Reply With Quote
http://thefinalfantasy.net/forums/fo...r-problem.html
This has already been adressed here.
Apparently a number of other TFF'ers are having issues accessing the site. Avast comes up as saying that there is a virus here and it automatically aborts the connection. I'm using a beta version of kaspersky, so nothing's come up for me, but that might just be that my AV is failz.
Anyword on whether there's a certified problem or not?
Additional Information from Sheena
Apparently it picked up a "gzip" file at hXXp://thefinalfantasy.net/\gzip
(T's are replaced with x's for safety reasons), and the script name is HTML: Script-inf
So...yeah, any info would be much appreciated!
(TFF Family):
http://thefinalfantasy.net/forums/fo...r-problem.html
This has already been adressed here.
Soldier: "We suck but we're better then you"
We will fight, we will be strong
Together we're marching on
United, we move as one
Our finest hour has just begun
Philmore - Our Finest Hour
Crao Porr Cock8! Need I say more!?My awards:
This may be too late to say anything,but.Everytime I log on my computer blocks a virus.Lucky I have a virus blocker,has anyone else experienced this?
---------------------------------------------------
My TFF Family:
* My Awesome Older Brother, Judge Magistrate :]
* Illusion :]
* Cait Sith :]
* My Sweet,Caring,Older Sister angelmarie190515 :]
* My FF Twin, nickness89 :]
* My Favorite Australian Cousin, NikkiLinkle :]
* My Long Lost Cousin, Hero without a Name :]
***98% of all teens have tried smoking pot and drinking. If you're one of the 2% who hasn't, copy this and put it in your signature.
Meier, this is a completely different thing. So no it has not been solved. This isn't a trojan. This is a virus/worm.
I havent gotten this but, i have been getting dogpile, and trojan's. ood thing i have Norton 360 ^^
JillXWesker & MeruXDart FTW!
I have Norton 360 too, and I'm not getting any problems. So... I'm sure thats not the issue. =SOriginally Posted by Outdoor2497
"I used to be active here like you, then I took an arrow in the knee."
>>>------------->
Suddenly... clutter.:
Warning free for over eight years. Feels good.
Bloodhound.Exploit.156 | Symantec
This is what both of my anti-virus programs are picking up on. It is not limited to the main forum anymore, I have managed to pick up virus alerts all over the forum.
I am using McAfee Premium and also have Norton Corporate edition at work. Both have picked this up multiple times.
I think as long as your software is up to date you will be fine. It is easily contained and elminated but it is getting annoying having to see the damn pop ups all of the time.
Soldier: "We suck but we're better then you"
We will fight, we will be strong
Together we're marching on
United, we move as one
Our finest hour has just begun
Philmore - Our Finest Hour
Crao Porr Cock8! Need I say more!?My awards:
I don't get anything, and I use Avira Security Suite. I also use FireFox with adblock.
So I guess for those who get it, uh.. start using Firefox with adblock?
Because Fuzz just went through everything and he got nothing.
Ok, ty Meier and Sheena ^^ and Unknown ^^
P.S. Unknown your awsome ^^
JillXWesker & MeruXDart FTW!
Sorry to hear that some people are still getting this ghost virus. I'm not entirely sure what the deal is - as there are no infections on the server. As I mentioned earlier, I am migrating to another new machine within the next couple of days... I will take that opportunity to do a deep clense of the site.
The new server has more updated software, scripts, and kernel on it, so we'll be moving into a fortress.
In the interm, I'll keep you posted if I hear or find anything about this virus. Otherwise, this will for sure be resolved after the move. Thanks
UPDATE: Ok, now that we're on the new box and my DNS has propogated, I am getting down and dirty on this bastard... along side doing some hardcore cleaning.
UPDATE: I FOUND THE ****ER!
UPDATE: It was a SQL injection in the 'forum' table... bah. Well, good news is that is from the old server and just came along with the DB backup I made. Now that we have all the latest PHP/MySQL versions, we shouldn't have any more of those. Thanks to all who helped report this. I hate malware!
Live update as of now. I have scrolled through the forums multiple times and have yet to see notifications of a virus on either of my comps. I would have to say the issue has resolved it's self (if that is what we really want to call it).
Fuzz (if you are reading this) I am curious, did you find something during the move? Or was it probably the security of the new server that rendered this exploit useless and dead?
Soldier: "We suck but we're better then you"
We will fight, we will be strong
Together we're marching on
United, we move as one
Our finest hour has just begun
Philmore - Our Finest Hour
Crao Porr Cock8! Need I say more!?My awards:
Yeah, well, I guess what happened is the exploit was actually transferred over to the new server since it was in the database backup. However, after the DNS synced in and I visited the forums for the first time with the domain pointing to the new IP address; NOD32 barked at me with a few malicious warnings.
Have the error actually in front of me helped me get the appropriate info to do a fulltext search on it in the database. I guess my AV only warns you once and then tucks the warning away? Oh well, doesn't make much since, but none-the-less it is fixed
Apparently many other FF and WoW related sites have the exact same exploit... makes me wonder if it is the content relevant ads that injected the code.
Well at least we all updated PHP, mySQL, and vBulletin packages now, so we are definitely back up to speed. thanks again for your help!
Bumping this because there's more Malware... @_@
I'm getting it too
Malicious software is hosted on 1 domain(s), including pleasedontban.info/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including spiritek.co.jp/.
This site was hosted on 1 network(s) including AS13768 (PEER1).
Ive had a notice about this malware from Google Chrome and Avast but for some reason Avast just notify's me and lets me go on the site.
CPC8... Makin' it happen
Typo's change everything ^
I'm only getting the blockage from FireFox, but Avast says there is nothing. xP
I'm using google chrome and it is warning me that this site host possible Malware.
Well as I don't have access to Fuzz's Google webmaster account, I can't check to see "where" it found it. I'm guessing on the main site or from Google's own ads. I've suggested before to remove the "features" that allow people to upload stuff to the site, but yeah... it's still there. >_<
edit: Well I looked over all the recently modified files on the server and they are all just stuff Fuzz put up. I didn't really see anything suspicious in any of them. I also did a search for users to see if they have script in their sigs and didn't find any... so without the Google info, I don't know where to go from there.
Should be fixed now! This seems to happen like once a year or so - it seems inevitable!
It turned out to be some malicious code that was injected in a vBulletin JavaScript file. I have since removed the code and upgraded the Forums to the latest 3.8 release 3.8.6 Patch Level 1. I have requested for the warning to be removed and it should be gone shortly.
Hmm... I'm still getting it. Anything we can do on our end? Reset cookies or anything like that?
Okay it seems that I am only getting it when I first go to the website, but after I'm in I don't get the message over and over like I used to.
edit: fixed. Thanks, Fuzz!
Last edited by che; 09-14-2010 at 11:40 AM.
hmm....well im glad that i wasn't the only person having this problem. i was quite hesitant to log on for the past couple days since my comp seems to have some sort of gravitational pull towards virus'. thanks fuzz!
"With each passing day, the world finds new and exciting ways to kill a man." - Balthier
CURRENTLY PLAYING
final fantasy xiii-2
skyrim
pokemon fire red
Posting Permissions
Bookmarks