1
pinchecl
Re: Cannot embed video using iframe
  • 2013/12/5 6:23

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


I too have a similar problem. Using dhtml the youtube button doesn't give the video. Using tinymce I, as a webmaster, can use <iframe>. However, members can not. It gives the message "iframe filtered". So I suppose it's a permission thing. But how and where can I set that?



2
pinchecl
Re: hacked?
  • 2013/11/1 14:12

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


After a lot of help(thanks dbman and mamba!!) and anayzing we found that it was the server that was hacked. So xoops performed as may be expected :)



3
pinchecl
Re: hacked?
  • 2013/10/31 7:10

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


Thanks!



4
pinchecl
Re: hacked?
  • 2013/10/30 13:21

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


I have scanned for the fromCharCode and these are the results:

fromCharCode(c+29):c.toString(36))}; in easing.js

fromCharCode(parseInt(m[n],p)); in tinymce.js

fromCharCode(55296+(o>>10),56320+(o&1023))}else{return i[o]||String.fromCharCode(o)}}return d[n]||a[n]||h(n)})}}})(tinymce);in tinymce.js

fromCharCode(160)||X.nodeValue==String.fromCharCode(32))} in editor_plugin.js

Does that look suspicious to you?



5
pinchecl
Re: hacked?
  • 2013/10/30 13:13

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


How do I remove the reference? (I'm not that experienced....), is it done in the particular js file? Anyway, what I've done now is disabling the jquery.js (which by the way was found in the xoops_lib directory (yes, I have renamed that dir). When I scan for redirects that particular one has gone. However, members still report norton alerting for that intrusion. I have asked them to clear their cache and await the results. Meanwhile I'll scan for the code you mentioned. Thanks so far for your help!



6
pinchecl
Re: hacked?
  • 2013/10/30 8:02

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


I found three files with the "fromCharCode": easing.js in extGallery, tiny_mce.js and editor_plugin.js in tinyeditor. Where do I go now?



7
pinchecl
Re: hacked?
  • 2013/10/30 7:49

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


Thanks! Already scanned everything for a virus. None found. So I'll check the source for fromCharCode now.



8
pinchecl
hacked?
  • 2013/10/29 14:04

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


I'm running on 2.5.6.
I have done a completely fresh install and run into a norton popup about this:

In my source code I found this line: "http://skinnalicious.net/final/browse ... ks/jquery/jquery.js".
That redirects to: "http://9eklkgar7iuibw80yth0kjt.akayte ... XJ5L2pxdWVyeS5qcw=="
I really can't find the file that holds the line "http://skinnalicious.net/final/browse ... ks/jquery/jquery.js". Is there anyone who can lead me in the right direction? The weirtd thing is that there isn't a directory Frameworks/jquery at all.
According to my hosting provider the server is completely clean. However, every fresh install runs into the same problem. So there are a couple of possibilities in my opinion:
1 - the server is compromised, despite what my provider says
2 - the code is falsly recognised as being maicious
3 - I'm using xoops parts(theme, module a.s.o) that somehow has been infected
4 - I'm doing something completely wrong

Whichever it is, I would like to solve it if possible before I decide to move everything away from this host. Any suggestions?



9
pinchecl
Re: Publisher 1.0 Final ready for testing
  • 2013/10/25 17:33

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


When submitting an articlke in publisher the published date field (Calendar) gives this : _CPM0_October-0500ROctPMCDT. So something is missing I think



10
pinchecl
Re: Help needed.
  • 2013/10/22 18:12

  • pinchecl

  • Friend of XOOPS

  • Posts: 193

  • Since: 2005/4/22


Quote:

Mamba wrote:
You whole server might be compromised, and even if you set a new site within your old server, it won't help.
To make sure that you have a clean installation, I would suggest to have a fresh installation on a new server - only this way you could make sure that you have a clean code.

I was afraid of that. Thanks Mamba!




TopTop
(1) 2 3 4 ... 15 »



Login

Username:
Password:

Lost Password? Register now!

Who's Online

57 user(s) are online (29 user(s) are browsing Support Forums)


Members: 0


Guests: 57


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jan 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits