Go Back   vb.org Archive > Community Discussions > Forum and Server Management
  #1  
Old 09-01-2010, 05:29 PM
MarkD793 MarkD793 is offline
 
Join Date: Jan 2009
Posts: 16
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Gigapros Server Problem?

I have been with Gigapros for close to a year and have been generally satisfied.

HOWEVER, I was hit with malware and after gigapros removed the files...I was hit again with in a few days...at least I thought. Tums out they never removed the original corrupted files. Now they say they aren't able to remove the corrupt files and that the tech dept must send it up to a higher dept to correct the problem. This has been going on for 2 weeks. The google warning and threat of malware is destroying my site.

Is anybody else experiencing this problem with Gigapros?
Reply With Quote
  #2  
Old 09-02-2010, 08:07 PM
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Location: Michigan
Posts: 3,733
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well, it would help if you posted a link so we can view whats going on, it will most likely be a simple fix and easily removed, then you will need to update your site to remove the security hole they are using to inject it into your site.
Reply With Quote
  #3  
Old 09-05-2010, 03:11 AM
final kaoss final kaoss is offline
 
Join Date: Apr 2006
Posts: 1,314
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

He's talking about this site
http://www.pets-r-great.org/forum/
Search FTW.
Reply With Quote
  #4  
Old 09-05-2010, 04:23 PM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Hmmm - what you write isn't right It's not that 3 sites on your shared server are infected - would be a very strange shared server being located in the US, Switzerland and France at the same time.
When calling your site, sniff the headers and you'll see - there're 3 sites loaded with PHP files which all point to the same location - another site from Russia.

Check the PHP files of your board by downloading them from the official location then comparing them with your files, also check the DB (e.g. Templates) from where these files are called. If and only if there's nothing, check it again and if there's still nothing then and only then Gigapros is the problem.
Just if you write you've been hit with malware, did you setup your board again or just let it be ? Chances are high the problem is somewhere in your files where these calls are stored.
Reply With Quote
  #5  
Old 09-13-2010, 12:47 PM
MarkD793 MarkD793 is offline
 
Join Date: Jan 2009
Posts: 16
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thank you all.

Angel-Wings.... As I obviously have a lot to learn ... Could you give me more details about how to check the PHP and Templates.

Thank you in advance!
Reply With Quote
  #6  
Old 09-14-2010, 04:27 PM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Download all files from trusted sources again, then your files. Create checksums for both (SHA256, RMD160 etc.) - not MD5 and compare what has changed and what you changed

Then make a backup of your database and import it at your test machine going through the templates to search for the URL's being called when opening your site or loading of any external URL's - both inside the PHP files and your Templates.

Some files like the original VB ones call home and some Addons / Template authors do the same when installing their content, quite easy to find these, still the 3 URL's you mention are located somewhere.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:18 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04672 seconds
  • Memory Usage 2,200KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (6)post_thanks_box
  • (6)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit_info
  • (6)postbit
  • (6)postbit_onlinestatus
  • (6)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete