1
nagelkem
Trojan on site!
  • 2008/5/28 7:45

  • nagelkem

  • Just popping in

  • Posts: 3

  • Since: 2008/2/5 1


I get a report from AVG that there is an Trojan on my site, when it is loading it hangs for a while. During thast time it is loading 58.65.234.163/t/m1004z410157.html, i can't find where it is comming from! Who can help me with this problem!???

2
Anonymous
Re: Trojan on site!
  • 2008/5/28 8:35

  • Anonymous

  • Posts: 0

  • Since:


Quote:
nagelkem wrote:

Who can help me with this problem!???


This is not a support site for computer problems and viruses. Seek specialist advice.

In the meantime, use AVG to scan your pc as it will move the trojan into the Virus Vault.

Get a software firewall such as ZoneAlarm or use Windows built in firewall.

Thread locked.

3
Anonymous
Re: Trojan on site!
  • 2008/5/28 11:25

  • Anonymous

  • Posts: 0

  • Since:


Following PMs received, I've unlocked this thread.

Please be aware that:

1. The site in question has a trojan; visit it at your own risk
2. I don't yet know whether or not it is a XOOPS site

Please offer what help you can

Carry on.......

4
stefan88
Re: Trojan on site!
  • 2008/5/28 11:46

  • stefan88

  • Community Support Member

  • Posts: 1086

  • Since: 2004/9/20


Hi,

clean your templates cache (delete all files in templates_c folder except index.html) and see if you still have that problem...
..

5
Anonymous
Re: Trojan on site!
  • 2008/5/28 11:51

  • Anonymous

  • Posts: 0

  • Since:


If, after following Stefan's advice, still have the problem then.....

1. go through your /uploads folder and its sub-folders
2. go through the /cache folder.

Look for anything unusual in those folders. There shouldn't be very much in the /cache folder at all.

It would also help you could tell us what modules (and versions of them) you're using.

6
trabis
Re: Trojan on site!
  • 2008/5/28 12:52

  • trabis

  • Core Developer

  • Posts: 2269

  • Since: 2006/9/1 1


Look at your index.php for strange code.
Probably a bad ftp program gave your password away. Get a good firewall on your pc, a good ftp program and change your ftp password.

7
Ario_Barzan
Re: Trojan on site!

Is HTML allowed on your site?
if so turn it off and check if it happens again, I think this is more like a HTML code in a message or comment on your site!

8
xgarb
Re: Trojan on site!
  • 2008/5/28 17:32

  • xgarb

  • Not too shy to talk

  • Posts: 154

  • Since: 2003/3/30


it's actually some javascript that has been inserted into the homepage probably by exploiting some other vulnerabilty on the server, possibly through someone else's account on the server. This javascript pulls nasty stuff from other sites.

I would not recommend going to have a look!

9
Anonymous
Re: Trojan on site!
  • 2008/5/28 17:36

  • Anonymous

  • Posts: 0

  • Since:


I've just visited your site and that file (58.65.234.163/t/m1004z410157.html) is being loaded on start-up.

That IP address (58.65.234.163) is registered in Hong Kong. See the "whois".

There is an address to report abuse - abuse@hostfresh.com - use it.

I've googled 58.65.234.163/t/m1004z410157.html and the only link on the net is to the first post in this thread. Yay - a "googlewhack" to me Of course, now I've posted this.....

Try going straight to yoursite.com/user.php and see if the code is still called. If it is then check your theme.html for dubious code, e.g. a sneaky iframe.

Also, if the file is being called and theme.html looks okay, check your index.php - there shouldn't be any more code in it than this:

include "mainfile.php";

//check if start page is defined
if ( isset($xoopsConfig['startpage']) && $xoopsConfig['startpage'] != "" && $xoopsConfig['startpage'] != "--" ) {
    
header('Location: '.XOOPS_URL.'/modules/'.$xoopsConfig['startpage'].'/');
    exit();
} else {
    
$xoopsOption['show_cblock'] =1;
    include 
"header.php";
    include 
"footer.php";
}


If the code isn't being called when you go to user.php isn't then login, go straight to the admin panel and disable all the module blocks on your homepage except the login/user menu block.

Go to the homepage and see if the file isn't being called. If not then add one of the blocks back in. Repeat until the culprit is found.

Do you use the "Protector" module? If not, and I suspect you don't, then install it when you have traced the problem.

Please don't be afraid to ask for help.

10
Anonymous
Re: Trojan on site!
  • 2008/5/28 17:40

  • Anonymous

  • Posts: 0

  • Since:


PS: The simplest thing to try would be to delete your theme from your /themes folder using your FTP software and upload a "clean" copy of your theme.

Then install Protector.

Login

Who's Online

334 user(s) are online (235 user(s) are browsing Support Forums)


Members: 0


Guests: 334


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits