News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Global headers and footers update including bitcoin miner?

Started by franhaselden, October 06, 2017, 06:31:33 AM

Previous topic - Next topic

franhaselden

My forum users recently complained about malware software flagging the forum and their CPU usage increasing.

I traced this back to a bitcoin miner called Coin Hive.

I found that the script was injected through global header/footer which I am seeing as most recently updated (4th October). Very confused, as I'd performed no manual update.

The package that seems to have been updated was: Global-Headers-and-Footers-2.0.1

Can anybody help me pin down what happened here and how I can prevent it happening in the future?

vbgamer45

I don't include that script in any of mod and never would

I would change your passwords and other admins and check your file permissions. Make sure you are on the latest version of SMF.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

franhaselden

Thanks for your reply.

I'm really confused. I have a strong admin password which is now changed. I've not been able to find any logins other than my own (and I hadn't logged into the forum on the 4th when it occurred, my admin account show no login that day). But that is where the the coin miner was added, and the only mod that was updated. I'm on the latest version. I've contacted my host too but they can't see anything malicious. Totally confused.

Advertisement: