2011-10-17, 05:03 AM
After install I change the file to 644 but I believe 444 will be fine too.
Security Issue
|
2011-10-17, 05:03 AM
After install I change the file to 644 but I believe 444 will be fine too.
2011-10-17, 05:53 AM
open the config.php file and check any vulnerability script added inside it...
i belief after few more blank lines there may be vulnerable code passing you information check out the post http://community.mybb.com/thread-105780-...#pid772311
2011-10-17, 08:37 AM
You should also check with your host as some hosts automatically lower the chmods of files that are chmoded to 777.
2011-10-17, 03:42 PM
(This post was last modified: 2011-10-17, 04:30 PM by Frank.Barry.)
This was in the config.php file :
2011-10-17, 04:06 PM
(This post was last modified: 2011-10-17, 04:10 PM by aglioeolio.)
EDIT: I've just read your last post now... your file was seriously modified http://wiki.mybb.com/index.php/Inc/config.php
--------------------- I think it's a HOST action, too. I'm hosted at Mediatemple Gridserver and I think that they have enabled a script to CHMOD to 0444 such plain text files with passwords, when uploaded. Default to other files is 0755 Anyway if \inc\config.php is not writable it's a good think to your security, I see that warning in Maintenance under AdminCP and don't give a orange to it To increase security you can add in your-forum-url/inc/ this: File: /inc/.htaccess
2011-10-17, 04:08 PM
That's injection code. You're compromised.
2011-10-17, 04:18 PM
What shall I do ?
2011-10-17, 04:27 PM
Delete the code, or just download and re-upload the most recent version of MyBB.
-Paul H.
Cogisne lingua latina?
2011-10-17, 04:31 PM
(2011-10-17, 04:27 PM)Paul H. Wrote: Delete the code, or just download and re-upload the most recent version of MyBB. wont include config.php though, so upload all new MyBB code (download it again from the site today) and then upload it all. clean up existing config.php delete settings.php and let myBB recreate it. secure your site, change passwords, run security checks on templates, browse your site's file system for odd files you dont recognize, etc.
Lost interest, sold my sites, will browse here once in a while. It's been fun.
2011-10-17, 04:44 PM
My guess is that you should have an expert fix and secure this for you. It's likely that it's all backdoored and unless you're thorough to remove every trace of the exploit you'll just be compromised again.
|
« Next Oldest | Next Newest »
|