phpBB2Refugees.com Logo
Not affiliated with or endorsed by the phpBB Group

Register •  Login 

Continue the legacy...

Welcome to all phpBB2 Refugees!Wave Smilie

This site is intended to continue support for the legacy 2.x line of the phpBB2 bulletin board package. If you are a fan of phpBB2, please, by all means register, post, and help us out by offering your suggestions. We are primarily a community and support network. Our secondary goal is to provide a phpBB2 MOD Author and Styles area.

pane=left (code injected)


 
Search this topic... | Search General Support... | Search Box
Register or Login to Post    Index » General Support  Previous TopicPrint TopicNext Topic
Author Message
~Cowboy~
Board Member



Joined: 08 Dec 2008

Posts: 297
Location: Chicago


flag
PostPosted: Mon Jan 05, 2009 4:49 am 
Post subject: pane=left (code injected)

I just loaded a copy of NBS multiforum and a new copy of phpbb 2.0.23

I got the multiboard running and created a forum.
When I went to the forum ACP that was just created it was dark blue with a kezfun button in it. When I looked at the page code I found a .css file from kezfun (which seams to be cartoon porn) was injected into that frame.

Perhaps it was a dirty copy of phpbb or something but I am determined to find out how it got in there.

I have searched every file I could think of for it but cant seam to locate it.

Any Ideas??
Image link

_________________
Image link
We are not refugees we are trail blazers. icon_wink.gif
Back to top
Sylver Cheetah 53
Board Member



Joined: 17 Dec 2008

Posts: 426
Location: Milky Way


flag
PostPosted: Mon Jan 05, 2009 7:05 am 
Post subject: Re: pane=left (code injected)

Hy, Cowboy!

I think you can open all files in Notepad++, because it gots "search in files". And you put a filet and a directory to look into and it will search in all files in that directory. icon_wink.gif

Regards,
Daniel

_________________
Image link
My Forum || My Blog

phpBB2 forever! icon_smile.gif
Back to top
~Cowboy~
Board Member



Joined: 08 Dec 2008

Posts: 297
Location: Chicago


flag
PostPosted: Mon Jan 05, 2009 12:30 pm 
Post subject: Re: pane=left (code injected)

Open all files in notepad ? wahh? icon_eek.gif

I don't understand what your saying..

I looked through most of them already for The typical stuff but this one has me stumped.

I even deleted the admin files one at a time. to try to find it.

Any clues on this one?

Edit:

I opened only the left pane frame and looked at the code from the browser and found this just above the phpbb.com copywright:




Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>

<head>
<title>Wet T-Shirt - picture</title>

<link rel="stylesheet" type="text/css" href="http://kezfun.net/css/style.css">



</head>


<div style='width: 1000px; float: left;'>
<div id='loading'><img src='http://media2.kezfun.net/imgs/loading_page_anim.gif' alt='KezFun - Page is Loading ..'></div>


I have searched every file I can think of to find a reference to this but I can not seam to find it.. I am thinking it is named something other then Kezfun..

Where would be the most likely place to look?

_________________
Image link
We are not refugees we are trail blazers. icon_wink.gif
Back to top
drathbun
Board Member



Joined: 24 Jul 2008

Posts: 729
Location: Texas


flag
PostPosted: Mon Jan 05, 2009 1:42 pm 
Post subject: Re: pane=left (code injected)

I'm not sure what you are asking... didn't you already find what the problem is? Your admin left code has been compromised in some way. What are you still looking for? icon_confused.gif
_________________
phpBBDoctor Blog
Back to top
~Cowboy~
Board Member



Joined: 08 Dec 2008

Posts: 297
Location: Chicago


flag
PostPosted: Mon Jan 05, 2009 1:47 pm 
Post subject: Re: pane=left (code injected)

Im looking for the cause of that... I cant seam to find it. icon_sad.gif
_________________
Image link
We are not refugees we are trail blazers. icon_wink.gif
Back to top
Sylver Cheetah 53
Board Member



Joined: 17 Dec 2008

Posts: 426
Location: Milky Way


flag
PostPosted: Mon Jan 05, 2009 4:40 pm 
Post subject: Re: pane=left (code injected)

~Cowboy~ wrote:
Open all files in notepad ? wahh? icon_eek.gif
[...]

