Malware Warning

Do not kick a hornet's nest. This is the only thread I've clicked on since it all started. I love phun but do not want a virus so am not opening threads except this. Quit while you're ahead.

 

I dont know who is in charge of Phun.And i dont know he/she isn't just sitting on his/her finger.Apart from "cayne" it's the only person iv seen giving us updates.

 

And now if you add 1 and 1 together, you maybe find out who's in charge

 

If you are in charge Cayne.I really hope you get Phun back up and running quickly.It's my fav forum.

 

You got it!

Oh and well, Google loves us. AGAIN!

Came in 5 minutes ago.

God damn, I hope this shit never comes back!

 

@cayne, just for curiosity - what was the specific injection this time? A user sig?

 

ADMIN: If you're running Plesk as your control panel I can almost guarantee you that's how they're getting in. Certain versions of Plesk allow PUT commands over port 80 and they can directly put files into writable directories. From there the malware can infect your vBulletin's vbulletin_global.js , ajax.php ,etc... And if they got access through Plesk they could have all your passwords (anything that's stored in Plesk, meaning email, ftp, etc..) If you're not running Plesk then you can obviously ignore this entire msg

 

Well damn...I got hit by a drive-by virus from a webpage 2 days ago...I was trying to figure out where it came from. I think I found the source: phun. :-/ It was the "FBI has detected child porn on your computer. To avoid jail time, you must pay them $200 via a prepaid card from WalMart" malware, locked up the whole screen; I had to boot in safemode and run anti-malware to get rid of it...was relatively nasty.

Best of luck getting it all sorted out, Cayne and mod staff!

 

Still getting those Malware warnings when I try to log in from Chrome. But when I checked the website on McAfee SiteAdvisor, the results were normal. This is the exact message I got after the scan for forum.phun.org ---- "We tested this site and didn't find any significant problems". So hopefully everything is back to normal, as Cayne mentioned above.

Just hope Google gets its act together & gives us back our favorite forum!

 

No warnings for me with Chrome!

 

When *not* logged in, I see that there is a script from cmsmadesimple.org injecting a 1x1 iframe to a russian site... never noticed it before and seems kind of suspicious...

 

Yeah, that was in inject. I removed it. But I don't understand how no malware check (besides the AV software) found it. Scan the site with three different scan pages, with no result.

Thanks a lot for the heads-up!!

 

Checking the russian site manually I only found what seemed to be various counters (but it was not a thorough check), so maybe that's why no scanner recognized it. Still dangerous ofc, if they decide to change the code delivered. So it's good that it was removed

/e: still seems to be around though...

 

Yes, there seems to be script hidden, that re-injects the code after you remove it. Quite the pain in the ass, but the techs are on it and will find out, how it got there. But thanks again for the heads-up!

 

It should be gone for good now. They used a different domain, running on the same server to install this crap, but the whole CMS of the other domain is being disabled now.

 

it's pretty amazing this is the only security breach in 7 years

 

s u p e r i o r p i c s is now under attack ... these 'guys' may be going after all celeb pic sites by exploiting image hosting vulnerabilities ??? ... fyi

 

Just to let people know, I just got a Malware warning when trying to visit ImageBam. Firefox and my AV software stopped it but be aware.

It looks like it might be the same attack that Phun was under hidden in the iframe.

 

I just went to www.imagebam.com but no malware warning

 

It's not on the main page, but it pops up every time I've tried to view a linked image posted on phun.