SMF 2.0.19 has been released! Please update. Read more.
Started by vHawkeyev, May 01, 2009, 10:47:02 AM
Quoteand nothing I upload shows on my server in attachment dir.
Quote from: ConquerorOfMankind on May 22, 2009, 10:31:51 AMQuoteand nothing I upload shows on my server in attachment dir.Did you set chmod rights correctly?
Quote from: Kindred on May 22, 2009, 01:28:17 PMthe failure of a mod to install has no bearing on the hack... the test failed suggests that something has changed the code that the mod is looking for so that it can not automatically install. You will have to manually install the mod into those files.
249 32 theme_dir ./attachments/avatar_249.gif\0280 32 theme_dir ./attachments/avatar_280.jpg�488 32 theme_dir ./attachments/avatar_488.jpg�
Quote<H> I had zero posts when I started posting
Quote from: zkizzik2 on May 22, 2009, 07:21:44 PMMore bugs for smf 1.1.9http://foro.elhacker.net/nivel_web/bug_en_smf_118_y_119-t255613.0.htmlAtt, WHK.
Quote from: oakview on May 07, 2009, 01:59:12 AMI'm a victim too, and took another route in preventing future attacks. First, I didn't have backups so I downloaded and cleaned the files using this Linux bash script with base64_encode as the search term. The script deletes that line entirely, leaving no white space:Code Select Expand#!/bin/bashfind /directory_name '*.php' -type f | while read FILEdosed -i '/base64_decode/ d' "$FILE"doneThis cleaned everything recursively, but I did have to replace one file that had a legit line with the search term in it (can't remember which one, but you'll know from the error it generates). Then I uploaded the clean files and was back in business. Took about an hour to do all this.
#!/bin/bashfind /directory_name '*.php' -type f | while read FILEdosed -i '/base64_decode/ d' "$FILE"done
zip -R filename '*.php'
Quote from: Ratiomaster on May 24, 2009, 02:09:52 PMI've made a php script that will clean all infected files on your server (attached)Just put it in the root directory and it will search and remove junk line from all php's recursively.Btw, is there other problems caused by this hack ? Like does it install some backdoors that need to be removed as well ?