MyBB Community Forums

Pages: 1 2

Hello there, today i have a question want to be answered Sad

Was i got hacked ? Well, this is the problem i had yesterday:

-Yesterday, when i went to my community forums i received a download request from browser, it asked me download a file named: "Default". I pressed "Cancel" when i was at the main index, it asked me download a file named: "index.php". At my forums chatbox: It have this code:

$config['max_message_len']) $shout['message'] = substr($shout['message'], 0, $config['max_message_len']).'...'; $shout['userid'] = intval($shout['userid']); $shout['groupid'] = intval($shout['groupid']); $shout['color'] = strip_tags($shout['color']); $shout['font'] = strip_tags($shout['font']); $shout['dateline'] = time(); $checknoticecm = substr($shout['message'], 0, strlen($command['notice'])+1); $checkbancm = substr($shout['message'], 0, strlen($command['ban'])+1); $checkunbancm = substr($shout['message'], 0, strlen($command['unban'])+1); $checkpruneuser = substr($shout['message'], 0, strlen($command['prune'])+1); $type = ''; if ($shout['message'] == $command['prune'] AND $cancommand) { $type = 'prune1'; } else if ($checkpruneuser == $command['prune'].' ' AND $cancommand) { $type = 'prune2'; } else if ($shout['message'] == $command['notice'] AND $cancommand) { $type = 'notice1'; } else if ($checknoticecm == $command['notice'].' ' AND $cancommand) { $type = 'notice2'; } else if ($checkbancm == $command['ban'].' ' AND $cancommand) { $type = 'ban'; } else if ($checkunbancm == $command['unban'].' ' AND $cancommand) { $type = 'unban'; } else { $type = 'chat'; } $shout['type'] = $type; switch ($type) { case 'prune1': $handle = fopen($fcbfile['message'],"w"); fwrite($handle, build_prune1($shout)."\n"); fclose($handle); break; case 'prune2': $info = explode(" ", $shout['message']); $shout['pruneuserid'] = intval($info[1]); $shout['reason'] = substr($shout['message'], strlen($command['prune'].' '.$info[1])+1); $shout['pruneusername'] = findusername($shout['pruneuserid']); if ($shout['pruneusername']) { $shouts = file($fcbfile['message']); $handle = fopen($fcbfile['message'],"w"); foreach ($shouts as $shoutline) { $shoutf = split_shoutline($shoutline); if ($shoutf['userid'] != $shout['pruneuserid'] OR ($shoutf['type'] != 'chat' AND $shoutf['type'] != 'isme')) { fwrite($handle, $shoutline); } } fwrite($handle, break; case 'unban': $banneds = unserialize(file_get_contents($fcbfile['ds_banned'])); $info = explode(" ", $shout['message']); $shout['unbanuserid'] = intval($info[1]); $shout['unbanusername'] = findusername($shout['unbanuserid']); $shout['reason'] = substr($shout['message'], strlen($command['unban'].' '.$info[1])+1); unset($banneds[$shout['unbanuserid']]); $handle = fopen($fcbfile['ds_banned'], "w"); fwrite($handle, serialize($banneds)); fclose($handle); $handle = fopen($fcbfile['message'],"a"); fwrite($handle, build_unban($shout)."\n"); fclose($handle); break; case 'chat': if ($config['checkflood'] AND is_flood($request_ip, $shout['message'])) { echo "
".$phrase['checkflood']."
"; exit; } if ($config['checkflood']) { // save last shout $handle = fopen($fcbfile['ds_lastshout'],"w"); $ls['ip'] = $request_ip; $ls['message'] = $shout['message']; $data = serialize($ls); fwrite($handle, $data); fclose($handle); } $smilies = unserialize(file_get_contents($fcbfile['ds_smilie'])); // save chat message $handle = fopen($fcbfile['message'],"a"); if ($config['remove_badword']) { $shout['message'] = remove_bad_word($shout['message']); } fwrite($handle, build_chat($shout)."\n"); fclose($handle); } } } ############################# SHOW MESSAGE ################################ $notice = file_get_contents($fcbfile['ds_notice']); if ($notice) echo $phrase['notice'],$notice,'
'; $shouts = file($fcbfile['message']); krsort($shouts); $count = 0; foreach ($shouts as $shout) { ++$count; $shout = trim($shout); echo '
'.build_message($shout).'
'; if ($count == $config['maxmessage']) break; } ?>

