+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Archived Development and Support (https://community.mybb.com/forum-155.html)
+----- Forum: MyBB 1.6 (https://community.mybb.com/forum-138.html)
+------ Forum: 1.6 General Support (https://community.mybb.com/forum-127.html)
+------ Thread: Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he (/thread-179261.html)
Pages:
1
2
Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he - DrXotick - 2015-09-16
His McAfee web filter came up with /forum/moderation.php contained the virus "JS/Exploit-Blacole.He"
I downloaded moderation.php and scanned it online through all scanners and it came up with nothing.
What further action should I take?
RE: Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he - Josh H. - 2015-09-16
Check your JavaScript files (jscripts/) for suspicious code, check moderation templates as well for anything weird. Running the File Verification tool in the ACP may also help you here, as it could uncover a different core file that may be compromised and causing this.
RE: Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he - DrXotick - 2015-09-16
I wouldn't know what suspicious code looks like. I'm not a JS programmer. I compressed all jscripts into a .rar and had it checked again on the web (virustotal.com) and nothing came up.
Took a look at changed moderation templates and nothing look odd.
I did the file verification tool and it came up with
[spoiler]
stats.php Changed
inc/functions_modcp.php Changed
inc/functions_warnings.php Changed
inc/mybb_group.php Changed
inc/mailhandlers/php.php Changed
inc/functions_task.php Changed
inc/functions_rebuild.php Changed
inc/plugins/hello.php Changed
inc/class_bitwise.php Changed
inc/cachehandlers/xcache.php Changed
inc/cachehandlers/eaccelerator.php Changed
inc/class_parser.php Changed
inc/class_custommoderation.php Changed
inc/tasks/logcleanup.php Changed
inc/tasks/threadviews.php Changed
inc/tasks/usercleanup.php Changed
inc/tasks/backupdb.php Changed
inc/languages/english/reputation.lang.php Changed
inc/languages/english/showteam.lang.php Changed
inc/languages/english/ratethread.lang.php Changed
inc/languages/english/akismet.lang.php Changed
inc/languages/english/usercp.lang.php Changed
inc/languages/english/index.lang.php Changed
inc/languages/english/private.lang.php Changed
inc/languages/english/moderation.lang.php Changed
inc/languages/english/announcements.lang.php Changed
inc/languages/english/managegroup.lang.php Changed
inc/languages/english/usercpnav.lang.php Changed
inc/languages/english/admin/tools_optimizedb.lang.php Changed
inc/languages/english/admin/config_post_icons.lang.php Changed
inc/languages/english/admin/user_module_meta.lang.php Changed
inc/languages/english/admin/config_spiders.lang.php Changed
inc/languages/english/admin/config_badwords.lang.php Changed
inc/languages/english/admin/config_attachment_types.lang.php Changed
inc/languages/english/admin/forum_module_meta.lang.php Changed
inc/languages/english/admin/tools_php_info.lang.php Changed
inc/languages/english/admin/style_templates.lang.php Changed
inc/languages/english/admin/config_module_meta.lang.php Changed
inc/languages/english/admin/config_help_documents.lang.php Changed
inc/languages/english/admin/home_module_meta.lang.php Changed
inc/languages/english/admin/config_calendars.lang.php Changed
inc/languages/english/admin/config_warning.lang.php Changed
inc/languages/english/admin/config_mod_tools.lang.php Changed
inc/languages/english/admin/tools_maillogs.lang.php Changed
inc/languages/english/admin/user_group_promotions.lang.php Changed
inc/languages/english/admin/config_mycode.lang.php Changed
inc/languages/english/admin/tools_backupdb.lang.php Changed
inc/languages/english/admin/user_admin_permissions.lang.php Changed
inc/languages/english/admin/tools_recount_rebuild.lang.php Changed
inc/languages/english/admin/tools_warninglog.lang.php Changed
inc/languages/english/admin/tools_module_meta.lang.php Changed
inc/languages/english/admin/user_groups.lang.php Changed
inc/languages/english/admin/user_banning.lang.php Changed
inc/languages/english/admin/home_preferences.lang.php Changed
inc/languages/english/admin/config_banning.lang.php Changed
inc/languages/english/admin/tools_mailerrors.lang.php Changed
inc/languages/english/admin/tools_statistics.lang.php Changed
inc/languages/english/admin/config_languages.lang.php Changed
inc/languages/english/admin/config_thread_prefixes.lang.php Changed
inc/languages/english/admin/config_plugins.lang.php Changed
inc/languages/english/admin/home_version_check.lang.php Changed
inc/languages/english/admin/home_dashboard.lang.php Changed
inc/languages/english/admin/tools_cache.lang.php Changed
inc/languages/english/admin/forum_akismet.lang.php Changed
inc/languages/english/admin/home_credits.lang.php Changed
inc/languages/english/admin/style_themes.lang.php Changed
inc/languages/english/admin/forum_moderation_queue.lang.php Changed
inc/languages/english/admin/style_module_meta.lang.php Changed
inc/languages/english/printthread.lang.php Changed
inc/languages/english/search.lang.php Changed
inc/languages/english/customhelpdocs.lang.php Changed
inc/languages/english/mailhandler.lang.php Changed
inc/languages/english/newreply.lang.php Changed
inc/languages/english/memberlist.lang.php Changed
inc/languages/english/archive.lang.php Changed
inc/languages/english/editpost.lang.php Changed
inc/languages/english/report.lang.php Changed
inc/languages/english/newthread.lang.php Changed
inc/languages/english/customhelpsections.lang.php Changed
inc/languages/english/syndication.lang.php Changed
inc/languages/english/datahandler_event.lang.php Changed
inc/languages/english/datahandler_pm.lang.php Changed
inc/languages/english/misc.lang.php Changed
inc/languages/english/calendar.lang.php Changed