I was thinking that you do not have to open file by file and then find in that file to find what you're lookin' for, instead you can open all files in Notepad++ and search in all files at a time. I mean not one by one, Notepad++ has the option to search in all files. icon_smile.gif I hope you understand what I say and I hope you find what you're lookin' for. icon_smile.gif

_________________
Image link
My Forum || My Blog

phpBB2 forever! icon_smile.gif
Back to top
~Cowboy~
Board Member



Joined: 08 Dec 2008

Posts: 297
Location: Chicago


flag
PostPosted: Mon Jan 05, 2009 5:53 pm 
Post subject: Re: pane=left (code injected)

That might be a good way to go if I knew what I was looking for..

Its obviously Placed in there in a way to try to keep people from finding it.

I appears t be a page injected into a file somewhere but the page names probably not kezfun its more likely be something obscure..

I think what I need is a lst of fies that are accesses when that age is opened. am not familiar with his type of problem...

I don't know if it came in the NBS install or the Phpbb 2.0.23 install. all I know is it wad to be in one of them.

Perhaps I will have to do a reinstall but I would really like t know how to fx it in case I run into something like this again

_________________
Image link
We are not refugees we are trail blazers. icon_wink.gif
Back to top
lumpy burgertushie
Board Member



Joined: 18 Nov 2008

Posts: 266


flag
PostPosted: Mon Jan 05, 2009 7:59 pm 
Post subject: Re: pane=left (code injected)

well, I don't believe that type of thing is possible withe phpbb .23
so it most likely is the NBS files that they got in through.

robert
Back to top
~Cowboy~
Board Member



Joined: 08 Dec 2008

Posts: 297
Location: Chicago


flag
PostPosted: Mon Jan 05, 2009 8:02 pm 
Post subject: Re: pane=left (code injected)

Thanks for that icon_smile.gif

Ihave already started my search through those files but I havent found anything yet.

Is there a specific piece of code I should be looking for ?

_________________
Image link
We are not refugees we are trail blazers. icon_wink.gif
Back to top
lumpy burgertushie
Board Member



Joined: 18 Nov 2008

Posts: 266


flag
PostPosted: Mon Jan 05, 2009 11:56 pm 
Post subject: Re: pane=left (code injected)

I don't think you are looking for any code. you already found the code they injected. You need to figure out how they did it. what file they used to be able to do it, etc.

I would assume that it would be something in that NBS software that is not secure .


robert
Back to top
~Cowboy~
Board Member



Joined: 08 Dec 2008

Posts: 297
Location: Chicago


flag
PostPosted: Tue Jan 06, 2009 12:01 am 
Post subject: Re: pane=left (code injected)

The problem is I can't find it to remove it...IT doesn't seam to show up in the files that I expected it to be in..
_________________
Image link
We are not refugees we are trail blazers. icon_wink.gif
Back to top
drathbun
Board Member



Joined: 24 Jul 2008

Posts: 729
Location: Texas


flag
PostPosted: Tue Jan 06, 2009 1:49 am 
Post subject: Re: pane=left (code injected)

Did you remove the code you found in the file you linked? It's linking to an external file for the rest of the content, so you won't find it on your server.

So there are two questions here, right? First, how to remove it, and second how to prevent it from happening again. There are two places I would start looking... first, in the php code itself that generates the left panel of the ACP. Second, in the template files related to the same code.

_________________
phpBBDoctor Blog
Back to top
~Cowboy~
Board Member



Joined: 08 Dec 2008

Posts: 297
Location: Chicago


flag
PostPosted: Tue Jan 06, 2009 9:13 am 
Post subject: Re: pane=left (code injected)

Err... do you have a file name? Pane=left is not a file name.. I feel like your talking in riddles Dave ..

I went through every single file now. and I don't see it. I really don't want to have to go through another 100 files one at a time...

There should be a group of files that it must be in right? I went through all of the phpbb/admin and NBS/admin files one line at a time...

_________________
Image link
We are not refugees we are trail blazers. icon_wink.gif
Back to top
drathbun
Board Member



Joined: 24 Jul 2008

Posts: 729
Location: Texas


flag
PostPosted: Tue Jan 06, 2009 9:15 am 
Post subject: Re: pane=left (code injected)

Oh, I'm sorry, I thought you knew which file it was. In the admin folder you will find index.php which is responsible for scanning the admin folder and loading every file that starts with "admin_" into an array. The array is then used to populate the left side of the ACP. There are many "hacks" out there that target index.php (there was one for CPanel not too long ago) so I suspect that what you have isn't specifically targetting phpbb but simply got your index file.

