HTTP/1.1" 200 1120 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:28 +0000] "GET /images/smilies/getmore/pinch.gif HTTP/1.1" 200 1124 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:31 +0000] "GET /images/smilies/getmore/ninja.gif HTTP/1.1" 200 481 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:31 +0000] "GET /images/smilies/getmore/yes.gif HTTP/1.1" 200 687 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:31 +0000] "GET /images/smilies/getmore/stuart.gif HTTP/1.1" 200 1094 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:31 +0000] "GET /images/smilies/getmore/whistling.gif HTTP/1.1" 200 1130 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:33 +0000] "GET /images/codebuttons/bold.gif HTTP/1.1" 200 104 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:34 +0000] "GET /images/codebuttons/italics.gif HTTP/1.1" 200 73 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:34 +0000] "GET /images/codebuttons/sep.gif HTTP/1.1" 200 65 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:34 +0000] "GET /images/codebuttons/underline.gif HTTP/1.1" 200 104 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:34 +0000] "GET /images/codebuttons/align_left.gif HTTP/1.1" 200 81 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:34 +0000] "GET /images/codebuttons/align_center.gif HTTP/1.1" 200 73 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:35 +0000] "GET /images/codebuttons/align_right.gif HTTP/1.1" 200 73 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:35 +0000] "GET /images/codebuttons/align_justify.gif HTTP/1.1" 200 74 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:36 +0000] "GET /images/codebuttons/list_num.gif HTTP/1.1" 200 191 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:36 +0000] "GET /images/codebuttons/list_bullet.gif HTTP/1.1" 200 103 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:36 +0000] "GET /images/codebuttons/image.gif HTTP/1.1" 200 640 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:37 +0000] "GET /images/codebuttons/url.gif HTTP/1.1" 200 1068 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:37 +0000] "GET /images/codebuttons/email.gif HTTP/1.1" 200 639 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:37 +0000] "GET /images/codebuttons/quote.gif HTTP/1.1" 200 143 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:37 +0000] "GET /images/codebuttons/code.gif HTTP/1.1" 200 80 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:52:38 +0000] "GET /images/codebuttons/php.gif HTTP/1.1" 200 27339 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:05 +0000] "POST /newthread.php HTTP/1.1" 200 1537 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:06 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:11 +0000] "GET /showthread.php?tid=208 HTTP/1.1" 200 12913 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:11 +0000] "GET /showthread.php?tid=208 HTTP/1.1" 200 24134 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:14 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:16 +0000] "GET /images/english/newreply.gif HTTP/1.1" 200 3070 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:16 +0000] "GET /images/star.gif HTTP/1.1" 200 990 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:17 +0000] "GET /images/RCTgoBlue/team/admin.gif HTTP/1.1" 200 2715 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:19 +0000] "GET /images/rep_neg.gif HTTP/1.1" 200 63 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:19 +0000] "GET /images/repbit_pos.gif HTTP/1.1" 200 70 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:20 +0000] "GET /index.php HTTP/1.1" 200 36341 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:20 +0000] "GET /images/rep_pos.gif HTTP/1.1" 200 64 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:21 +0000] "GET /images/english/postbit_pm.gif HTTP/1.1" 200 1542 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:22 +0000] "GET /images/english/postbit_www.gif HTTP/1.1" 200 1701 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:22 +0000] "GET /images/english/postbit_find.gif HTTP/1.1" 200 1686 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:22 +0000] "GET /images/english/postbit_edit.gif HTTP/1.1" 200 1666 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:24 +0000] "GET /images/english/postbit_delete.gif HTTP/1.1" 200 1129 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:24 +0000] "GET /images/english/postbit_quote.gif HTTP/1.1" 200 1729 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:24 +0000] "GET /images/english/postbit_report.gif HTTP/1.1" 200 1784 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:35 +0000] "GET /moderation.php?action=getip&pid=1180 HTTP/1.1" 200 10060 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:37 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:49 +0000] "GET /member.php?action=logout&uid=1 HTTP/1.1" 200 1516 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:51 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:57 +0000] "GET /index.php HTTP/1.1" 200 33915 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
129.21.228.88 - - [05/Mar/2006:10:53:58 +0000] "GET /css.php?theme=3 HTTP/1.1" 200 8655 "http://forums.rctgo.com/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1"
Bolded parts are what I saw as important
Pages: 1 2
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.2 Series > MyBB 1.2 General Support > Possibly Hacked?