Parse error: unexpected T_LNUMBER in Subs.php

fabteam · May 01, 2010, 09:18:48 AM

Hi all

Everything was working fine until one morning I got this message:

Parse error: syntax error, unexpected T_LNUMBER in /homez.158/fabteam/www/forum/Sources/Subs.php on line 3422

I am using SMF SMF 2.0 RC1-1 and PortaMX mod and attached the Subs.php file to my message.

I have no clue about what happened and I cannot understand what is this issue with line 3422.

Thank you for your help.

CapadY · May 01, 2010, 09:49:35 AM

For me it looks like the file is infected.

Give it a try withe the attached file (rename is to subs.php)

fabteam · May 01, 2010, 09:56:49 AM

thanks Capady

Now I have this message:

Code Select

Parse error: syntax error, unexpected T_LNUMBER, expecting ',' or ';' in /homez.158/fabteam/www/forum/Sources/Load.php on line 2029

when you said 'infected' what do you mean ?
my forum has been hacked or something ?

edit: i added Load.php

Kays · May 01, 2010, 10:49:57 AM

That file is probably infected, I can't even download it. Yes there's a good chance that your forum was hacked.

Download the large upgrade package for your version SMF from here. And reupload all of the files in it to your forum overwriting the existing files. This will remove all of the mods you have installed.

Also please see: How do I make my forum safer against hacker attacks?

fabteam · May 01, 2010, 02:08:28 PM

ok thank very much you for you reply and your help
I deleted all the .php files

Norv · May 01, 2010, 02:49:58 PM

fabteam: if you don't mind, could you please send it in a security report (link in my signature) - or PM, or post it as I'll remove it as soon as I download it? I would be very interested to take a look at it.
Thank you very much, and sorry for the trouble.

CapadY · May 01, 2010, 05:36:24 PM

Quote from: Norv on May 01, 2010, 02:49:58 PM
fabteam: if you don't mind, could you please send it in a security report (link in my signature) - or PM, or post it as I'll remove it as soon as I download it? I would be very interested to take a look at it.

If you are interested, I still have the infected Subs.php on my local computer.

There is a javascript infection in it at two places.

Norv · May 01, 2010, 05:36:40 PM

Yes, please.

CapadY · May 01, 2010, 06:06:22 PM

Quote from: Norv on May 01, 2010, 05:36:40 PM
Yes, please.

Because I can't add an attachement to a PM I'll post it right here as an attachement. (renamed).

Norv · May 01, 2010, 06:58:13 PM

Thank you very much capady!
I think there should be no much worries about the file, it can't run properly anyway even if put in a web browser. It's a hack, of course, but at least in this file, not one with much consequences. (except that it gave errors and we could find out about it, well)

fabteam: I would appreciate any other files, or access to them, if it's possible and acceptable. In case you agree, please feel free to send me by PM anything you may wish, FTP access or control panel access included if it's okay. Of course, in case you are not comfortable with it, then please don't.
Any other files from SMF or other web software you may have installed, are appreciated, in any form.
Thank you for considering it.

fabteam · May 02, 2010, 04:41:43 AM

ok let me check with my hoster how I can change my ftp lgn/pwd

what do you mean by "security report " ?

smp420 · May 02, 2010, 04:47:36 AM

In Norv's signature you will see a link to file a security report.

Antechinus · May 02, 2010, 05:03:42 AM

Upgrade to RC3 immediately too. RC1-1 has a lot of security holes.

fabteam · May 02, 2010, 05:08:50 AM

Security report sent

News:

Parse error: unexpected T_LNUMBER in Subs.php