Stop data retention! Click here & act! Are you a webmaster and want to participate? Here you can find all necessary material for your website - Willst du auch an der Aktion teilnehmen? Hier findest du alle relevanten Infos und Materialien:
Chris Karakas Online Forum Index Karakas Online
 FAQFAQ   Forum SearchForum Search   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
JS/Downloader Virus on my PHPNuke site?



 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.
   Chris Karakas Online Forum Index -> PHP-Nuke Forum RSS Feed of this Forum
Share this page: These icons link to social bookmarking sites where readers can share and discover new web pages.Digg  del.icio.us  tc.eserver.org  Blinklist  Furl  Reddit  Blogmarks  Magnolia  Sphere  Yahoo!  Google  Windows Live  Technorati  Blue Dot  Simpy  Newsvine  Stumble Upon  co.mments.com  Blinkbits  BlogMemes  Connotea  View previous topic :: View next topic  
Author Message
quanahparker
Warrant Officer
Warrant Officer


Joined: 16 Feb 2006
Posts: 69

PostPosted: Sat Mar 29, 2008 5:13 am    Post subject: JS/Downloader Virus on my PHPNuke site?
Reply with quote

Recently I installed a new PHPNuke site. For some reason, and only on Internet Explorer, I've had 2 friends complain that they're getting a "JS/Downloader Agent" virus detection.

I did some reading and found that it's caused by Java Script. But, how could my new website be holding this script? It doesn't make sense to me. I do have one flash animation clock on my site. Could that be causing it?

I've researched and researched. My feeling is that this virus detection is triggering incorrectly. Could my speculation be true?

Here's my site. Tell me what you're getting. Would love some idea how to handle this:

http://www.isuckgaming.com/

Thanks.

Q
Back to top
View user's profile Send private message
quanahparker
Warrant Officer
Warrant Officer


Joined: 16 Feb 2006
Posts: 69

PostPosted: Sat Mar 29, 2008 6:22 am    Post subject:
Reply with quote

Is it possible it could have been my flash clock? That WAS the only thing that had a java script running it. I'm not sure what else could be causing it?

Maybe the scroll at the bottom for website links?

I just don't get this at all.

Q
Back to top
View user's profile Send private message
Floren
President
President


Joined: 08 Mar 2006
Posts: 1384
Location: USA

PostPosted: Sat Mar 29, 2008 11:33 pm    Post subject:
Reply with quote

Couldn't you scan the flash clock files with an antivirus program to either confirm or eliminate it as the culprit?

Is your site patched? Do you have Nuke Sentinel installed? I wouldn't be operating a Nuke site without those two things. You should examine your site logs, especially ftp. When I work on other people's sites, I see most of them have anonymous ftp turned on. I'd make sure it was turned off. I would also review all the files on the server and check the dates to see if anything has been added since your last update.

I recently worked on a site where someone was able to add document write code to the bottom of every .php and .html file on the server. I have no idea how they did it.

I wish I could just deal with content on my sites, but unfortunately there are so many sad (or just plain mean) people in the world who don't have a life, so they mess with other people's websites all day and night. That's why you have to examine your logs every day and see who's attempting malicious activity on your site - and then try and block them.

When I examine my logs, I see where everyday somebody has attempted to hack or spam me, but so far Nuke Sentinel has stopped 'em cold.

Security
Back to top
View user's profile Send private message Send e-mail Visit poster's website
quanahparker
Warrant Officer
Warrant Officer


Joined: 16 Feb 2006
Posts: 69

PostPosted: Sun Mar 30, 2008 9:03 am    Post subject:
Reply with quote

Floren wrote:
Open quoteCouldn't you scan the flash clock files with an antivirus program to either confirm or eliminate it as the culprit?

Is your site patched? Do you have Nuke Sentinel installed? I wouldn't be operating a Nuke site without those two things. You should examine your site logs, especially ftp. When I work on other people's sites, I see most of them have anonymous ftp turned on. I'd make sure it was turned off. I would also review all the files on the server and check the dates to see if anything has been added since your last update.

I recently worked on a site where someone was able to add document write code to the bottom of every .php and .html file on the server. I have no idea how they did it.

I wish I could just deal with content on my sites, but unfortunately there are so many sad (or just plain mean) people in the world who don't have a life, so they mess with other people's websites all day and night. That's why you have to examine your logs every day and see who's attempting malicious activity on your site - and then try and block them.

When I examine my logs, I see where everyday somebody has attempted to hack or spam me, but so far Nuke Sentinel has stopped 'em cold.

SecurityClose quote


Great advice. Thanks for pointing me in the right direction. I'm really torn up over this simply because it's one thing to hack the site and shut it down, it's a whole other thing to add a virus that affects those who visit.

People are so weird.

Thanks Floren.

Q
Back to top
View user's profile Send private message
quanahparker
Warrant Officer
Warrant Officer


Joined: 16 Feb 2006
Posts: 69

PostPosted: Mon Mar 31, 2008 3:12 pm    Post subject:
Reply with quote

I did have my service provider run a virus scan on the site. He ran two, and it came up clean. Apparently, Internet Explorer (the latest version) recognizes certain types of flash as a POTENTIAL security issue, but not an actual virus.

I find this strange.

Q
Back to top
View user's profile Send private message
adsy
President
President


Joined: 13 Feb 2006
Posts: 814
Location: UK

PostPosted: Sun Apr 06, 2008 11:57 pm    Post subject:
Reply with quote

its actually something i wanted on my php nuke site too.

my only suggestion to you is to create a block with a static time rather than a changing time.

you can do this with a call to the date() function in php. (link to the php website)
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Share this page: These icons link to social bookmarking sites where readers can share and discover new web pages.Digg  del.icio.us  tc.eserver.org  Blinklist  Furl  Reddit  Blogmarks  Magnolia  Sphere  Yahoo!  Google  Windows Live  Technorati  Blue Dot  Simpy  Newsvine  Stumble Upon  co.mments.com  Blinkbits  BlogMemes  Connotea 
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.
   Chris Karakas Online Forum Index -> PHP-Nuke Forum
Page 1 of 1
This page contains valid HTML 4.01 Transitional - click here to check it!
This page contains a valid CSS - click here to check it!

 

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group