bots destroying the forum with malware

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • nick!
    Member
    • Mar 2005
    • 69
    • 3.6.x

    bots destroying the forum with malware

    20,000+ new accounts, done by xrumr on my forums (found that out by doing some digging) I was without internet for a long time so I wasn't able to check on things, deleted thousands of unwanted links to porn sites, cash 4 gold, etc. I did get them to stop registering 100s of accounts a day by re-dueing the captcha fonts and backgrounds, but now every visitor to the site is told there is malware / exploited links error 601 on avg anti-virus loaded with firefox 4. Same thing with Opera & Chrome, the browsers won't even load my forums. I've searched and searched all over the place for uknown scripts that might cause such a problem, but no luck. I sent an email to: Yanex, and they responded notifying me of a malacious script somewhere in the .php files.

    Nick
    Last edited by nick!; Wed 18 May '11, 7:48pm.
    Play Online Texas Holdem Poker? Checkout my Texas Holdem Poker Forums and get Online Poker Bonuses
  • nick!
    Member
    • Mar 2005
    • 69
    • 3.6.x

    #2
    One more thing, the dude from Yanex, sent me an example of where this script should be found, I had posted up an image looking for help, but just deleted it, this thread can be removed also...Problem was resolved.
    Last edited by nick!; Wed 18 May '11, 7:50pm.
    Play Online Texas Holdem Poker? Checkout my Texas Holdem Poker Forums and get Online Poker Bonuses

    Comment

    • nick!
      Member
      • Mar 2005
      • 69
      • 3.6.x

      #3
      Problem fixed, got the script removed finally, it actually was hiding my meta description it in the admin control panel where it put the script somehow, wish I knew how it was inserted, changing all admin passwords now. If anyone knows any other ideas security wise, let me know please.
      Play Online Texas Holdem Poker? Checkout my Texas Holdem Poker Forums and get Online Poker Bonuses

      Comment

      • punchbowl
        Senior Member
        • Nov 2006
        • 3903
        • 4.0.x

        #4
        when i tried to open this thread last night my virus checker wouldn't allow me - what did you edit out? an embedded image or a link?

        Comment

        • nick!
          Member
          • Mar 2005
          • 69
          • 3.6.x

          #5
          I edited the postings because it just was useless info now. But yes, I removed a embedded image screenshot sent to me from yanex about what their anti-virus spider bot had found as malacious script causing my site to be blacklisted throughout the net, waiting on confirmation from yanex about problem fixed now so I can be removed from any blacklisted databases.

          Heres what happened, and only was able to find this out running in debug mode. Basically somehow a script got changed in the admin panel and checking the logs was very hard to pinpoint but in particular the meta tag descriptions on my site were hidden and I didn't even know this. Then a code was replaced with a malacious javascript command, therefore all the browsers were treating it as a threat, eventhough I loaded my page numerous times avoiding the warning messages. It was actually luck that I found where the hidden codes were, I just realized that the meta tag description was no longer there so I did some digging around, then removed the script myself. Took about 5 hours of searching though im just glad its over and done with.

          I guess my question now would be how on earth did someone or some robot change around scripts in my admin panel and hide them????
          Play Online Texas Holdem Poker? Checkout my Texas Holdem Poker Forums and get Online Poker Bonuses

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...