Mysidia Adoptables Support Forum
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Mysidia Adoptables Support Forum (http://www.mysidiaadoptables.com/forum/index.php)
-   Questions and Supports (http://www.mysidiaadoptables.com/forum/forumdisplay.php?f=18)
-   -   Trojan Warning (http://www.mysidiaadoptables.com/forum/showthread.php?t=809)

densaugeo 05-12-2009 03:05 PM
Trojan Warning
 
Clearly this is becoming an epidemic, and I've noticed it happening more and more with people who are using this script. Now my site is flashing trojan warnings when people visit it, no matter which part of my site they visit. I can't seem to figure out what's wrong, but I e-mailed my site host to see what they could do. Is it this code causing the problem? Is there some security problem with it I don't know about? This is frustrating..

Bloodrun 05-12-2009 03:57 PM
RE: Trojan Warning
 
Are you allowing your members to upload files to your site?

And, did you delete/rename your install folder?

densaugeo 05-12-2009 04:09 PM
RE: Trojan Warning
 
No, no one can upload things but me. And yes, the install file was deleted right after installation finished. This is why I can't understand how this is happening :P

BMR777 05-12-2009 04:30 PM
RE: Trojan Warning
 
I do not believe this is a hole in the script as so far there has not been any confirmed cases of the script actually containing a security hole. Can you trace down where the trojan warnings are coming from? Ex, is it in the site template, database, an additional file added to the server, etc? Any additional information you can provide will help me determine if this is a security hole in the script and will also help me patch any security hole if there is one.

What other software is running on the website, ex Joomla, Wordpress, forum software, etc? Are these all up to date? Who else has FTP access to the server and how often do you change your FTP passwords?

I'm curious to see if this happened on a site with only the adoptables script or if it was running some other software as well. Any further details either you or your host can provide will be most appreciated.

Thanks,
Brandon

densaugeo 05-12-2009 05:29 PM
RE: Trojan Warning
 
I checked all the files in my FTP, nothing new has been added. I have no idea where it's coming from, only that it's causing popups to appear when some of my friends visit saying something about a trojan trying to install iteself. I'll have someone nab a screenshot for me.

I do have a forum software on the site, that came with the site itself, since I go throught hostgator. I've also sent them a message about this issue and requested help. I don't have Joomla as far as I know. No one has access to the FTP but me, and I change my passwords pretty often to avoid people getting in =/ I'm unsure how this happened, but I know I've seen it a lot with sites using the easyadoptables script lately, and I considered myself lucky before it hadn't happened to me. Apparently it was only a matter of time, LOL.

I'm hoping to hear back from my site host soon, to see if they can find where the problem is.

BMR777 05-12-2009 05:40 PM
RE: Trojan Warning
 
So, you said that your friends are seeing these warnings but you are not?

Are you by any chance running ads from an ad network, such as Google Adwords or DoubleClick on your site? If it appears for some people but not for others it may be a "malvertisement" running through your ad network. This can happen if an ad network you are using runs a malicious .swf flash based ad on the network. Usually these are hard to track as they are sometimes designed to show the true content, in this case the trojan warning, only if the user is from a certain country or IP address range.

If that's not the case, then is the forum software provided by HostGator up to date? Sometimes those installs from the hosts are a few version numbers behind what they should be.

densaugeo 05-12-2009 05:51 PM
RE: Trojan Warning
 
There are no ads whatsoever. I don't get it, because I can't even get to my site anymore. My firefox freezes when I try now. I'm going to end up being really angry if it comes down to having to uninstall everything an reinstall it.

And my forum should be up to date. I check every once in a while for updates, just in case I'm getting behind.

densaugeo 05-12-2009 09:27 PM
RE: Trojan Warning
 
I got it. My host's security department went in for me and deleted anything that seemed malicious. Seems something got into my computer and got some passwords, and was installing things where it didn't need to be. I'm in the process of changing every password. Nice to know it was nothing wrong with the script though <3

Bloodrun 05-12-2009 10:07 PM
RE: Trojan Warning
 
Quote:
Originally Posted by densaugeo
I got it. My host's security department went in for me and deleted anything that seemed malicious. Seems something got into my computer and got some passwords, and was installing things where it didn't need to be. I'm in the process of changing every password. Nice to know it was nothing wrong with the script though <3
Would you happen to know the name of this "something"?

Seapyramid 05-12-2009 10:08 PM
RE: Trojan Warning
 
Quote:
Originally Posted by Bloodrun
Quote:
Originally Posted by densaugeo
I got it. My host's security department went in for me and deleted anything that seemed malicious. Seems something got into my computer and got some passwords, and was installing things where it didn't need to be. I'm in the process of changing every password. Nice to know it was nothing wrong with the script though <3
Would you happen to know the name of this "something"?
Bloodrun check here http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/ & then set your .htaccess to block gumblar.cn


All times are GMT -5. The time now is 04:46 PM.
Page 1 of 2 1 2
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.