Uutiset:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu
Advertisement:

How would RSTBackdoor Virus get into my installations of SMF???

Aloittaja pmhoran, syyskuu 14, 2006, 08:06:32 AP

« edellinen - seuraava »
Tulosta
Siirry alas Sivuja1
Käyttäjän toimet

pmhoran

syyskuu 14, 2006, 08:06:32 AP Viimeisin muokkaus: syyskuu 14, 2006, 08:08:38 AP käyttäjältä pmhoran
Sorry ... most of you will probably consider this a REAL stupid question ... but ... here goes anyway.   First off ... I am an admitted total idiot when it comes to most of this stuff.

Anyway ... I had taken an FTP copy/backup of my entire website as a "just in case" copy.

When my anti-virus was doing its scan ... it found 2 instances of the RSTBackdoor Virus in the forum installation.   I KNOW it did not get there from ANYTHING I installed from SMF ... because I have unzipped copies of everything also on my computer ... and NOTHING was found in any of them.  Just wanted to make that clear ... just in case someone thought I was accusing SMF  :)

So ... is the only way those files could get into the SMF installation is by someone somehow hacking there way onto the site & uploading those files???   If so ... would it likely have been through the front door (becoming a member of the forum & then hacking???) ... or would it likely have been through an "attack" on the web server????

They say the threat risk of this virus is very Low ... but I want to get it off my site anyway.  I have read the Removal info a number of times ... but my cognitive dysfunction seems to be getting in the way of me being able to understand/comprehend totally all that I am reading.

As I understand it ... I can just delete the 2 files without worry of it interfering with the operation of SMF.   Does anyone know if that is a correct understanding???   Does anyone know if there are further steps I should be taking???

Oh yeah ... IF they came through the front door (by coming onto the forum) I am pretty sure I know when that happened.   At the time .... I would have been running with 1.0.7.   I am now using RC3.  If that info matters.

Any input or feedback would be greatly appreciated.
Thanks for you time & patience
Peter

Ben_S

#1
syyskuu 14, 2006, 08:12:00 AP
What are the filenames and what directory are they in?
Liverpool FC Forum with 14 million+ posts.

pmhoran

#2
syyskuu 14, 2006, 08:50:27 AP
OOOPS ... sorry.   I meant to include those .....

The infected files are .....

{mywebsite}\forum\12.php is infected with PHP.RSTBackdoor

and

{mywebsite}\forum\attachments\82_2_php9bc09ee4e0eb91840f7c5207e1d84852 is infected with PHP.RSTBackdoor

Sorry about that ...
Peter


Ben_S

#3
syyskuu 14, 2006, 02:07:12 IP
The second was attached, the first I've no idea how it got there could have been upload by another script or something.
Liverpool FC Forum with 14 million+ posts.

pmhoran

#4
syyskuu 16, 2006, 08:29:58 AP
Thanks for the response ... your efforts to help are appreciated.

In your opinion ... do you think I can just delete those 2 files and not worry about it affecting the operation of the SMF software????

Do you know if the PHP.RSTBackdoor virus would have "changed" any other files that I should be aware of ???

Thanks again for your efforts to help me.
Peter
Tulosta
Siirry ylös Sivuja1
Käyttäjän toimet
Advertisement: