Previous Thread
Next Thread
Print Thread
Hop To
Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
A user reported the above message generated by their corporate security system. I am running 7.5.3.

The security system is ESET NOD32 V4 Business Edition.

Last edited by DennyP; 12/22/2011 12:39 PM.

DennyP - www.dennyp.com
DennyP Travel
Joined: Jan 2004
Posts: 2,474
Likes: 3
D
Pooh-Bah
Pooh-Bah
D Offline
Joined: Jan 2004
Posts: 2,474
Likes: 3
Just before my browser crashed, I got this alert...

Attachments
alert.jpg

Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Yep. corporate firewalls are tough to deal with.
You never know what they have instituted.
I deal with them all of the time.
Most times with no success.

But anyway for starters v7.5.3 has been patched with a security update which it appears you are not using.
So even if you upgrade right now. it will not correct prior hacking to your board, if that is the case.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
If you where hacked you'll need to patch your forums, make sure you're using stock files (and that they haven't been altered by a hacker), and make sure your webspace doesn't have malicious files lingering around which would allow a remote hacker to continue compromising your system.

I actually just did a cleanup of a really nasty hack last week, they aren't pretty and you as the owner are really responsible for hosting these files; after a while Google and antivirus people will start flagging your site as malicious and users will start getting warnings about your site hosting malicious content if you allow it to just sit there.

You should look into either hiring someone to fix your site, or if you think you can do it yourself (which I highly advise against as with disaster recovery is easy to miss something) you'll need to use a utility like beyond compare to compare your forum files to that of the stock files and compare differences, then you'll need to use ssh and grep to look for any suspicious edits to files and you'll need to look at recently edited/new files on the server.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
Which of the two initial messages in this topic does the above reference? It appears that "driv" hijacked my topic with a different subject so I'm not sure to which one the comments refer.


DennyP - www.dennyp.com
DennyP Travel
Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
I have no idea where Driv got his info for his post image.
You edited your post and where your error message came from is not displayed.
Possibly you had posted a url and he tested it.

I went by that the latest security patch addressed a very very serious security hole. Where someone could edit your scripts.
In fact it delayed progress on the next version release.
Not so much the patch itself but finding the actual hack in the scripts before the patch.

So if you are getting nagged with security risks then that could possibly be the culprit.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Apr 2007
Posts: 3,940
Likes: 1
SD Offline
Former Developer
Former Developer
Joined: Apr 2007
Posts: 3,940
Likes: 1
driv reported what his browser said, when he went to your site, so he didn't hijaack it

he was confirming that you prolly have an issue with your board security.

then we get to Giz who noticed that you aren't patched and his reply.

sooo.. the thread is still about your initial post wink

but maybe i'm wrong too laugh

Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
I see thanks. I thought driv was just posting something they got someplace on their system.

When I go to the download area I see the full version files and I see the patch files. Which do I need? Thanks.


DennyP - www.dennyp.com
DennyP Travel
Joined: Jun 2006
Posts: 1,344
G
veteran
veteran
G Offline
Joined: Jun 2006
Posts: 1,344
Since your running 7.5.3 you need to full version to upgrade to 7.5.6. The patch is if you were running 7.5.6 already

Joined: Dec 2003
Posts: 6,560
Likes: 78
Joined: Dec 2003
Posts: 6,560
Likes: 78
Well it is suggested to upgrade. there is a security patch for your version in the right side of the member area.
But if you were hacked already. The patch will only stop future attacks not repair past issues.


Blue Man Group
There is no such thing as stupid questions. Just stupid answers
Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
Understood - thanks. I'll get to work on that this evening.


DennyP - www.dennyp.com
DennyP Travel
Joined: Apr 2007
Posts: 3,940
Likes: 1
SD Offline
Former Developer
Former Developer
Joined: Apr 2007
Posts: 3,940
Likes: 1

Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
Thanks.


DennyP - www.dennyp.com
DennyP Travel
Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
I upgraded to 7.5.6p2. I had a second person tell me that they got a similar virus alert using a different anti-virus program than the first person. I have asked both of them (and PMed driv) to try it again to see if they get the same error.

I installed the same anti-virus system used by one of the persons who reported the problem, but I don't get the error. I didn't get it before I upgraded to 7.5.6ps either.


DennyP - www.dennyp.com
DennyP Travel
Joined: Jun 2006
Posts: 1,344
G
veteran
veteran
G Offline
Joined: Jun 2006
Posts: 1,344
Quickly looking through the source code of your site doesn't look like anything was added. But like giz said, you could have malicious code on your server.

If your site was compromised prior to the patch, that doesn't mean the patch will fix whats could have been added. You may need someone to go through your server and check things out.

Ask your members what they are doing when they get the alert, what browsers they are using. Run your site through http://sucuri.net/global, which says your sites good, but you never know. Code could be hidden in any of the .php or .js files

Last edited by gliderdad; 12/23/2011 12:05 AM.
Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
Both users that got the error got it immediately when accessing the message board. One used specifically said the were going to the login page. I don't know what browser they used, but I have left them an email message about that.

The sucuri scan came up clean.

I'll see what my 2 users say and then go from there.

