I have been hacked

[pavemen]

you can uninstall Google SEO, but I recommend leaving it installed and just use teh default functions.php so any SEO links already out there are properly redirected to the default MyBB scheme.

The config.php can be uploaded but you need to update the default one first with your specific info for your site, otherwise it wont be able to connect to the database, find the ACP, etc.

[Blitzburgh]

Okay, I am trying to get my nerve up to do this, but am nervous about just "changing things" because I am not skilled in this.

After careful reconsideration I have decided that I want to try and go the route of fixing my current config.php because I believe I am more comfortable working that side as opposed to tweaking a virgin config.php

Having said that, like I mentioned before, the User name and password that it is showing in my config.php is wrong. At least it is wrong in the sense that it is not what I use to log onto my site. OTOH, I don't know what MyBB uses (or even my host for that matter) to setup the forum on initial install. Maybe it creates a user name and password all itself that I don't know about.

To give you an example I read this on the other 7 page hacked thread where someone caught the fact that their database type was mysql"i" and the example shows a mysql. They thought this was a problem only to find out it wasn't.

So in this regards, I am nervous about just changing things willy nilly without having a clue what I am doing. Is it possible that the only mod to the config.php is all the javascript that has been added down on the bottom is it?

[pavemen]

the username and password that are listed in the config are for the database and are NOT what you use to log in. If your forums loads fine, then that info is still valid, though likely compromised if your config.php has extra code in it.

You should change your database username and password, then update the config file. You should ask your host for help in making adding a DB user/pass and assining that user to your database. Once that is done an dyou change the user/pass in config to the new info and MyBB loads, then ask your host to delete the old DB user.

[Blitzburgh]

Well, hmmm...

Made the changes and then tried to save and got this:


Could not open /home/blitz/public_html/bransonmo65616.com/forum/inc/config.php for writing: Permission denied

Ideas?

---

BTW - through all the discussion about this, a name hasn't been put to the threat (not as near as I can tell) The trojan detected is "object is infected by HEUR:Trojan.Script.Iframer"

[pavemen]

you need to change the permissions of the file to 644 first, so you can write to it.

[Blitzburgh]

Like I said, you are dealing with a rock here. I figured it out and want to thank you for all your assistance.

Last thing and then I will post some praise for all of you.

I "had" (before all the file replacements) pretty good stuff installed that worked to prevent spammers and bots. Is that all lost now? i.e. StopForumSpam, captcha, Question and Answer plugin etc.

Lucky me, I get to go back now and replicate all the steps from today on 2 more forums.

All of you are incredible.

Thanks, Mike

[pavemen]

all your plugins and settings should be fine as you did not mess with the database, just the files.