I'm using VN Chatbox, after 10 minutes. I can access normally, but when i come to backup tools to create a backup, it asked me CHMOD 777. I'm so suprised, because i was never be asked to CHMOD 777 backups folder before. Same with the language files.... I decided no CHMOD and come here to ask first, i think he forced me CHMOD 777 the folders so he - the attacker can attack me easier ???

What was happened to my forums ??? What do you think ? Please let me know by reply back, please i need all your helps.

Thanks a lot!

What's your forum's URL? I want to take a better look at this before I say yes or no.

backups folder has to be chmod so backup files can be written in there.

language files have to be chmod if you want to be able to edit them in the admin cp (they need to be rewritten as you edit them).

neither of those should make anything any easier for an attacker. sure, if you're already hacked and your files are already writable, they can use that to hide a backdoor in a language file. But you already were hacked before that then, and there are tons of other files they could hide a backdoor in, so it does not really matter either way.

I can't vouch for the code you posted but it does look like chatbox code, not malicious code.

@frostschutz: I see, the code i gave is the chatbox code. But it's in crashed. Backups folder and language file need to be chmod - i knew that but before i didn't received that notifications so why after i got that problems i need to chmod ? Hmm, should i download the forum code and start scanning ???

@pyridine: It's: http://www.mobihouse.co/ But now you can acccess it very okay !

Where's the MyBB forum? Confused

(2011-02-10, 08:45 AM)Shukaku Wrote: [ -> ]Where's the MyBB forum?

http://www.mobihouse.co/community/

(2011-02-10, 08:45 AM)Shukaku Wrote: [ -> ]Where's the MyBB forum?

http://www.mobihouse.co/community/

Well I can't comment seeing there's nothing for me to look at indicating an intrusion.

Yes, as i said now you can access my forum normally. That's problem of yesterday... I really wanna to know why mybb asked me CHMOD folders & files, is it safe ?

(2011-02-10, 09:40 AM)NNT_ Wrote: [ -> ]Yes, as i said now you can access my forum normally. That's problem of yesterday... I really wanna to know why mybb asked me CHMOD folders & files, is it safe ?

Because MyBB requires the ability to update certain files or path.

The upload/avatar path is an example, if it has no permission to place image files there, then users can't upload their own Avatar images.

Another is your config/settings.

It's required to save your Config changes, but if it's not writable, your changes won't take affect.

(2011-02-10, 04:10 PM)weBex Wrote: [ -> ]
(2011-02-10, 09:40 AM)NNT_ Wrote: [ -> ]Yes, as i said now you can access my forum normally. That's problem of yesterday... I really wanna to know why mybb asked me CHMOD folders & files, is it safe ?

Because MyBB requires the ability to update certain files or path.

The upload/avatar path is an example, if it has no permission to place image files there, then users can't upload their own Avatar images.

Another is your config/settings.

It's required to save your Config changes, but if it's not writable, your changes won't take affect.

This one of the reasons I wrote and internal FTP based file uploader for my old site. The codes uses basic PHP upload functionality and then FTP to move the file from the temp PHP to the final location

Since the FTP is on the server itself, its not a plain text security issue and the final location just needs to be owned and writable by the FTP account (I created an account for avatars, one for attachments, one for the admin) and simply executable by the world.

Now I run my server with suPHP and Suhosin so its not an issue anymore. However, I still think that FTP based uploads should be an option for myBB

Pages: 1 2

NNT_

pyridine

frostschutz

NNT_

Sajuuk

NNT_

pyridine

NNT_

weBex

pavemen