site hacked

[Kitty Hello]

Yes, it seem so.
Propably all of my php files start with:

Code (glbasic) Select Expand


<? /**/eval(base64_decode('aWY ... fQ==')); ?>


I've been hacked. The decoding is not possible to me. I have no idea how to protect against that.
If anyone is a true webadmin that can help me, please send me an PM.

If there's no one, I must move to another service provider, since I'm not capable of running a server myself (as you can see).

[MrTAToad]

The <a ref> section is certainly a mess - someone certainly likes their high-powered cars...

Aside from restoring the main site, assuming you have some time left with the current service provider, I would get all passwords changed and then move when the contract is finished.

[Hatonastick]

I wondered what was going on.  Seen a few odd (as in weird) PHP errors a few times and thought that something wasn't right.

[Hemlos]

Seems like you have been "back door", and a php "virus" was injected.

I found a few ways to decrypt that Gernot.

http://www.google.com/search?hl=en&q=%3C%3F+%2F**%2Feval%28base64_decode%28%27aWY+...+fQ%3D%3D%27%29%29%3B+%3F%3E&btnG=Google+Search

I dont want to be your webmaster though....lol, i thought that was Schranz0rs job

[Kitty Hello]

It was an attack to the forum. The hole has been patched, already and now here, too.

[Hemlos]

hmm..

Just a couple more notes and thoughts here..

You have recently installed an update for the forums, right?
Perhaps this updated software had one of those adware php virus problems.
If you click the link i posted above, you will find some other forums that had similiar problems.

And one other thing...moru... hes pretty smart with this stuff...
check this: http://gamecorner.110mb.com/index.php?page=base64-encode-decode-library

[Ian Price]

That's really shite

I just don't get the mentality of the scum that does this type of thing. Just because they can, doesn't mean they should. They could use their "1337 skillz" to help secure sites, but nope they have their fun and move along to their next target. Sigh.

[Hemlos]

There is a slight chance gernot installed this unknowingly.

Gernot, can you post the encoding into the webpage here....just the code, not the tags with it.

and {code} {/code} it too.


I think we can find the source of the problem...Maybe not me, but one of us might solve this im sure.

Moru might be able to help, just need to wait for him to come online, as i dont have his phone #.

[Moru]

This is the sad part about running a common forum, you have to keep it patched. On the other hand if you create your forum code yourself there will be bugs anyway and when something happens you need to fix it yurself. I understand you got it already patched so no worries. Change all passwords and compare all files to what you have in the backup on your disc. Might want to check thru the users in the database too so noone has admin rights all of a sudden.