Have you checked your main forum index.php as well as the admin index?

_________________
phpBBDoctor Blog
Back to top
~Cowboy~
Board Member



Joined: 08 Dec 2008

Posts: 297
Location: Chicago


flag
PostPosted: Tue Jan 06, 2009 9:19 am 
Post subject: Re: pane=left (code injected)

Yes all the index.html files are completely empty unless there is a hidden script in one of them but they are all also 0 kb size too..

And here is the admin/index.php

Code:
<?php

/*
+========================================================================+
|| NBSdesignz Multi-Forums phpBB - Version 1.0.1
|| -----------------------------------------------------------------------
|| By NBSdesignz (http://www.nbsdesignz.com)
|| Copyright © 2006 - 2008 NBSdesignz
|| This file may not be redistributed in whole or significant part.
|| --------------------- THIS SCRIPT IS FREEWARE. ------------------------
|| All copyright notices in this script must stay intact unless
|| copyright removal has been purchased!
|| -----------------------------------------------------------------------
|| Although this script has been tested by us, we are not responsible for
|| any damage it may cause!
|| -----------------------------------------------------------------------
|| $Id: index.php 474 2008-04-27 04:48:17Z derek $
|| Downloaded: Tuesday, December 09, 2008 20:48:54 | 2
+========================================================================+
*/

session_start();

// ######################## SET ERROR REPORTING ##########################
error_reporting(E_ALL ^ E_NOTICE);

// ######################### DEFINE CONSTANTS ############################
define('THIS_SCRIPT', 'admin');
define('IN_NBS', true);
define('PHRASE_TYPE', 3);
define('SVN_REVISION', '$Revision: 474 $');

// #################### REQUIRE IMPORTANT FILES ##########################
require_once('./../global.php');

// #######################################################################
// ######################### START MAIN SCRIPT ###########################
// #######################################################################

// ####################### CHECK PERMISSIONS #############################
check_admin_permissions();

// ######################### INSTALLER CHECK #############################
check_install_status();

// ######################## LOG ADMIN ACTION #############################
log_admin_action();

// ######################## NAVIGATION FRAME #############################
if ($_REQUEST['frame'] == 'left')
{   
   print_header();
   
   $tpl->assign('is_superadmin', is_superadmin());
   $tpl->assign('is_log_viewing_user', is_log_viewing_user());
   $tpl->assign('is_query_running_user', is_query_running_user());
   $tpl->assign('can_admin_ads', (can_administer('can_admin_ads') OR is_superadmin()) ? true : false);
   $tpl->assign('can_admin_categories', (can_administer('can_admin_categories') OR is_superadmin()) ? true : false);
   $tpl->assign('can_email_forums', (can_administer('can_email_forums') OR is_superadmin()) ? true : false);
   $tpl->assign('can_admin_forums', (can_administer('can_admin_forums') OR is_superadmin()) ? true : false);
   $tpl->assign('can_perform_maintenance', (can_administer('can_perform_maintenance') OR is_superadmin()) ? true : false);
   $tpl->assign('can_admin_phrases', (can_administer('can_admin_phrases') OR is_superadmin()) ? true : false);
   $tpl->assign('can_admin_settings', (can_administer('can_admin_settings') OR is_superadmin()) ? true : false);
   $tpl->assign('can_admin_tos', (can_administer('can_admin_tos') OR is_superadmin()) ? true : false);
   $tpl->assign('can_repair_optimize_db', (can_administer('can_repair_optimize_db') OR is_superadmin()) ? true : false);
   $tpl->assign('can_backup_db', (can_administer('can_backup_db') OR is_superadmin()) ? true : false);
   
