| Author |
 Topic  |
|
|
Southern Girl
New Member
78 Posts |
 Posted - 15 May 2009 : 01:26:02
|
What is this and why is it on my forum?
www.showring.co.nz/forum
I notice there is a 'new' update. Will this fix it?
Thanks in advance |
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 15 May 2009 : 04:18:20
|
It won't fix it but it will prevent it from happening in the future and also contains many other security fixes. You'll need to fix it yourself by manually editing each forum and removing the iframe from the description.
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 15 May 2009 : 04:21:27
|
That trojan means your server was compromised, either through an upload script of your own that allowed the upload of a script that then was used to change your files, or through a server security loophole.
That trojan is showing on the forum because your forum files (some of them, likely default.asp at least) were changed to include an iframe that links to a server from which malware is downloaded to your visitors computers. No Snitz version can avoid that, as it doesn't have to do with the snitz code itself. You should talk to your host about that, of course, besides removing the iframe from your own files.
I am admiting that your forum had all the security fixes, of course. If not, Shaggy may be right as the iframe may have been added fater your forum has been hacked. Check for non authorized admins. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
Southern Girl
New Member
78 Posts |
Posted - 15 May 2009 : 19:59:28
|
Hi
Thanks for that.
Sorry - please explain in simple terms how I fix it.
I have downloaded the update but I also need to check each forum file for iframe?
The forum is the basic Snitz version with no mods - the only change I have made in the past 2 years to the configuration is I changed the colour on Monday.
Should I inform the host that there maybe a problem with security?
Thanks again
:) |
|
|
|
Southern Girl
New Member
78 Posts |
Posted - 15 May 2009 : 20:12:20
|
Sorry - me again.
I've downloaded a copy of the forum to my desktop and my antivirus (kaspersky) detected the trojan in 2 files. login.asp and default.asp
Does this mean that the trojan is an unauthorised admin?
Can I do a straight upload of replacement login.asp and default.asp without affecting any individualisation I've done to the forum (ie: Ranking, not allowed forum login names etc) or should I try and 'fix' the versions on the server. (I have to deactivate Kaspersky to download them as it deletes the files on impact)
Thanks again :) |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Southern Girl
New Member
78 Posts |
Posted - 15 May 2009 : 20:39:20
|
Me yet again!
I've uploaded a new login.asp file (renamed the old one and it is still on the server - if anybody wants to see it?)
Just in case they had modified the file to get instant entry.
The 'hack' is not an admin.
Nor are they a member (unless they joined over 3 months ago).
Though what is to stop them changing the login file again?
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Classicmotorcycling
Development Team Leader
Australia
2085 Posts |
Posted - 15 May 2009 : 22:45:30
|
| It is not only your forum files that have been infected. I just went to your home page and that has a trojan as well. I hope that you have a full backup of your site. |
Cheers,
David Greening |
|
|
|
Southern Girl
New Member
78 Posts |
Posted - 16 May 2009 : 18:41:23
|
Thanks (for the worse news) 
I've uploaded the index pages again so hopefully the cause is resolved before another attack.
Or can I take it down? |
Edited by - Southern Girl on 16 May 2009 18:47:58 |
|
|
|
Southern Girl
New Member
78 Posts |
Posted - 16 May 2009 : 18:52:01
|
quote:
Originally posted by ruirib
Without the forum running, it's hard to tell you whether the issue is in your forum data or your forum files...
Sorry - I can 'breath life' back into the board if you wish to take a closer look... |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
| |
Topic |
|
Topic Locked
