Another Hack????

Hi,

I have had a problem with my site today. Clicking on the Member Log-In just greys out the screen. No log-in box pops p.

So I have been crusing the forums looking for help. Whilst on one of the sites I was recommended to head to BrwoserShots.org to see how my site looked in a variety of browsers.

Then I spotted my site as it loaded up in Sea Monkey. The screenshot said a Trojan Horse had been found that loaded up with the site? This is weird!! Has my site been hacked?

Heres a screenshot -

Friend Inviter

Has anyone heard of this friendinviter thing? And how come my avg doesnt pick up on it?

Has my site actually been hacked? Any ideas how I could remove this?

Cheers

Max

www.albumdesignforum.com

Quote · 12 Jul 2008

Are you using any Contact Importer mod ???

Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine.
Quote · 12 Jul 2008

Hi,

I'm using nothing other than Dolphin 6.1.2

Just a very basic simple setup. No mods or anything extra.

Cheers

Max

Quote · 12 Jul 2008

HHhhmm.

I just did it again and this time no trojan horse. Im now assuming that it is browsershots.org's computer that has the infection. Not my site.

Cheers

Max

Quote · 12 Jul 2008

Stange... My Avast found exactly the same Trojan on same date 11.07.2008 ??? I'm using Dolphin 6.1.1 heavily moded.

Life is a fatal disease, sexually transmissible - Virginity is carcinogenic! Ask here for vaccine.
Quote · 12 Jul 2008

Check your server for any file. IF you have ssh access, see the process running.

----
Quote · 13 Jul 2008

Please read following:

http://www.boonex.com/unity/blog/entry/IMPORTANT_Security_Alert_

Quote · 14 Jul 2008

Hi,

Register_Globals is off on my account - so Im wondering if this is different.

Cheers

Max

Quote · 15 Jul 2008

I found about 3 ways to hack sites,

register globals issue just simpliest one

Quote · 16 Jul 2008

Hi,


Ive posted this elsewhere but I think its important so I'll post again here.


Boonex say in their documentation - register_globals must be Off, safe_mode must be Off

Yet Boonex constantly recommend HostForWeb and yet Host For Web have register_Globals turned on by default (I asked their livehelp today to confirm this)

So why Boonex, are you recommending a host that violates your hosting recommendations.

Especially with regards to such an important security threat.

Boonex needs to talk to HostForWeb about this, and ask them to turn them off or stop recommending them.


Cheers


Max

Quote · 16 Jul 2008

If we recommend hosting, it not mean that it have all settings that we require are enabled it.

HFW just give possibility change this via .htaccess file (many settings possible change with this htaccess)

It quite impossible find good and stable hosting with dolphin`s required settings :)

Quote · 17 Jul 2008

Hi,

Im not sure thats a good thing "It quite impossible find good and stable hosting with dolphin`s required settings :)

If its impossible then is there a way to develop Dolphin in a direction that makes it easier to find hosting for. And if you recommend Host For Web and say there's a way of sorting out the Register_Globals issue with htaccess can I assume that you have the htaccess already set for your recommended hosting?

Cheers

Max

Quote · 17 Jul 2008
 
 
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.