vb.org Archive
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Forum and Server Management (https://vborg.vbsupport.ru/forumdisplay.php?f=232)
-   -   HELP...My forum has been infected with a virus (https://vborg.vbsupport.ru/showthread.php?t=242031)

Angel-Wings 05-08-2010 04:02 AM
Changing in config.php is enough. But - did you reinstalled everything and I really mean everything ?
If the machine has been "hacked" once, how can you ensure nothing has been modified and that you can trust an installed "security tool" any longer ?

Do backups before of course :)

Marco van Herwaarden 05-08-2010 12:54 PM
If there are modified files, like in your case the config.php, then the attacker most likely has not used vBulletin to enter your file system.

Most likely you are on a vulnerable server. Please contact your host and place a fresh copy of all files once your host has secured the server.

John59 05-18-2010 08:29 AM
Hi to all
i have the same problem,
It all started on the first of May
i cleaned and restore everything to a month ego except the database
and attachments (mainly photos, no programs or any code )
the problem keeps coming buck every 4 - 5 days all .php files are modified
or some del, the first time it happened i also had the above code in all .php
files.
I contacted my host and they just keep giving me advice how to check and secure
my code (VB in my case) and they do nothing,
I also come to believe that the problem is host security problem,
Do you think that if i change host (since they do not seem to accept that it is a host security problem and investigate they are doing nothing to help just polite talk and advices )
will My problems be over??
Ps. I know nothing about programing and .PHP
Only how to upload and use VB (3 years experience)

borbole 05-18-2010 02:35 PM
Quote:
Originally Posted by John59 (Post 2039047)
Hi to all
i have the same problem,
It all started on the first of May
i cleaned and restore everything to a month ego except the database
and attachments (mainly photos, no programs or any code )
the problem keeps coming buck every 4 - 5 days all .php files are modified
or some del, the first time it happened i also had the above code in all .php
files.
I contacted my host and they just keep giving me advice how to check and secure
my code (VB in my case) and they do nothing,
I also come to believe that the problem is host security problem,
Do you think that if i change host (since they do not seem to accept that it is a host security problem and investigate they are doing nothing to help just polite talk and advices )
will My problems be over??
Ps. I know nothing about programing and .PHP
Only how to upload and use VB (3 years experience)
Well, in that case then you will be better off with another host who takes security more seriously.

nkmsw8 05-18-2010 02:49 PM
Change all your passwords also. Hosting password, FTP password, Database password, and your Hosting company account login password.

John59 05-18-2010 08:31 PM
Quote:
Originally Posted by nkmsw8 (Post 2039259)
Change all your passwords also. Hosting password, FTP password, Database password, and your Hosting company account login password.
already did that days ago
the problem keeps coming buck every 4-5 days as it was mansion it seems like the only solution is to change host

maidos 05-21-2010 04:13 AM
im curious, are you possibly using dreamhost or godaddy and use wordpress for your site
my friend has the same encrypted virus which keep popping up till i removed the code for him... but if its the mentioned host, u should move away

John59 05-21-2010 05:11 AM
No i am not using wordpress
And yes my host is one of the above

daveaite 05-21-2010 08:38 AM
The issue could've have begun if you installed some "nulled" scripts. Always a bad idea as the people who null them implant ways to get into your server within those scripts.

maidos 05-21-2010 12:01 PM
Quote:
Originally Posted by daveaite (Post 2041168)
The issue could've have begun if you installed some "nulled" scripts. Always a bad idea as the people who null them implant ways to get into your server within those scripts.
in tthis case, i very much doubt it. since godaddy and dreamhost got their servers compromised and they admit it so millions of website got reported injected with that virus site

http://www.wpsecuritylock.com/ninopl...dy-case-study/
even if u dont run wordpress that site got pretty got tip how to secure ur account with godaddy

--------------- Added [DATE]1274447260[/DATE] at [TIME]1274447260[/TIME] ---------------


and a goodperson posted a script to remove the infected code on all files
http://blog.sucuri.net/2010/05/simpl...or-latest.html


All times are GMT. The time now is 02:01 AM.
Page 2 of 3 1 2 3
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01263 seconds
  • Memory Usage 1,741KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete