This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
It seems that someone hacked my forum. He only changed my Index, I still have all my messages etc. What should I do to put my index back? And how to trace this guy?
As of this morning when you go to our index page Virus scan alerts of a trojon having been deleted.
How do I fix this and how do I prevent it in the future?
I do have a .tar back up. Can I fix it using that without losing posts?
Thanks,
Mark
What version of phpBB were you using? If you have a clean backup, that you know is clean before the attack, reupload that, and immediately move to 2.0.11 if you haven't already. Also, can you pm me the url to your site?
I downloaded fresh back ups of my site and the bb. I extracted both to a folder and scanned the files for virus'. Said non found. So where is this virus coming from? My Host? It only alerts on my index page of the forums board no where else.
Thanks, for any help.
Mark
I've had the same problem. The coding was hiding in my forum description. Go into your admin, then forum management and general forum settings and check for unwanted code in your forum descriptions. If it's there, delete it.
how it got there, I'll leave to the techies to work out.
As I told Saint Keith in his topic, CaptSpike has the same problem, exact same injected code. Once cleaned up and verified, immediately update to 2.0.11. This is imperative.
I have the same problem too. From what I can figure it happened sometime last night. I am receiving several emails from my forum members (those running McAfee) complaining that they are receiving several pop-ups and it is freezing their internet.
SSIN wrote:
I have the same problem too. From what I can figure it happened sometime last night. I am receiving several emails from my forum members (those running McAfee) complaining that they are receiving several pop-ups and it is freezing their internet.
Check the forum description for viewforum.php?f=1 in the admin panel. There you will find the code to remove. Then immediately update to 2.0.11 and run (and tell your users to run) a full manual virus scan on their pc's.
You might not be able to find this using virus scanners....might wana get adware and spyware systems checking too...Trojan Horses these days are extremely difficult to get rid of...you can never been to careful.
I suggest considering Pest Patrol....no..its not free....but it works extemrely well.
I was really tempted to point out that the other browsers...notably Firefox and i think Safari..are imune to the frame injection vunerability...but i wasnt to sure..guess my inital assumption was correct.
SSIN wrote:I have the same problem too. From what I can figure it happened sometime last night. I am receiving several emails from my forum members (those running McAfee) complaining that they are receiving several pop-ups and it is freezing their internet.
Check the forum description for viewforum.php?f=1 in the admin panel. There you will find the code to remove. Then immediately update to 2.0.11 and run (and tell your users to run) a full manual virus scan on their pc's.
I am so sorry to waste your time, but is the Admin Panel through Vdeck? The gentleman that was looking after my Forum, etc. decided to go on to bigger and better things and other than the passwords, I am at a loss to find my way around in PHPbb yet. Again, please forgive my lack of knowledge.
If you are logged onto your forum as the Admin, then the link "Go to adminstration panel" will appear at the bottom of every page as you view the forum.
Click on that link
On the left hand side, click on "management" under the Forum Management menu
Then click on "Edit" against the first forum on your list.
It should then show your general forum settings with Forum Name, Description, Category, Pruning, and Forum Status. The virus code should be hiding in your forum description as a serious of numbers. Delete them all and hit the "update" button.