**Help**My site was hacked"

[sc2forums]

 My site  was hacked



.....

it shows  pyatnickiy Forbidden

You don't have permission to access /track.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2 Server at hxxp:pyatnickiy.ru [nonactive] Port 80

[sc2forums]

my site is sc2-forums. c o m

and it will go to this site pyatnickiy. r u

[Biology Forums]

What version are you running?

Possibly someone guessed your root password.

[TheListener]

Have you ever hosted anything like malware or similar on the forum?

(just a thought on my part).

[LiroyvH]

Possibly someone guessed your root password.

Lol what... Please don't overexagerate things so easily


@OP:
Who is your hosting provider?
Have you contacted them for help yet?
Did you check your logs?

[sc2forums]

Is there a easy way to slove this problem, like add some code to header or delete something ?

Im using godaddy hosting now, I asked godaddy what can I do, they said



"We have detected that your domain sc2-forums . c o m is associated with
a web site that may contain malware. Your site is listed on the Google(R)
malware list and people visiting your site are being notified by their browsers
that your site is not safe to be viewed. If the code being detected is not yours,
you will need to review your site to determine how the code was uploaded to
your site. If you are using a content management system (such as WordPress
or Joomla) you should update it to the latest version to ensure any security
holes are closed. If you remove the code without determining how it was
uploaded to your site, there is a very strong possibility that it will simply
be replaced by whoever initially uploaded it.

You may learn more about malware at  hxxp:www.stopbadware.org/ [nonactive].
Google works to provide the most accurate and up-to-date malware information.
However, it cannot guarantee that its information is comprehensive and error-free:
some risky sites may not be identified, and some safe sites may be identified in error.

Once you have determined how it was uploaded and you have removed the
malware, the owner of the site can submit a request to Google to have your
site re-scanned via the Google webmaster tools. Please note that we cannot
remove the warning or have your site rescanned as we are not the owners
of the Web site.

As a reminder please ensure you are always:

- Using a strong password (at least 8 characters containing
uppercase and lowercase letters, numbers and symbols).

- Keeping any applications you have installed on your site updated.

- Running anti-virus and malware checkers on your local machine.

- Keeping your local machine up to date with the latest patches.

If you have any further questions or concerns please feel free to
contact support at (480) 505-8877.

Sincerely,
Go Daddy
"

[TheListener]

Have you ever hosted anything like malware or similar on the forum?

[sc2forums]

No mods currently installed and its SMF 2.0.4

[TheListener]

I can definately confirm a malware on the forum.

Thanks to avast my pc is safe.

Have you contacted your host?

Scratch that you have.

[sc2forums]

Could u help me, is there a easy way like add some thing to header or delete some file?

[LiroyvH]

Do you host anything else on the account other than the SMF forum?

[sc2forums]

I think i find the problem but i dont know how to delete,
/Sources/Subs-youtube.php
/Sources/youtube.php

when i  delete them it shows "Warning: require_once(/home/content/31/8929131/html/sc2-forums.com/Sources/Subs-youtube.php) [function.require-once]: failed to open stream: No such file or directory in /home/content/31/8929131/html/sc2-forums.com/index.php on line 55

Fatal error: require_once() [function.require]: Failed opening required '/home/content/31/8929131/html/sc2-forums.com/Sources/Subs-youtube.php' (include_path='.:/usr/local/php5/lib/php') in /home/content/31/8929131/html/sc2-forums.com/index.php on line 55"

=====================================================================================================

Code Select Expand

<?php
/********************************************************
* Youtube Integration Mod
* Version: 0.1          
* Founder: Lucas-ruroken || DrHouse (DrMalboro)
* Date: 2010
/**********************************************************/

if (!defined('SMF'))
die('Hacking attempt...');


function loadYoutubeUser($id_member)
{
global $smcFunc, $context;

$id_member = (int)$id_member;

$sql = $smcFunc['db_query']('','
SELECT yim_user
FROM {db_prefix}members
WHERE id_member = {int:member}',
array(
'member' => $id_member,
)
);

$row = $smcFunc['db_fetch_assoc']($sql);
$smcFunc['db_free_result']($sql);

$context['youtube_user'] = $row['yim_user'];

}

function modifyYoutubeUser($id_member, $user)
{
global $smcFunc;

$smcFunc['db_query']('','
UPDATE {db_prefix}members
SET yim_user = {text:user}
WHERE id_member = {int:member}',
array(
'user' => $user,
'member' => $id_member,
)
);

}

function sah($variable)
{
$variable = htmlspecialchars(addslashes(stripslashes($variable)),ENT_QUOTES);

return $variable;
}

//This function appear in the index.php file
function loadYoutubeData()
{
global $boarddir;

require_once($boarddir.'/Zend/Loader.php'); //Library
Zend_Loader::loadClass('Zend_Gdata_YouTube');
}
function printVideoFeed2($videoFeed, $id)
{

$i = 1;
foreach ($videoFeed as $videoEntry)
{
if($id == $i)
$load = printVideoEntry2($videoEntry);

$i++;
}

return $load;

}


function printVideoFeed($videoFeed) 
{
$i = 1;
$id = 1;
foreach ($videoFeed as $videoEntry)
{
if($i == 1)
{
$win = 'windowbg';
$cat = 'cat';
$i++;
}
else
{
$win = 'windowbg2';
$cat = 'title';
$i = 1;
}
printVideoEntry($videoEntry, $win, $cat, $id);
$id++;
}
  
}

function printVideoEntry2($videoEntry)
{
$url = $videoEntry->getFlashPlayerUrl();
$url = explode('?',$url);

$thumbs = $videoEntry->getVideoThumbnails();
$youtube['thumbs'] = array();
$i = 1;
foreach($thumbs AS $thumb)
{
if($i == 1)
{
$youtube['thumbs'] = array(
'time' => $thumb['time'],
'image' => $thumb['url'],
'height' => '50', //$thumb['height'],
'width' => '50', //$thumb['width'],
);
}
$i++;
}

$youtube = array(
'video_title' => $videoEntry->getVideoTitle(),
'description' => $videoEntry->getVideoDescription(),
'cat' => $videoEntry->getVideoCategory(),
'tags' => implode(", ", $videoEntry->getVideoTags()),
'url' => $videoEntry->getVideoWatchPageUrl(),
'duration' => $videoEntry->getVideoDuration(),
'views' => $videoEntry->getVideoViewCount(),
'rating' => $videoEntry->getVideoRatingInfo(),
'url_embed' => $url[0], 
'thumb' => $youtube['thumbs']['image'],
);
return $youtube;
}

function printVideoEntry($videoEntry, $win, $cat, $id) 
{
global $youtube, $settings, $txt, $scripturl, $context;

$youtube = array();

$url = $videoEntry->getFlashPlayerUrl();
$url = explode('?',$url);

//The.... little array :P
$youtube = array(
'video_title' => $videoEntry->getVideoTitle(),
'description' => $videoEntry->getVideoDescription(),
'cat' => $videoEntry->getVideoCategory(),
'tags' => implode(", ", $videoEntry->getVideoTags()),
'url' => $videoEntry->getVideoWatchPageUrl(),
'duration' => $videoEntry->getVideoDuration(),
'views' => $videoEntry->getVideoViewCount(),
'rating' => $videoEntry->getVideoRatingInfo(),
//'url_embed' => $url[0], 
);

$thumbs = $videoEntry->getVideoThumbnails();
$youtube['thumbs'] = array();

foreach($thumbs AS $thumb)
$youtube['thumbs'][] = array(
'time' => $thumb['time'],
'image' => $thumb['url'],
'height' => '50', //$thumb['height'],
'width' => '50', //$thumb['width'],
);

//YEAH, load the videos (H)
echo'
<div class="'.$cat.'_bar">
<h4 class="'.$cat.'bg">
<a href="'.$scripturl.'?action=profile;area=youtubeuser;u='.$context['member']['id'].';sa=id;id='.$id.'">
<img src="'.$settings['default_images_url'].'/youtube/accept.png" alt="" style="vertical-align: middle;" />&nbsp;'.$youtube['video_title'].'
</a>
</h4>
</div>';

echo'
<div class="'.$win.'"><span class="topslice"><span></span></span>
<table style="width: 100%;">
<tr>
<td valign="top" style="width: 30%; text-align: center;">';
$i = 0;
foreach($youtube['thumbs'] AS $new)
{
if($i < 2)
{
echo'
<img style="width: 90px; height: 90px;" alt="" src="'.$new['image'].'" />&nbsp;';
}
$i++;
}

echo'

</td>
<td valign="top" style="font: tahoma; width: 35%; text-align: left;" class="smalltext">
<strong>'.$txt['profile_yim_1_title'].':</strong> '.$youtube['video_title'].'<br />
<strong>'.$txt['profile_yim_1_cat'].':</strong> '.$youtube['cat'].'<br />
<strong>'.$txt['profile_yim_1_tags'].':</strong> '.$youtube['tags'].'<br />
<strong>'.$txt['profile_yim_1_views'].':</strong> '.$youtube['views'].'<br />
<strong><a href="'.$scripturl.'?action=profile;area=youtubeuser;u='.$context['member']['id'].';sa=id;id='.$id.'">'.$txt['profile_yim_1_viewfull'].'</a></strong>
</td>
<td valign="top" style="font: tahoma; width: 35%; text-align: left;" class="smalltext">
<strong>'.$txt['profile_yim_1_description'].':</strong> '.$youtube['description'].'
</td>
</tr>
</table>
<span class="botslice"><span></span></span></div><br />';


