Announcement

Collapse
No announcement yet.

Is my site infected with Malware

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Hi Wayne, Ive searched for "Select styleid, title, template from template where template like '%eval(func%';" too and nothing shows up.

    - - - Updated - - -

    All of the Mods present are correct, the config.php looks fine

    Comment


    • #32
      You'll need to open a support ticket then. They'll need full access to the AdminCP, Database and FTP.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud demonstration site.
      vBulletin 5 API

      Comment


      • #33
        Originally posted by Wayne Luke View Post
        Your code is different than that above so my query wouldn't work. You would need to modify it to pull a unique string from the offending code.

        So for your first section I see: ipbs='84fbbba7'. The 84fbbba7 is unique. Could try ipbs= as that might be a more universal tidbit or eval(func
        tion(p,a,c,k,e,d){.

        Try:
        Select styleid, title, template from template where template like '%eval(func%';

        That should match all three code snippets posted in this thread so probably other infections as well.
        I did try with my code and it returned no results.

        Now I tried the new code you gave and still no results.

        This is very strange. Google sees it but no one else who is having this issue is able to find the code anywhere.

        Comment


        • #34
          Originally posted by anjaan79 View Post
          I did try with my code and it returned no results.

          Now I tried the new code you gave and still no results.

          This is very strange. Google sees it but no one else who is having this issue is able to find the code anywhere.
          Yeah... It is probably a plugin that checks the referrer and then injects the code into your page. Which is why I said you had to review EVERY plugin installed on your site. This means opening them up and investing the code, comparing it to default code for the addon and so forth.

          The query itself is just one MINOR step in determining where the infection lies.
          Translations provided by Google.

          Wayne Luke
          The Rabid Badger - a vBulletin Cloud demonstration site.
          vBulletin 5 API

          Comment


          • #35
            I have restored the 12 may copy of my VPS and google say that de site have not malware. I will try with 18 May copy of the VPS


            Ciao!

            Comment


            • #36
              Sorry about that as an FYI my problem did get resolved once I upgraded the vb. I had upgraded VBSEO about two weeks prior.

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X