Announcement

Collapse
No announcement yet.

Has my site been hacked?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Has my site been hacked?

    Some members of my site ( I think they are AVG users) have reported getting a pop up which reads,

    WARNING VISITING THIS SITE MAY HARM YOUR COMPUTER
    The website contains elements from the site blogcasino.org which appears to host malware .......


    Any ideas what is happening and what I can do about it, Thanks

  • #2
    You have most likely picked up a virus that has comprimised your files on your site or is your adserver giving you ads from blogcasino?

    What I'd do...
    1. Backup your site
    2. Change passwords for FTP, Cpanel, and everything else. On a different computer to the one your usually on.
    3. Scan your machine for viruses
    4. Reupload VB files to your site
    5. Job should be a gooden'

    Thats what I'd do anyway.

    Comment


    • #3
      I use asdsense, so maybe they could provide ads for blogcasino, I just put blogcasino in my competitive ad filter so if google was serving their ads then that should stop.

      The warnings came about half an hour after this user "colkolkolkdh" joined the forum, a google search shows him to be a member of many forums, but never posted

      I have a tar backup of the site which i did the other day, could I just restore that to get rid of the problem?

      Comment


      • #4
        Nah, you shouldnt need to do that.

        Run this mod: http://www.vbulletin.org/forum/showthread.php?t=220967

        See if that clears it up.

        Comment


        • #5
          NO you are not hacked

          Comment


          • #6
            Originally posted by icarusforde View Post
            Nah, you shouldnt need to do that.

            Run this mod: http://www.vbulletin.org/forum/showthread.php?t=220967

            See if that clears it up.
            You seem to be a very smart young man and for a dummie like me I do appreciate a lot of your knowledge, many thanks, TF

            Comment


            • #7
              Sorted - Thanks icarus :-)
              Last edited by jimjam; Sat 26 Dec '09, 6:56am.

              Comment


              • #8
                8 hours later, the same thing, warnings about a different site this time. Ran the tool and it cleared again. (thanks) What can i do to stop this happening. How are they getting the code onto my template? Thanks

                Comment


                • #9
                  AGAIN, Got a load more malware reports this evening the tool is removing it. But how are the ba$$tards adding the code to the templates? Thanks

                  Comment


                  • #10
                    They may not be adding them to the "templates" As they could easily phish it through an image uploader/video uploader script ect..
                    vBulletin.com great hosting guide made by me. 2,000+ Views
                    Hosting Guide.

                    Proud vBulletin License Owner!
                    Did I help you out? Please give me a cookie then!
                    http://cookyx.com/new/158.png
                    Edlinpugs | Clan WrT

                    Comment


                    • #11
                      It's good to know that your templates are the issue, cause that narrows things down.

                      From here, follow the advice given by Nitra1000:
                      1. Backup your site
                      2. Change passwords for FTP, Cpanel, and everything else. On a different computer to the one your usually on.


                      Make sure that you change your MySQL passwords, anything and everything that you have that deals with the SQL databse. Go to a public library and change them there, so that if there is some sort of keylogger installed on your computer, that it doesn't get logged there. Then go home, go download AVG/Avast and scan your computer (deep level scan), get adaware or spybot, also scan with them, etc. Make sure there's nothing dodgy on your computer.

                      Comment

                      widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                      Working...
                      X