Reported attack site

[gigashiga]

Dear forum members,

This is second time my website is blacklisted with google.
My host says to change my passwords and scan my computer.

I am scanning my comp and after that will change my passwords too.
I do not want this to happen again so I seek your advice.

my version is 1.1.18

my site click here
this code is also being displayed on top of my website

Code Select Expand

if(empty($eht)) { $eht = " "; echo $eht; } ?>

I want to secure my site so that users of my mywebsite does not face any problem. and my site infuture is not blacklisted.

all your suggestions are welcomed.

[margarett]

This
http://www.simplemachines.org/community/index.php?topic=510918.0
Applies also. Good luck

[gigashiga]

thanks I will check that thread

and what about this piece of code

Code Select Expand

if(empty($eht)) { $eht = " "; echo $eht; } ?>

please see header of mysite

[margarett]

That's probably something wrong in index.template.php (maybe another file, though...)

Can you attach it? Or, better yet, can you use a took that allows you to search text inside files (like the one and only Total Commander ) and search your forum files for $eht ?
Because that variable doesn't exist in a clean SMF installation...

[Shambles]

Firefox reports the attack page, as you say, along with several reasons why it's done so, and why the page is thus marked.

I haven't clicked thru the report to visit your website, but when you do is there a javascript being loaded as part of the $eht = " " statement (you may have to "view page source" to see it)...?

[gigashiga]

I was searching for the complete string and was not able to find it.

when i did page source

i found this string on top of the page


[edit] code removed as it is flagging anti-virus software causing the thread to not load --Illori

[Shambles]

Good. So now you know what to look for in your forum files

[Cyberhost]

There's high possibility that your site is affected by malware program as I scanned the site and many anti-virus programs marked it as malicious site. I'd recommend you to delete whole site and reinstall it.

[gigashiga]

index.template.php was infected with that virus code. this piece of code was in the end.
so my major problem is solved.

a javascript code is added in the template file which is used by every page.
there were couple of following tags which again I removed as both of them seem to be empty tags.

Code Select Expand

<?  ?>

I will be changing password only and not removing other files for now.

thanks a ton all of you for your support

There's high possibility that your site is affected by malware program as I scanned the site and many anti-virus programs marked it as malicious site. I'd recommend you to delete whole site and reinstall it.

cyberhost how do you scan a website? I would like to do it again now.

thanks once again

[gigashiga]

okay I got it, you did a virustotal

http://sitecheck.sucuri.net  says it is clean now.

yandex is getting sophos data
sophos has not yet updated sent a request they will do it in 24 hours.

looking at other two. probably they will take some time to review again.

[Cyberhost]

okay I got it, you did a virustotal

http://sitecheck.sucuri.net  says it is clean now.

yandex is getting sophos data
sophos has not yet updated sent a request they will do it in 24 hours.

looking at other two. probably they will take some time to review again.

4 anti-virus programs still show it is malware site yet. But it could be that it's mistaken.