SMF Support > SMF 2.0.x Support

Nasty, Hidden Virus on Simple Machines

<< < (14/14)

青山 素子:

--- Quote from: 医生唱片骑师 on May 04, 2012, 06:40:21 AM ---Something you might want to do, is adding "die;" right before "?>" in index.php. So even if malicious code is added, none of your users will notice it. :)

--- End quote ---

That only  works if the code is at the end. I've seen it injected at the front as well. At best, you will have maybe a 50% chance of it helping.

igirisjin:
update:

One thing happened today that also happened at the time the site was first hacked, and only those times.

This was related to playing movies in Aeva media. It shows a plugin required and link to download. Someone clicked it and got a virus warning.. and infection. So much for their security shield.
Last time the site had trouble I also tried using the aeva movie plugin download link. It didnt work playing the movies either. These actions only happened twice and both coincidentally related to virus trouble through SMF/Aeva media.

I know some so called free firefox plugins from dodgy commercial site have caused similar problems.

Not sure if this error is related or not.

XML Parsing Error: junk after document element
Location: http://site .com/index.php?action=media;sa=mass;album=37;xml;upcook=YTo0OntpOjA7czozOiIxOTMiO2k6MTtzOjQwOiI5OTNiNTQzNDIwOWQzYTNjOTAwYTA3YmZkNmQ2ODU4MDA2MDBiNmQyIjtpOjI7aToxNTEzMjkzNzI3O2k6MztpOjE7fQ%3D%3D
Line Number 14, Column 2:    <div class="centertext"><a href="javascript:history.go(-1)">Back</a></div>
--------^

Navigation

[0] Message Index

[*] Previous page