I appreciate your assistance.

Last edited by DennyP; 12/23/2011 12:09 AM. Reason: spelling

DennyP - www.dennyp.com
DennyP Travel
Joined: Jan 2004
Posts: 2,474
Likes: 3
D
Pooh-Bah
Pooh-Bah
D Offline
Joined: Jan 2004
Posts: 2,474
Likes: 3
Originally Posted by Sirdude
driv reported what his browser said, when he went to your site, so he didn't hijaack it

he was confirming that you prolly have an issue with your board security.
Yep, spot on ...but he's all clear today smile

Originally Posted by Sirdude
but maybe i'm wrong too laugh
Not usually mate wink

Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
After upgrading to 7.5.6p2 2 of the 3 people (thanks driv) reported that there were no more errors. I am waiting for the 3rd person to report once he gets to his office. But it looks favorible.

Thanks to everyone for their assistance. Have a wonderful holiday.


DennyP - www.dennyp.com
DennyP Travel
Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
At this point everyone who reported a virus infection message on my message board pages reports now that all is ok after upgrading to 7.5.6p2.


DennyP - www.dennyp.com
DennyP Travel
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
I'm glad to hear that upgrading patched stock files that where modded by a hacker; I hope you take my advice under advisement about ensuring your server isn't insecure as if the intruder could overwrite one file they certainly could have added several others all over your webspace.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
Originally Posted by Gizmo
I hope you take my advice under advisement about ensuring your server isn't insecure as if the intruder could overwrite one file they certainly could have added several others all over your webspace.
Any further checking would be beyond the scope of my technical ability. Any idea of the time and cost involved to have a person competent in this area look it over?

Last edited by DennyP; 12/23/2011 9:47 PM. Reason: spelling

DennyP - www.dennyp.com
DennyP Travel
Joined: Jun 2006
Posts: 16,292
Likes: 116
UBB.threads Developer
UBB.threads Developer
Joined: Jun 2006
Posts: 16,292
Likes: 116
Really depends on the amount of data on your site; I had to do a cleanup of a really nasty hack on a client site where I had to work with his webhost directly to clean up the mess and it took about 12 hours to accomplish (though his issues extended far beyond his forum just being hacked).

My general baseline minimum as far as a quote would go is ~3 hours @ $120/hr; which would include comparing ubb files for any "new" files, looking at all files newer than a couple of weeks, going through every line of code on your site and looking at post requests, etc.


I am a Web Development Contractor, I do not work for UBBCentral. I have provided free User to User Support since the beginning of these support forums.
Do you need Forum Install or Upgrade Services?
Forums: A Gardeners Forum, Scouters World
UBB.threads: UBBWiki, UBB Styles, UBB.Sitemaps
Longtime Supporter & Resident Post-A-Holic
VNC Web Services: Code Modifications, Upgrades, Styling, Coding Services, Disaster Recovery, and more!
Joined: May 2012
Posts: 1
T
stranger
stranger
T Offline
Joined: May 2012
Posts: 1
Hi guys !
I have made an account on this website !
I appreciate the choice of the topic chosen also appreciate the discussion because it is really informative for me !
A user reported the above message generated by their corporate security system. I am running 7.5.3.

The security system is ESET NOD32 V4 Business Edition.


Tomcruise
Joined: Jan 2004
Posts: 2,474
Likes: 3
D
Pooh-Bah
Pooh-Bah
D Offline
Joined: Jan 2004
Posts: 2,474
Likes: 3
We're going to need your forum URL if you want us to take a look at it. smile

Joined: Apr 2004
Posts: 232
Likes: 1
D
Enthusiast
Enthusiast
D Offline
Joined: Apr 2004
Posts: 232
Likes: 1
Originally Posted by driv
We're going to need your forum URL if you want us to take a look at it. smile
It looks like this reply was made to my posting from 5 months ago. But I'm sure it was directed at the poster below mine.

In any case, in order to possibly help the new poster here's what I had to do ...
  • upgrade ubbthreads to 7.5.6p2 to pick up the security patch
  • reload the OS on my server


DennyP - www.dennyp.com
DennyP Travel

Link Copied to Clipboard
ShoutChat
Comment Guidelines: Do post respectful and insightful comments. Don't flame, hate, spam.
Recent Topics
spam issues
by ECNet - 03/19/2024 11:45 PM
Looking for a forum
by azr - 03/15/2024 11:26 PM
Editing Links in Post
by Outdoorking - 03/15/2024 9:31 AM
Question on barkrowler and the like
by Mors - 02/29/2024 6:51 PM
Member Permissions Help
by domspeak - 02/27/2024 6:31 PM
Who's Online Now
0 members (), 744 guests, and 147 robots.
Key: Admin, Global Mod, Mod
Random Gallery Image
Latest Gallery Images
Los Angeles
Los Angeles
by isaac, August 6
3D Creations
3D Creations
by JAISP, December 30
Artistic structures
Artistic structures
by isaac, August 29
Stones
Stones
by isaac, August 19
Powered by UBB.threads™ PHP Forum Software 8.0.0
(Preview build 20230217)