Security problem - Blocked
#1
Hello all.
Sorry to bore you, but I cannot say what I can do anymore.
My site, suffer a attack from Russian hacker 2 times this year, I don’t know how, because I’m always check the issues.
I make like 5/6 times fresh install from mybb, and after some time I have problems says I have a exploit, and phishing in my site\ forum. I report as false positive, and I can’t say what is wrong.
Is possible someone here help me to find the reason, why my site is blocked in Firefox and Chrome?
Because I can’t think anymore.
Regards


Link Page: www.pt4um.com
Link forum: www.pt4um.com/forum
Begincaos
---@@@---

[Image: assinatura.jpg]
Reply
#2
First point: firefox and chrome use a global database of unsafe url, and you'll have to wait a little (probably weeks or months) until you're site is no more declared as unsafe.
Second point: check all your server logs to find how the "hacker" succeed to add phishing pages. I don't think it's because of mybb but more probably a security hole in your website, allowing to add contents to your hosting.
Tchat en français
Do not ask me help through PM or Discord

Reply
#3
You've had malicious javascript injected to the end of your javascript files, see here: https://www.pt4um.com/forum/jscripts/gen...s?ver=1821

Everything after the MyBB.init(); line should not be there.

There's also some sort of script here: https://pt4um.com/forum/admin/jscripts/asb/asb.php

You'll need to work with your hosting company to establish how these files got written to/created.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Reply
#4
(2022-12-27, 11:50 PM)Matt Wrote: You've had malicious javascript injected to the end of your javascript files, see here: https://www.pt4um.com/forum/jscripts/gen...s?ver=1821

Everything after the MyBB.init(); line should not be there.

There's also some sort of script here: https://pt4um.com/forum/admin/jscripts/asb/asb.php

You'll need to work with your hosting company to establish how these files got written to/created.

hello Matt. Thanks for the help.  I delete Everything after the MyBB.init(); line, like you mention, and for now, is OK, but seems the advertisement are not work anymore. its possible the problem are the plugin advertisement? if yes, is there any similar to substitute
Begincaos
---@@@---

[Image: assinatura.jpg]
Reply
#5
You've still got malicious code in some files, and the PHP script is still there. I would recommend completely deleting /jscripts and /admin/jscripts and uploading both again from a fresh download.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Reply
#6
(2023-01-02, 10:56 PM)Matt Wrote: You've still got malicious code in some files, and the PHP script is still there. I would recommend completely deleting /jscripts and /admin/jscripts and uploading both again from a fresh download.

you mean all inside? because some are from some plugin I have

Never mind. I delete all inside the case and then replaced. once more, thanks
Begincaos
---@@@---

[Image: assinatura.jpg]
Reply
#7
Upload them again from fresh downloads of the plugins, it's likely every javascript file was written to.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Reply
#8
(2023-01-02, 11:37 PM)Matt Wrote: Upload them again from fresh downloads of the plugins, it's likely every javascript file was written to.

done. thanks
Begincaos
---@@@---

[Image: assinatura.jpg]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)