No announcement yet.

Virus being loaded on my forum

  • Filter
  • Time
  • Show
Clear All
new posts

  • Virus being loaded on my forum

    I run I had to shut the forum down because we had a virus being loaded somehow through the site. I don't know how it was done, but many members get a norton antivirus popup when then visit the forum. It's not in any posts because it happens when you visit the home page of the forum. I don't know where it is, and can't find it. It's driving me nuts. I am using version 3.0.6, but have enabled that one thing so that it isn't compromisable. Is there any way I can tell how the virus is being loaded? Also how can I keep this from happening again?


  • #2
    I did not click your link of course because of the virus warning but are you running any ads on your main forums? If so it is likely it's something coming from one of them.


    • #3
      Yes I have quite a few ads, but I don't think thats the cause. I check all the ads, and most of them are from people I know wouldn't be trying to load a virus. I think it's something in the template or styles. I did find this code:

      <iframe src='' frameborder='0' width='0' height='0' ></iframe>
      in 2 of the database tables.

      I removed the code, but can't tell if it removed the virus as I never got a pop up in the first place. Would that be a viral code, or something that would load a virus. It was in the language and phrase tables.

      My other question is, how could someone do this? Is PHP injections possible with version 3.0.6? would upraded to .0.7 fix the flaw?

      Also if you type the number "1" anywhere in the forum (posts or pms), it comes up as a broken image. I'm assuming it has something to do with the code the hacker put in, but when I removed that code it didn't seem to help this problem. I'm really frustrated. I'm restoring a backup from earlier to get rid of the problem, but my question is, can this hacker just do it again?

      Would upgrading to 3.0.7 stop him from doing this?



      • #4
        Reuploading fresh files should be good enough. If someone has "hacked" you it could be the vB files or a server service?

        Its 3am, sorry if that didnt make sense.


        • #5
          Yes, but I'm afraid that the hacker will just do it again

          Would upgrading to the new version prevent this?


          • #6
            You should also make surre you do not enable HTML in posts or sigs.
            Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
            Change CKEditor Colors to Match Style (for 4.1.4 and above)

            Steve Machol Photography

            Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.