SMF Support > SMF 2.0.x Support

15000 errors per hour in error log

<< < (3/4) > >>

Elmacik:
All they are malicious web sites and probably those addresses are buried in somewhere in your files.

If you dont use FTP, then your hosting might have been completely infected because of a server or another hosting exploit.

I meant to clean your own computer, not the server since its the hosting company's part to do it. You'd better inform them of the situation. If there are any other people you share your password, you shall not give the new password to them as their PCs might have been infected too.

Just backup your Settings.php file, compare it with a fresh one from an installation package of SMF and remove any malicious code that is actually not in an original Settings.php

For all the other files; delete them and re-upload from a fresh SMF package except the installation files. It will probably continue working as a very default system. Then you can re-install your mods. For minimising the cofliction errors you might get; it would be better to uninstall the mods before replacing the files.

Game.ruler:
thanx i will follow all you said, lets see if it happens again or not. Heartly thanx for your replies and guidance.

Game.ruler:
hi Elmacik, i did removing all php files, .htaccess files and every other files except attachments.
Then reinstalled smf2.0 again and this time updated to 2.0.1 , installed all modes, changed ftp pass, created backup of all files after doing this.
Now there are no errors generating in error log and no malicious code in any php and other files.
Most of users are not getting that malware problem now. But still few users are getting that malware found problem. What should i do to solve this and is this detection is real or may be its just fake due to previous detections on the site?

Elmacik:
It might be a false positive because of anti-virus software's remembering the previous results. They should empty their browser caches and cookies; then re-try entering the web site.

Storman™:

--- Quote ---What should i do to solve this and is this detection is real or may be its just fake due to previous detections on the site?
--- End quote ---

Quite possible. For example when I visit your site I get the following message from Avast even though I've never been to your site before:

"This web page at sharespark.net has been reported as an attack page and has been blocked based on your security preferences."

So members on your site are maybe getting a similar thing because it's essentially now on some blacklists. I did a quick check and can see your site's IP on these bklacklists:

dnsbl.justspam.org
netblock.pedantic.org
IP.v4BL.org

Navigation

[0] Message Index

[#] Next page

[*] Previous page