Mysidia Adoptables Support Forum  

Home Community Mys-Script Creative Off-Topic
Go Back   Mysidia Adoptables Support Forum > Mysidia Adoptables > Questions and Supports

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-12-2009, 04:05 PM
densaugeo densaugeo is offline
Member
 
Join Date: Mar 2009
Posts: 39
Credits: 5,362
densaugeo
Default Trojan Warning

Clearly this is becoming an epidemic, and I've noticed it happening more and more with people who are using this script. Now my site is flashing trojan warnings when people visit it, no matter which part of my site they visit. I can't seem to figure out what's wrong, but I e-mailed my site host to see what they could do. Is it this code causing the problem? Is there some security problem with it I don't know about? This is frustrating..
Reply With Quote
  #2  
Old 05-12-2009, 04:57 PM
Bloodrun's Avatar
Bloodrun Bloodrun is offline
I am, who I am.
 
Join Date: Apr 2009
Posts: 532
Gender: Male
Credits: 35,941
Bloodrun
Send a message via Yahoo to Bloodrun
Default RE: Trojan Warning

Are you allowing your members to upload files to your site?

And, did you delete/rename your install folder?
Reply With Quote
  #3  
Old 05-12-2009, 05:09 PM
densaugeo densaugeo is offline
Member
 
Join Date: Mar 2009
Posts: 39
Credits: 5,362
densaugeo
Default RE: Trojan Warning

No, no one can upload things but me. And yes, the install file was deleted right after installation finished. This is why I can't understand how this is happening :P
Reply With Quote
  #4  
Old 05-12-2009, 05:30 PM
BMR777 BMR777 is offline
Member
 
Join Date: Jan 2011
Posts: 1,122
Gender: Male
Credits: 13,636
BMR777 is on a distinguished road
Default RE: Trojan Warning

I do not believe this is a hole in the script as so far there has not been any confirmed cases of the script actually containing a security hole. Can you trace down where the trojan warnings are coming from? Ex, is it in the site template, database, an additional file added to the server, etc? Any additional information you can provide will help me determine if this is a security hole in the script and will also help me patch any security hole if there is one.

What other software is running on the website, ex Joomla, Wordpress, forum software, etc? Are these all up to date? Who else has FTP access to the server and how often do you change your FTP passwords?

I'm curious to see if this happened on a site with only the adoptables script or if it was running some other software as well. Any further details either you or your host can provide will be most appreciated.

Thanks,
Brandon
Reply With Quote
  #5  
Old 05-12-2009, 06:29 PM
densaugeo densaugeo is offline
Member
 
Join Date: Mar 2009
Posts: 39
Credits: 5,362
densaugeo
Default RE: Trojan Warning

I checked all the files in my FTP, nothing new has been added. I have no idea where it's coming from, only that it's causing popups to appear when some of my friends visit saying something about a trojan trying to install iteself. I'll have someone nab a screenshot for me.

I do have a forum software on the site, that came with the site itself, since I go throught hostgator. I've also sent them a message about this issue and requested help. I don't have Joomla as far as I know. No one has access to the FTP but me, and I change my passwords pretty often to avoid people getting in =/ I'm unsure how this happened, but I know I've seen it a lot with sites using the easyadoptables script lately, and I considered myself lucky before it hadn't happened to me. Apparently it was only a matter of time, LOL.

I'm hoping to hear back from my site host soon, to see if they can find where the problem is.
Reply With Quote
  #6  
Old 05-12-2009, 06:40 PM
BMR777 BMR777 is offline
Member
 
Join Date: Jan 2011
Posts: 1,122
Gender: Male
Credits: 13,636
BMR777 is on a distinguished road
Default RE: Trojan Warning

So, you said that your friends are seeing these warnings but you are not?

Are you by any chance running ads from an ad network, such as Google Adwords or DoubleClick on your site? If it appears for some people but not for others it may be a "malvertisement" running through your ad network. This can happen if an ad network you are using runs a malicious .swf flash based ad on the network. Usually these are hard to track as they are sometimes designed to show the true content, in this case the trojan warning, only if the user is from a certain country or IP address range.

If that's not the case, then is the forum software provided by HostGator up to date? Sometimes those installs from the hosts are a few version numbers behind what they should be.
Reply With Quote
  #7  
Old 05-12-2009, 06:51 PM
densaugeo densaugeo is offline
Member
 
Join Date: Mar 2009
Posts: 39
Credits: 5,362
densaugeo
Default RE: Trojan Warning

There are no ads whatsoever. I don't get it, because I can't even get to my site anymore. My firefox freezes when I try now. I'm going to end up being really angry if it comes down to having to uninstall everything an reinstall it.

And my forum should be up to date. I check every once in a while for updates, just in case I'm getting behind.
Reply With Quote
  #8  
Old 05-12-2009, 10:27 PM
densaugeo densaugeo is offline
Member
 
Join Date: Mar 2009
Posts: 39
Credits: 5,362
densaugeo
Default RE: Trojan Warning

I got it. My host's security department went in for me and deleted anything that seemed malicious. Seems something got into my computer and got some passwords, and was installing things where it didn't need to be. I'm in the process of changing every password. Nice to know it was nothing wrong with the script though <3
Reply With Quote
  #9  
Old 05-12-2009, 11:07 PM
Bloodrun's Avatar
Bloodrun Bloodrun is offline
I am, who I am.
 
Join Date: Apr 2009
Posts: 532
Gender: Male
Credits: 35,941
Bloodrun
Send a message via Yahoo to Bloodrun
Default RE: Trojan Warning

Quote:
Originally Posted by densaugeo
I got it. My host's security department went in for me and deleted anything that seemed malicious. Seems something got into my computer and got some passwords, and was installing things where it didn't need to be. I'm in the process of changing every password. Nice to know it was nothing wrong with the script though <3
Would you happen to know the name of this "something"?
Reply With Quote
  #10  
Old 05-12-2009, 11:08 PM
Seapyramid Seapyramid is offline
Premium Member
 
Join Date: Feb 2009
Posts: 373
Gender: Female
Credits: 18,120
Seapyramid
Default RE: Trojan Warning

Quote:
Originally Posted by Bloodrun
Quote:
Originally Posted by densaugeo
I got it. My host's security department went in for me and deleted anything that seemed malicious. Seems something got into my computer and got some passwords, and was installing things where it didn't need to be. I'm in the process of changing every password. Nice to know it was nothing wrong with the script though <3
Would you happen to know the name of this "something"?
Bloodrun check here http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/ & then set your .htaccess to block gumblar.cn
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Warning Messages (more) Abronsyth Questions and Supports 4 10-04-2014 07:40 PM
Warning At Top of Site Abronsyth Questions and Supports 1 07-14-2014 12:53 AM
Blood/Violence Warning? PTGigi Feedback and Suggestions 4 01-17-2011 12:34 PM
warning system aroymart Addons/Mods Graveyard 3 11-26-2009 12:17 AM
Reporting and warning eaglelegend Suggestions and Feature Requests 6 05-01-2009 02:37 PM


All times are GMT -5. The time now is 11:45 PM.

Currently Active Users: 720 (0 members and 720 guests)
Threads: 4,081, Posts: 32,032, Members: 2,016
Welcome to our newest members, jolob.
BETA





What's New?

What's Hot?

What's Popular?


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
vBCommerce I v2.0.0 Gold ©2010, PixelFX Studios
vBCredits I v2.0.0 Gold ©2010, PixelFX Studios
Emoticons by darkmoon3636