   $tpl->assign('L_administration', $nbs->phrase['administration']);
   $tpl->assign('L_admin_index', $nbs->phrase['admin_index']);
   $tpl->assign('L_new_forum_page', $nbs->phrase['new_forum_page']);
   $tpl->assign('L_administrators', $nbs->phrase['administrators']);
   $tpl->assign('L_list', $nbs->phrase['list']);
   $tpl->assign('L_add', $nbs->phrase['add']);
   $tpl->assign('L_ads', $nbs->phrase['ads']);
   $tpl->assign('L_manage_ads', $nbs->phrase['manage_ads']);
   $tpl->assign('L_categories', $nbs->phrase['categories']);
   $tpl->assign('L_email', $nbs->phrase['email']);
   $tpl->assign('L_email_a_forum', $nbs->phrase['email_a_forum']);
   $tpl->assign('L_email_multiple_forums', $nbs->phrase['email_multiple_forums']);
   $tpl->assign('L_email_all_forums', $nbs->phrase['email_all_forums']);
   $tpl->assign('L_forums', $nbs->phrase['forums']);
   $tpl->assign('L_turn_all_offline', $nbs->phrase['turn_all_offline']);
   $tpl->assign('L_turn_all_online', $nbs->phrase['turn_all_online']);
   $tpl->assign('L_logs', $nbs->phrase['logs']);
   $tpl->assign('L_administrator_logs', $nbs->phrase['administrator_logs']);
   $tpl->assign('L_maintenance', $nbs->phrase['maintenance']);
   $tpl->assign('L_php_info', $nbs->phrase['php_info']);
   $tpl->assign('L_update_category_total_forums', $nbs->phrase['update_category_total_forums']);
   $tpl->assign('L_repair_optimize_tables', $nbs->phrase['repair_optimize_tables']);
   $tpl->assign('L_backup_database', $nbs->phrase['backup_database']);
   $tpl->assign('L_execute_sql_query', $nbs->phrase['execute_sql_query']);
   $tpl->assign('L_settings', $nbs->phrase['settings']);
   $tpl->assign('L_tos', $nbs->phrase['tos']);
   $tpl->assign('L_edit', $nbs->phrase['edit']);
   $tpl->assign('L_backup', $nbs->phrase['backup']);
   $tpl->assign('L_restore', $nbs->phrase['restore']);
   $tpl->assign('L_languages', $nbs->phrase['languages']);
   $tpl->assign('L_list_phrases', $nbs->phrase['list_phrases']);
   $tpl->assign('L_list_languages', $nbs->phrase['list_languages']);
   $tpl->assign('L_add_language', $nbs->phrase['add_language']);
   $tpl->assign('L_import_language', $nbs->phrase['import_language']);
   $tpl->assign('L_add_phrase', $nbs->phrase['add_phrase']);
   
   $tpl->display('navigation.tpl');

// ####################### ADMIN INDEX FRAME #############################
}
else if ($_REQUEST['frame'] == 'right')
{   
   print_header();
   
   $tpl->assign('L_statistics', $nbs->phrase['statistics']);
   $tpl->assign('L_statistic', $nbs->phrase['statistic']);
   $tpl->assign('L_value', $nbs->phrase['value']);
   $tpl->assign('L_total_admins', $nbs->phrase['total_admins']);
   $tpl->assign('L_total_forums', $nbs->phrase['total_forums']);
   $tpl->assign('L_total_active_forums', $nbs->phrase['total_active_forums']);
   $tpl->assign('L_image_dir_size', $nbs->phrase['image_dir_size']);
   $tpl->assign('L_database_size', $nbs->phrase['database_size']);
   $tpl->assign('L_version_information', $nbs->phrase['version_information']);
   
   $tpl->assign('skip_chmod_check', $nbs->setting['skip_chmod_check']);
   
   if (!$nbs->setting['skip_chmod_check'])
   {
      $tpl->assign('L_chmod_files', $nbs->phrase['chmod_files']);
      $tpl->assign('L_chmod_files_message', $nbs->phrase['chmod_files_message']);
      $tpl->assign('L_file', $nbs->phrase['file']);
      $tpl->assign('L_chmod_value', $nbs->phrase['chmod_value']);
   }
   
   $total_admins = $total_forums = $total_aforums = 0;
   
   $totals1 = "SELECT `status`, `user_level`
            FROM " . TABLE_PREFIX . "users";
   $totals2 = $db->query($totals1);

   while ($totals3 = $db->fetch_array($totals2))
   {
      if ($totals3['user_level'] == 1)
      {
         $total_admins++;
      }
      else
      {
         $total_forums++;
         
         if ($totals3['status'] == 'Active')
         {
            $total_aforums++;
         }
      }
   }
   
