Forum Security Alert.

xode

Administrator
Hero Member

Posts: 1178

Forum Security Alert.

« on: May 22, 2010, 02:27:41 PM »

It looks like hackers are attacking websites by inserting malicious javascript into the script (program) files for various web programs including the SMF forum software which runs this site. Details are at:

http://community.godaddy.com/godaddy/the-latest-information-on-compromised-sites/

http://community.godaddy.com/godaddy/whats-up-with-go-daddy-wordpress-php-exploits-and-malware/

Please post any unusual activity that you see on this site to this thread.


	Logged

DCS

Verified Prosper Lenders
Jr. Member

Posts: 64

Re: Forum Security Alert.

« Reply #1 on: May 22, 2010, 02:46:41 PM »

User Giorgio sent me a PM that looks like spam. It's titled "My webinar" and the contents are:

Quote

If you are interested please feel free to contact me

https://newworldpro.webex.com/newworldpro/ldr.php?AT=pb&SP=MC&rID=41756912&rKey=dfac9ab1a441c7f5


	Logged

God-Father

Verified Prosper Lenders
Sr. Member

Posts: 426

Don't be late!!!

Re: Forum Security Alert.

« Reply #2 on: May 22, 2010, 03:15:06 PM »

Me too.


	Logged

Long live Prosper and XODE's forum.

xode

Administrator
Hero Member

Posts: 1178

Re: Forum Security Alert.

« Reply #3 on: May 22, 2010, 03:17:27 PM »

Quote from: DCS on May 22, 2010, 02:46:41 PM

User Giorgio sent me a PM that looks like spam. It's titled "My webinar" and the contents are:

Quote

If you are interested please feel free to contact me

https://newworldpro.webex.com/newworldpro/ldr.php?AT=pb&SP=MC&rID=41756912&rKey=dfac9ab1a441c7f5

What the link here lead to didn't look so hot, so Giorgio is now in the Null Posters group (i.e. basically a guest that can receive but not send personal messages and that can look at but not do anything to his profile).


	Logged

BigCowboy

Verified Prosper Lenders
Full Member

Posts: 237

Re: Forum Security Alert.

« Reply #4 on: May 23, 2010, 05:08:45 PM »

I got it too....

-BigCowboy


	Logged

roadhawk

Verified Prosper Lenders
Hero Member

Posts: 586

Re: Forum Security Alert.

« Reply #5 on: May 24, 2010, 02:03:44 PM »

I don't see anything weird on my end and no PM....


	Logged

xode

Administrator
Hero Member

Posts: 1178

Re: Forum Security Alert.

« Reply #6 on: May 25, 2010, 02:08:29 AM »

Quote from: roadhawk on May 24, 2010, 02:03:44 PM

I don't see anything weird on my end and no PM....

Please let me know immediately if you ever do see anything unusual. The hosting provider has created a tool to check if a site is infected, and I had them check this forum and it was clean. Unfortunately, however, SCP's forum got hit.


	Logged

go4reward

Verified Prosper Lenders
Newbie

Posts: 1

Re: Forum Security Alert.

« Reply #7 on: May 26, 2010, 08:59:04 AM »

Yes, but our forum is back after the clean up, see link:
http://forums.go4reward.com/site-news-feedbacks/we-are-back!/msg3636/#msg3636

Watch out for PHP file changes as a group, the change will have the following signature at the top as:
<?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc..........

If you don't have those, you should be fine.

xode: added url and /url tags to fix the above link; apparently a "!" will cause a link to end with it unless these tags are used.


« Last Edit: May 26, 2010, 12:07:40 PM by xode »	Logged

SCP Prosper, P2P Lending, Investing, And Finance Forum - Come joins us for Prosper loans and investing idea discussions.

xode

Administrator
Hero Member

Posts: 1178

Re: Forum Security Alert.

« Reply #8 on: May 26, 2010, 12:15:28 PM »

Quote from: go4reward on May 26, 2010, 08:59:04 AM

My next question is: how (with details) are these hackers able to change those PHP files?


	Logged

Pages: [1]

« previous next »