MyBB Community Forums
Site hacked - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Archived Development and Support (https://community.mybb.com/forum-155.html)
+----- Forum: MyBB 1.6 (https://community.mybb.com/forum-138.html)
+------ Forum: 1.6 Security Management and Support (https://community.mybb.com/forum-153.html)
+------ Thread: Site hacked (/thread-141085.html)



Site hacked - snippets69 - 2013-06-15

mysite.com and mysite.com/forum

would redirect to crazyhackers.org

.htaccess was fine

going to mysite.com/forum/index.php would load the site fine and everything worked perfectly

after going round and round with hosting tech support... the answer forwarded to me was that index.php had been hacked... which doesn't make sense to me since that was the only way the site would actually get to the main page (mysite.com/forum/index.php), but perhaps I'm mistaken here. Is the diagnosis possible given the symptoms....?

if not, how could this be accomplished...? I mean functionally and regardless, what kind of exploit would allow the injection of the redirect. I'm guessing it wasn't because my passwords had been compromised otherwise MOST LIKELY (not necessarily, i'm just going on by what's likely) someone would have done more damage than just the redirect...

any more info on how this might have happened and what i can do to protect, that would be cool. i'm running 1.6.10. I DO have both the mybb and theme credits on my site. i'm just wary to post with my name or the site name since obviously there's some vulnerability. i can confirm through PM if need be.

Maximum Attachments (2.0)
Allows you to upload a maximum attachments at the same time.
Created by 5n0w833 Install & Activate
Admin Directory PIN (1.0)
Add a PIN to the administrator directory.
Created by Jammerx2 Deactivate
Akismet (1.2.2)
Akismet is a program that helps prevent SPAM on your forum.
Created by MyBB Group Deactivate Uninstall
Banned to view threads. (2.0)
Gives administrator ability to ban certain usergroups or users to view particular thread.
Created by Pratik Unadkat (crazy4cs) Deactivate
Dissect/Duplicate Posts (1.21)
This will add an additional moderation tool which allows posts to be duplicated via Inline Post Moderation. If only one post is selected, the post may be "dissected" or split.
Created by ZiNgA BuRgA Deactivate
Default Profile (2.0)
Gives new users who register a default avatar, signature, and profile options. For MyBB 1.6.x.
Created by DennisTT & Conor Calby Activate
Edit Time Limit/Legend Permissions (1.0.1)
Adds two usergroup permissions for edit time limit and removing Edited by legend.
Created by Starpaul20 Deactivate Uninstall
Fit on Page (2.3)
Resizes embeded images in posts to fit the page and not run over.
Created by - G33K - Activate
Forum Runner (1.1.7)
Forum Runner is a add-on to enable native mobile browsing for your forum.
Created by End of Time Studios, LLC Deactivate Uninstall
Google SEO (1.6.5)
Google Search Engine Optimization as described in the official Google's SEO starter guide. Please see the documentation for details.
Created by Andreas Klauer Install & Activate
Hello World! (1.0)
A sample plugin that prints hello world and prepends the content of each post to 'Hello world!'
Created by MyBB Group Activate
Hello PluginLibrary! (hello_pl.php)
A sample plugin for developers that demonstrates the features of the PluginLibrary.
Created by Andreas Klauer Activate Uninstall
HTML in Signatures (0.1)
Allows you to select usergroups who can use HTML in signatures.
Created by Yaldaram Activate
HTML in Posts (1.5)
This plugin adds the possibility to use HTML in posts.
Created by Pirata Nervo Deactivate
Move Posts (1.1.1)
Allows moderators to move posts from one thread to another.
Created by Starpaul20 Deactivate
My Advertisements (2.0.3)
This plugin adds a powerful advertisements manager to your forum.
Created by Pirata Nervo Deactivate
MyBB Extras Highslide (1.0)
Allows you to add highslide to your forum. Highslide will open image attachments and images using [img] tags with a zoom effect.

Created by Janota Deactivate
OUGC Post Character Count Enhancement (1.0)
Strips HTML/MyCode/Quotes from being counted in the minimum/maximum characters per post verification.
Created by Omar Gonzalez Deactivate
PHP and Template Conditionals (2.0)
Allows you to use conditionals and PHP code in templates.
Created by ZiNgA BuRgA Deactivate
PluginLibrary (11)
A collection of useful functions for other plugins.
Created by Andreas Klauer Install & Activate
Posts required to access threads. (1.0)
Requires specified post count set by admin to view specified threads.
Created by Pratik Unadkat (crazy4cs) Deactivate
Registered Links (1.0)
Hides all links from guests requires them to register in order to view
Created by vbgamer45 Deactivate Uninstall
Registration Security Question (1.2)
[Manage Questions]
Adds a randomly selected security question on registration page.

Created by - G33K - Deactivate Uninstall
Shadowbox.js (1.5)
Open thumbnails, images (and much more) with Shadowbox.js.
Created by Sebastian Wunderlich Activate
Spoiler BBCode (1.6)
Hides text specified in the [spoiler] tag.
Created by Sephiroth Deactivate
Thank You/Like System (1.5)
[Configure Settings][Recount Thank Yous/Likes]

Adds option for users to Thank the user for the post or 'Like' the post.
Created by - G33K - Deactivate Uninstall
Moderated Usergroups (1.2)
All posts/threads/attachments posted by users in the specified usergroup(s) will be moderated.
Created by ZiNgA BuRgA Deactivate
Undo Delete (1.2.1)
Allows you to restore deleted threads, posts, polls and attachments.
Created by Sebastian Wunderlich Deactivate Uninstall
User Homepage Control (1.2 FINAL)
This plugin limits the use of homepages for users.
Created by Tom K. Deactivate


RE: Site hacked - Alex Smith - 2013-06-16

Did you go through http://community.mybb.com/thread-133659.html and http://community.mybb.com/thread-110890.html?


RE: Site hacked - DrXotick - 2013-06-17

Okay. I read these before but they still don't offer a clue as to the method or as to how the redirect was happening. Is the diagnosis possible given the symptoms?


RE: Site hacked - Tindris - 2013-06-17

Have they added a file called index.html?


RE: Site hacked - DrXotick - 2013-06-17

You're sure your password wasn't compromised?


RE: Site hacked - snippets69 - 2013-06-17

am not sure at all. but i would think more damage done if so.

i didn't see an index.html, but maybe it was cleaned by tech support. the information regarding index.php being hacked was relayed by the first level tech. she said index.php had been hacked and they had replaced it.

if it really was index.php, it seems strange to me. how does a redirect like this happen if .htaccess is untouched and the site works fine when going to site.com/forum/index.php . seems strange it would work find if it really was index.php that had been hacked.

maybe there was an index.html and the info had just been relayed to me incorrectly.


RE: Site hacked - Tindris - 2013-06-18

Javascript re-direct in the index.php file sounds like the most logic explanation. Is everything working as per normal now?