1
Skitzo
Bloodhound Exploit and trojan webkit
  • 2008/1/15 23:29

  • Skitzo

  • Just popping in

  • Posts: 25

  • Since: 2004/4/22


This is getting annoying. So far two of my three XOOPS sites have started giving me security risks but only when view with Internet Explorer. Norton detects both "Bloodhound 109" and "trojan.webkit!html" Of the three sites I have two are 2.0.3 and the other is 2.3. The two 2.0.3 installs are the ones giving me the issues. thus far I have not been able to identify the source of the problem. I've reloaded all files excepting mainfile.php and removed all additional themes. Still the problem keeps recurring. What is really annoying is that one of the sites has no content, no posts, no news, no downloads and is a private playground so to speak rather than an active site.

The detections do not happen on every page load but do happen only when these two sites are opened. Very frustrating to say the least and while the one site can (and will tonight) be a clean load the other has enough content that I'd rather not have to redo the entire site.

Unfortuantely this is a shared server and the problem (from what I've read doing searches here so far) may not be in my installs (thus the test of reinstalling one of the "infected" sites tonight) but is still an issue that I need to resolve. Again I reiterate that it is not on all my sites. just the two using 2.0.3

2
Mamba
Re: Bloodhound Exploit and trojan webkit
  • 2008/1/16 5:35

  • Mamba

  • Moderator

  • Posts: 11409

  • Since: 2004/4/23


Why are you still using 2.0.3?

You should update to the latest version of XOOPS - 2.0.18, and install Protector
Support XOOPS => DONATE
Use 2.5.11 | Docs | Modules | Bugs

3
stefan88
Re: Bloodhound Exploit and trojan webkit
  • 2008/1/16 6:19

  • stefan88

  • Community Support Member

  • Posts: 1086

  • Since: 2004/9/20


Try to clean template_c folder - delete all files in it, except index.html
..

4
mboyden
Re: Bloodhound Exploit and trojan webkit
  • 2008/1/16 21:25

  • mboyden

  • Moderator

  • Posts: 484

  • Since: 2005/3/9 1


Another thing to do is to load the page and then review the returned code and look for the offending code which might hellp a little bit. Also, re-upload all your theme files from your backup.

The last one I saw used a bunch of ASCII coding for it, but I've seen standard HTML code inserts as well. Awhile back there were some exploits found, and among other things, I found that one of my themes had been hacked as well as the index page.

Updating XOOPS and installing Protector modules are absolute necessities. And look in your theme files and such (likely in the main page of the theme). It's unlikely to be in the database, but don't quote me. And, yes, empty the cache and templates folders (except for index.html).

Still broken? Post again with any additional info.
Pessimists see difficulty in opportunity; Optimists see opportunity in difficulty. --W Churchill

XOOPS: Latest | Debug | Hosting and Web Development

Login

Who's Online

347 user(s) are online (277 user(s) are browsing Support Forums)


Members: 0


Guests: 347


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits