Back to the Vavoom Forum Archives


Forum

phpBB and viruses

Sun, 06 Mar 2005 14:36:05

quattj

Not vavoom related... Have any of you message board gurus experienced any sort of virus from padonak.info? My friend is a co-administrator for a message board for an up-and-coming artist, and their message boards have been hit with this virus. It puts a little tiny grey square in the upper left hand corner of the screen, and when users log in they get a virus warning about it. It contacts padonak.info.and tries to download something, but I don't know what. They are running phpBB 2.0.11 As of last night, it seemed to be gone, but apparently showed back up this morning. Any ideas on what to do or how to fix it?
Mon, 07 Mar 2005 07:57:31

Janis Legzdinsh

Check out <!-- w --><a class="postlink" href="http://www.phpbb.com">http://www.phpbb.com</a><!-- w --> Also you should upgrade to phpBB 2.0.13. If you can, make sure that forum files and directories have correct permissions.
Mon, 07 Mar 2005 11:34:16

RambOrc

I'm using phpsuexec which means that even if a board on the server is infected by anything, the script can't access the other webhosting accounts on the server.
Tue, 08 Mar 2005 15:26:38

quattj

[quote="Janis Legzdinsh":24ueclue]Check out <!-- w --><a class="postlink" href="http://www.phpbb.com">http://www.phpbb.com</a><!-- w --> Also you should upgrade to phpBB 2.0.13. If you can, make sure that forum files and directories have correct permissions. *sigh* We upgraded it to 2.0.13 on Monday, but the problem still exists. We think now that it is not actually related to phpBB, that's just the first place it showed up <!-- s:cry: --><img src="{SMILIES_PATH}/icon_cry.gif" alt=":cry:" title="Crying or Very sad" /><!-- s:cry: --> I ftp-ed the entire public_html folder from the site and the malicious code was nowhere to be found. It somehow gets put at the top of the web page files only when you access the website normally <!-- s:? --><img src="{SMILIES_PATH}/icon_confused.gif" alt=":?" title="Confused" /><!-- s:? -->
Tue, 08 Mar 2005 15:54:19

RambOrc

With FTP, you most probably don't see system files (starting with a dot).
Wed, 09 Mar 2005 19:34:01

quattj

[quote="RambOrc":1q6tphh7]With FTP, you most probably don't see system files (starting with a dot). Hmmm, interesting. What sorts might there be? The only ones that downloaded were all ".htaccess" and one ".roles" How exatly would I get in to find any others? As far as I know, aside from the ftp, everything is accessed through an admin control panel.

Back to the Vavoom Forum Archives