inc/languages/english/stats.lang.php Changed
inc/languages/english/xmlhttp.lang.php Changed
inc/languages/english/forumdisplay.lang.php Changed
inc/languages/english/online.lang.php Changed
inc/languages/english/portal.lang.php Changed
inc/languages/english/sendthread.lang.php Changed
inc/class_feedparser.php Changed
inc/datahandler.php Changed
inc/functions_massmail.php Changed
inc/functions_posting.php Changed
inc/adminfunctions_templates.php Changed
inc/class_timers.php Changed
rss.php Changed
css.php Changed
admin/index.php Changed
admin/modules/config/post_icons.php Changed
admin/modules/config/profile_fields.php Changed
admin/modules/config/warning.php Changed
admin/modules/config/module_meta.php Changed
admin/modules/config/spiders.php Changed
admin/modules/config/thread_prefixes.php Changed
admin/modules/config/badwords.php Changed
admin/modules/config/attachment_types.php Changed
admin/modules/config/mycode.php Changed
admin/modules/config/banning.php Changed
admin/modules/style/templates.php Changed
admin/modules/style/module_meta.php Changed
admin/modules/user/group_promotions.php Changed
admin/modules/user/module_meta.php Changed
admin/modules/user/groups.php Changed
admin/modules/user/users.php Changed
admin/modules/user/titles.php Changed
admin/modules/user/mass_mail.php Changed
admin/modules/user/banning.php Changed
admin/modules/forum/module_meta.php Changed
admin/modules/forum/management.php Changed
admin/modules/tools/cache.php Changed
admin/modules/tools/module_meta.php Changed
admin/modules/tools/tasks.php Changed
admin/modules/tools/php_info.php Changed
install/images/bullet.gif Missing
install/images/content_bg.gif Missing
install/images/error_bg.gif Missing
install/images/h2-admin.gif Missing
install/images/h2-config.gif Missing
install/images/h2-createtables.gif Missing
install/images/h2-dbconfig.gif Missing
install/images/h2-finish.gif Missing
install/images/h2-license.gif Missing
install/images/h2-requirements.gif Missing
install/images/h2-tablepopulate.gif Missing
install/images/h2-theme.gif Missing
install/images/h2-welcome.gif Missing
install/images/index.html Missing
install/images/submit_bg.gif Missing
install/images/tcat_bg.gif Missing
install/images/thead_bg.gif Missing
install/index.php Missing
install/resources/adminoptions.xml Missing
install/resources/adminviews.xml Missing
install/resources/index.html Missing
install/resources/language.lang.php Missing
install/resources/mybb_theme.xml Missing
install/resources/mysql_db_inserts.php Missing
install/resources/mysql_db_tables.php Missing
install/resources/output.php Missing
install/resources/pgsql_db_tables.php Missing
install/resources/settings.xml Missing
install/resources/sqlite_db_tables.php Missing
install/resources/tasks.xml Missing
install/resources/upgrade1.php Missing
install/resources/upgrade10.php Missing
install/resources/upgrade11.php Missing
install/resources/upgrade12.php Missing
install/resources/upgrade13.php Missing
install/resources/upgrade14.php Missing
install/resources/upgrade15.php Missing
install/resources/upgrade16.php Missing
install/resources/upgrade17.php Missing
install/resources/upgrade18.php Missing
install/resources/upgrade19.php Missing
install/resources/upgrade2.php Missing
install/resources/upgrade20.php Missing
install/resources/upgrade21.php Missing
install/resources/upgrade22.php Missing
install/resources/upgrade23.php Missing
install/resources/upgrade24.php Missing
install/resources/upgrade25.php Missing
install/resources/upgrade26.php Missing
install/resources/upgrade27.php Missing
install/resources/upgrade28.php Missing
install/resources/upgrade29.php Missing
install/resources/upgrade3.php Missing
install/resources/upgrade4.php Missing
install/resources/upgrade5.php Missing
install/resources/upgrade6.php Missing
install/resources/upgrade7.php Missing
install/resources/upgrade8.php Missing
install/resources/upgrade9.php Missing
install/resources/usergroups.xml Missing
install/stylesheet.css Missing
install/upgrade.php[/spoiler]
RE: Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he - Leefish - 2015-09-16
What version of MyBB are you using?
RE: Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he - DrXotick - 2015-09-16
Hello Leefish,
Am now on 1.6.18.
RE: Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he - Leefish - 2015-09-16
I see. It is odd that all of those files are showing as changed; can you reupload : inc/functions_modcp.php and see if it still shows as changed?
RE: Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he - DrXotick - 2015-09-16
I reuploaded that file and it no longer shows as changed... I wonder if somewhere along the line I upgraded with a partial file package when I should have upgraded with the full package?
RE: Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he - Leefish - 2015-09-16
Yea, I advise you to reupload the 1.6.18 files.
RE: Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he - DrXotick - 2015-09-16
Okay Leefish,
Thank you for your advice.
I have reuploaded the entire 1.6.18 package...
I'm assuming I should not run the upgrade script, so I've renamed the install folder. Everything seems to be operating normally.
The changed files now don't show any changed files other than the missing install files as pasted previously.
Seem okay?
I will have my moderator check if he's getting the same warning as previously. I'm guessing there are two different issues here (files changed, and the virus warning), but perhaps replacing all files has taken care of both problems...?
RE: Mod getting /forum/moderation.php contained the virus "JS/Exploit-Blacole.he - .m. - 2015-09-16
^ virus warning might still appear.
if the file does not appear as changed in file verification then you can ignore that warning.