   $db->free_result($totals2);
   
   unset($totals1, $totals3);
   
   $tpl->assign('total_admins', $total_admins);
   $tpl->assign('total_forums', $total_forums);
   $tpl->assign('total_aforums', $total_aforums);
   
   unset($total_admins, $total_forums, $total_aforums);
   
   $image_dir_size = 0;

   if ($image_dir = @opendir(DIR . 'images'))
   {
      while ($file = @readdir($image_dir))
      {
         if($file != "." AND $file != "..")
         {
            $image_dir_size += @filesize(DIR . 'images/' . $file);
         }
      }
      
      unset($file);
      
      @closedir($image_dir);

      //
      // This bit of code translates the avatar directory size into human readable format
      // Borrowed the code from the PHP.net annoted manual, origanally written by:
      // Jesse (jesse@jess.on.ca)
      //
      if($image_dir_size >= 1048576)
      {
         $image_dir_size = round($image_dir_size / 1048576 * 100) / 100 . ' ' . $nbs->phrase['mb'];
      }
      else if($image_dir_size >= 1024)
      {
         $image_dir_size = round($image_dir_size / 1024 * 100) / 100 . ' ' . $nbs->phrase['kb'];
      }
      else
      {
         $image_dir_size = $image_dir_size . ' ' . $nbs->phrase['bytes'];
      }
   }
   else
   {
      // Couldn't open Image dir.
      $image_dir_size = $nbs->phrase['not_available'];
   }
   
   $tpl->assign('image_dir_size', $image_dir_size);
   
   $dbsize1 = "SHOW TABLE STATUS";
   $dbsize2 = $db->query($dbsize1);
   
   $db_size = 0;
   
   while ($dbsize = $db->fetch_array($dbsize2))
   {
      $db_size += $dbsize['Data_length'] + $dbsize['Index_length'];
   }
   
   if ($db_size == 0)
   {
      $db_size = $nbs->phrase['not_available'];
   }
   else
   {
      //
      // This bit of code translates the database size into human readable format
      // Borrowed the code from the PHP.net annoted manual, origanally written by:
      // Jesse (jesse@jess.on.ca)
      //
      if($db_size >= 1048576)
      {
         $db_size = round($db_size / 1048576 * 100) / 100 . ' ' . $nbs->phrase['mb'];
      }
      else if($db_size >= 1024)
      {
         $db_size = round($db_size / 1024 * 100) / 100 . ' ' . $nbs->phrase['kb'];
      }
      else
      {
         $db_size = $db_size . ' ' . $nbs->phrase['bytes'];
      }
   }
   
   $tpl->assign('db_size', $db_size);

   if ($nbs->setting['version_checker'])
   {
      $vinfo = '<div id="version_info"><p><img src="../templates/' . $nbs->setting['template'] . '/admin/images/progress.gif" alt="" />&nbsp;&nbsp;Checking...</p></div>';
   }
   else
   {
      $vinfo = '<p style="color:red">' . $nbs->phrase['version_checker_disabled'] . '</p>';
   }
   
   $tpl->assign('vinfo', $vinfo);

   print_footer();
   
   $tpl->display('admin_index.tpl');
   
// ######################## MAIN INDEX PAGE ##############################
}
else
{
   print_header();
   
   $tpl->assign('title', $nbs->phrase['title']);
   $tpl->assign('L_browser_does_not_support_frames', $nbs->phrase['browser_does_not_support_frames']);
   
   $tpl->display('index.tpl');
}
   
?>

_________________
Image link
We are not refugees we are trail blazers. icon_wink.gif
Back to top
Display posts from previous:   
Register or Login to Post    Index » General Support  Previous TopicPrint TopicNext Topic
Page 1 of 1 All times are GMT - 4 Hours
 
Jump to:  

Index • About • FAQ • Rules • Privacy • Search •  Register •  Login 
Not affiliated with or endorsed by the phpBB Group
Powered by phpBB2 © phpBB Group
Generated in 0.0656 seconds using 16 queries. (SQL 0.0094 Parse 0.0014 Other 0.0548)
phpBB Customizations by the phpBBDoctor.com
Template Design by DeLFlo and MomentsOfLight.com Moments of Light Logo