| |
Haven't registered yet? Do it here now!
|
Shawn
Joined: 07 Dec 2007
Posts: 25
|
|
|
 |
|
 |
|
 Posted: Wed Sep 02, 2009 4:41 pm Post subject: trojan/iframes injected into index |
 |
|
|
 |
|
 |
|
|
|
|
Hello,
One of our bo installs has twice now been injected with iframes in the bo index. Is there any known issues or new security updates out for bo? If not, any ideas on steps I can take to keep this from happening again?
Its only the bo index that its happening to.. |
|
|
|
|
|
|
|
Shawn
Joined: 07 Dec 2007
Posts: 25
|
|
|
|
|
|
|
| Posted: Wed Sep 02, 2009 4:44 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
| Oops also in /blog/index.php |
|
|
|
|
|
|
|
Atanasis
Owner
Joined: 22 May 2004
Posts: 4284
Location: The Net
|
|
|
|
|
|
|
| Posted: Wed Sep 02, 2009 9:58 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
i can't understand exactly which index? The one in the BO admin or at the blogs?
So far, everyone who has contacted me about such issues, ended up some other scripts being hacked on their server and they are infecting everything else which is writable for everybody..
_________________
Thanks,
Kaktusan
 |
|
|
|
|
|
|
|
Shawn
Joined: 07 Dec 2007
Posts: 25
|
|
|
|
|
|
|
| Posted: Wed Sep 02, 2009 10:07 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
Right now it only seems to appear in /blog/index.php
Bo is really all that's installed on this one
Last edited by Shawn on Wed Sep 02, 2009 10:13 pm; edited 1 time in total |
|
|
|
|
|
|
|
Atanasis
Owner
Joined: 22 May 2004
Posts: 4284
Location: The Net
|
|
|
|
|
|
|
| Posted: Wed Sep 02, 2009 10:10 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
is that your script admin or the location where you blog is?
see what permissions that file has. Set them to 755 or lowest possible that will still allow the file to work normally..
_________________
Thanks,
Kaktusan
|
|
|
|
|
|
|
|
Shawn
Joined: 07 Dec 2007
Posts: 25
|
|
|
|
|
|
|
| Posted: Wed Sep 02, 2009 10:16 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
That's the blog install, have admin at /bo
But will check the file permission again and see what happens |
|
|
|
|
|
|
|
Atanasis
Owner
Joined: 22 May 2004
Posts: 4284
Location: The Net
|
|
|
|
|
|
|
| Posted: Wed Sep 02, 2009 10:18 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
first, put a clean version of the index.php from the BO install/upgrade package and then make sure the permissions are set to lowest possible..
if nothing helps.. pm me BO admin url and pass and ftp access to there..
_________________
Thanks,
Kaktusan
|
|
|
|
|
|
|
|
msm
Joined: 25 Mar 2008
Posts: 89
|
|
|
|
|
|
|
| Posted: Wed Sep 09, 2009 6:56 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
| I was just reading this... I don't think I have this problem but wanted to ask what I should be looking for in the future to tell if I've been infected. |
|
|
|
|
|
|
|
Atanasis
Owner
Joined: 22 May 2004
Posts: 4284
Location: The Net
|
|
|
|
|
|
|
| Posted: Wed Sep 09, 2009 7:05 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
it was some sort of iframe injected to the admin panel header. You can from time to time do a "view source" on a page inside the admin panel and look in the header for some weird javascript or iframe stuff..
_________________
Thanks,
Kaktusan
|
|
|
|
|
|
|
|
Shawn
Joined: 07 Dec 2007
Posts: 25
|
|
|
|
|
|
|
| Posted: Tue Oct 13, 2009 1:22 am Post subject: |
|
|
|
|
|
|
|
|
|
|
| I've sent you a pm about this, as it's still an on going issue. |
|
|
|
|
|
|
|
Atanasis
Owner
Joined: 22 May 2004
Posts: 4284
Location: The Net
|
|
|
|
|
|
|
| Posted: Tue Oct 13, 2009 8:25 am Post subject: |
|
|
|
|
|
|
|
|
|
|
ok..
_________________
Thanks,
Kaktusan
|
|
|
|
|
|
|
|
switch54
Joined: 21 May 2009
Posts: 7
|
|
|
|
|
|
|
| Posted: Thu Apr 21, 2011 9:01 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
| may i ask what was the outcome? having the same issue, i just set 755. did that do the trick? |
|
|
|
|
|
|
|
Atanasis
Owner
Joined: 22 May 2004
Posts: 4284
Location: The Net
|
|
|
|
|
|
|
| Posted: Fri Apr 22, 2011 6:16 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
yes, chmod to 755 all writable files will help so BO pages don't get injected.
However, you should find where the malicious code comes from, because other pages will be infected. Regularly the viruses come from wordpress, tgp scripts and trade scripts..
_________________
Thanks,
Kaktusan
|
|
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2002 phpBB Group
|
 |
|
 |
| |