  
  
 
}

function YoutubeFunctionLoadAsd($true_or_false = true)
{
$load = '
PGJyIC8+PGRpdiBhbGlnbj0iY2VudGVyIiBjbGFzcz0ic21hbGx0ZXh0Ij5ZSU0gYnkgPGEgaHJlZj0iaHR0cDovL3d3dy5zbWZwZXJzb25hbC5uZXQiIHRhcmdldD0iX2JsYW5rIj5TTUYgUGVyc29uYWw8L2E+PGJyIC8+UG93ZXJlZCBieSA8YSBocmVmPSJodHRwOi8vd3d3LnlvdXR1YmUuY29tIiByZWw9Im5vZm9sbG93Ij5Zb3V0dWJlPC9hPjwvZGl2Pg==';

$load = base64_decode($load);

echo $load;
}

function getAndPrintUserUploads($userName)                    
{
  $yt = new Zend_Gdata_YouTube();
  printVideoFeed($yt->getuserUploads($userName));
}
function getAndPrintUserUploads2($userName, $id)                    
{
$yt = new Zend_Gdata_YouTube();
$load = printVideoFeed2($yt->getuserUploads($userName), $id);
return $load;
}


function loadTheRememberText()
{
global $modSettings, $txt, $user_info, $settings, $scripturl;

if(!empty($modSettings['yim_enable']) && empty($user_info['yim_user']) && empty($user_info['yim_cartel']) && !empty($modSettings['yim_add_a_cartel']) && !$user_info['is_guest'])
echo'
<div class="approvebg"><span class="topslice"><span></span></span>
<div class="content">
<div align="center"><strong>'.$txt['profile_a_cartel'].'</strong></div>
<div class="smalltext" align="right">
<a href="'.$scripturl.'?action=youtube;sa=deletecartel">
<img style="vertical-align: middle;" src="'.$settings['default_images_url'].'/youtube/wrench.png" alt="" />&nbsp;'.$txt['profile_a_cartel_delete'].'
</a>
</div>
</div>
<span class="botslice"><span></span></span></div><br />';


}

?>

[TheListener]

Please use the # bbcode button when posting code.

Did you delete the mod before uninstalling?

[mashby]

Wondering what is wrong with those two files? I don't see anything suspicious in either of them. Do you see other files that don't look right?

[Sir Osis of Liver]

You're not going to outsmart the hacker.  Delete everything from the forum root down, reinstall SMF from clean install or large upgrade package, reinstall your mods and themes, and hope your database isn't trashed.

[sc2forums]

Could u help me How can I find out which file contain malware？

[LiroyvH]

It would help if you answer questions asked rather than asking more questions instead.

[Arantor]

As in: don't bother trying to hunt down which files were infected, instead just do as asked and overwrite all the files with known good ones.

[mashby]

Krash has a good point of course. You're trying to find a needle in the haystack. The folders/files I can think you may want to download before wiping them out. Possibly everything. Attachments and avatars might be of use which won't be restored if you wipe everything. Might be other things, too.

[kat]

Instead of reporting this topic to the moderators, which is REALLY not going to help, can you answer some of the questions that have been raised?

It's been four months since they were asked, after all.

[ARG01]

Not that it matters since the OP has not been active for three months but this quote is a major contributor to his/her issue.

Im using godaddy hosting now...

By experience I know that GD servers are less secure than other big name hosts. Also when an issue such as this arises, after a week or so of delayed replies, in the end they expect the customer to fend for themselves. Other popular hosts will work with you and usually find the issue and make necessary repairs to get you back on track.

Just say'in. 

[kat]

He has been active, kinda. He report this post to the moderators.

**Help**My site was hacked" by sc2forums

« Last Reported: Today at 01:23:22 PM »
« Reported By: lekan18 »

  My site  was hacked
.....

it shows  pyatnickiy Forbidden

You don't have permission to access /track.php on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Apache/2 Server at pyatnickiy.ru Port 80

Quite what track.php is, I don't know. (Nor do I care, much, to be honest).

It COULD be this site: http://www.sc2-forums.com

Can't be sure, though, obviously.