Pixelated a phpBB Template by SkaidonDesigns
 
Cheapest Web Software Support Area Forum Index www.cheapestwebsoftware.com
Play with the Best, be the Best!
Porn Blog Space
FAQ
Search
Memberlist
Usergroups
Profile
Log in to check your private messages
Log in

The Mightiest Webmaster Solutions Ever
Plug Rush
Plug Rush
Links Organizer
Links Organizer
Blogs Automater
Blogs Automater
Gallery Scraper
Gallery Scraper

Haven't registered yet? Do it here now!
trojan/iframes injected into index

 
Post new topic   Reply to topic    Cheapest Web Software Support Area Forum Index -> Blogs Organizer
View previous topic :: View next topic  
Author Message
Shawn



Joined: 07 Dec 2007
Posts: 25

PostPosted: Wed Sep 02, 2009 4:41 pm    Post subject: trojan/iframes injected into index Reply with quote
Hello,

One of our bo installs has twice now been injected with iframes in the bo index. Is there any known issues or new security updates out for bo? If not, any ideas on steps I can take to keep this from happening again?

Its only the bo index that its happening to..
Back to top
View user's profile Send private message

Author Message
Shawn



Joined: 07 Dec 2007
Posts: 25

PostPosted: Wed Sep 02, 2009 4:44 pm    Post subject: Reply with quote
Oops also in /blog/index.php
Back to top
View user's profile Send private message

Author Message
Atanasis
Owner


Joined: 22 May 2004
Posts: 4284
Location: The Net

PostPosted: Wed Sep 02, 2009 9:58 pm    Post subject: Reply with quote
i can't understand exactly which index? The one in the BO admin or at the blogs?

So far, everyone who has contacted me about such issues, ended up some other scripts being hacked on their server and they are infecting everything else which is writable for everybody..
_________________
Thanks,
Kaktusan

Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger ICQ Number

Author Message
Shawn



Joined: 07 Dec 2007
Posts: 25

PostPosted: Wed Sep 02, 2009 10:07 pm    Post subject: Reply with quote
Right now it only seems to appear in /blog/index.php

Bo is really all that's installed on this one


Last edited by Shawn on Wed Sep 02, 2009 10:13 pm; edited 1 time in total
Back to top
View user's profile Send private message

Author Message
Atanasis
Owner


Joined: 22 May 2004
Posts: 4284
Location: The Net

PostPosted: Wed Sep 02, 2009 10:10 pm    Post subject: Reply with quote
is that your script admin or the location where you blog is?

see what permissions that file has. Set them to 755 or lowest possible that will still allow the file to work normally..
_________________
Thanks,
Kaktusan

Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger ICQ Number

Author Message
Shawn



Joined: 07 Dec 2007
Posts: 25

PostPosted: Wed Sep 02, 2009 10:16 pm    Post subject: Reply with quote
That's the blog install, have admin at /bo

But will check the file permission again and see what happens
Back to top
View user's profile Send private message

Author Message
Atanasis
Owner


Joined: 22 May 2004
Posts: 4284
Location: The Net

PostPosted: Wed Sep 02, 2009 10:18 pm    Post subject: Reply with quote
first, put a clean version of the index.php from the BO install/upgrade package and then make sure the permissions are set to lowest possible..

if nothing helps.. pm me BO admin url and pass and ftp access to there..
_________________
Thanks,
Kaktusan

Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger ICQ Number

Author Message
msm



Joined: 25 Mar 2008
Posts: 89

PostPosted: Wed Sep 09, 2009 6:56 pm    Post subject: Reply with quote
I was just reading this... I don't think I have this problem but wanted to ask what I should be looking for in the future to tell if I've been infected.
Back to top
View user's profile Send private message

Author Message
Atanasis
Owner


Joined: 22 May 2004
Posts: 4284
Location: The Net

PostPosted: Wed Sep 09, 2009 7:05 pm    Post subject: Reply with quote
it was some sort of iframe injected to the admin panel header. You can from time to time do a "view source" on a page inside the admin panel and look in the header for some weird javascript or iframe stuff..
_________________
Thanks,
Kaktusan

Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger ICQ Number

Author Message
Shawn



Joined: 07 Dec 2007
Posts: 25

PostPosted: Tue Oct 13, 2009 1:22 am    Post subject: Reply with quote
I've sent you a pm about this, as it's still an on going issue.
Back to top
View user's profile Send private message

Author Message
Atanasis
Owner


Joined: 22 May 2004
Posts: 4284
Location: The Net

PostPosted: Tue Oct 13, 2009 8:25 am    Post subject: Reply with quote
ok..
_________________
Thanks,
Kaktusan

Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger ICQ Number

Author Message
switch54



Joined: 21 May 2009
Posts: 7

PostPosted: Thu Apr 21, 2011 9:01 pm    Post subject: Reply with quote
may i ask what was the outcome? having the same issue, i just set 755. did that do the trick?
Back to top
View user's profile Send private message

Author Message
Atanasis
Owner


Joined: 22 May 2004
Posts: 4284
Location: The Net

PostPosted: Fri Apr 22, 2011 6:16 pm    Post subject: Reply with quote
yes, chmod to 755 all writable files will help so BO pages don't get injected.

However, you should find where the malicious code comes from, because other pages will be infected. Regularly the viruses come from wordpress, tgp scripts and trade scripts..
_________________
Thanks,
Kaktusan

Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger ICQ Number

Display posts from previous:   
Post new topic   Reply to topic    Cheapest Web Software Support Area Forum Index -> Blogs Organizer All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2002 phpBB Group