The forum of the forums
Welcome to the Official Support Forum of Forumotion!

To take full advantage of everything offered by our forum, please log in if you are already a member, or join our community if you've not yet.



Create a free forum like this one.

Strange Code

View previous topic View next topic Go down

Pro Admin Strange Code

Post by DISTRACTION on September 28th 2011, 7:43 pm

This code..I found it on my javascript codes.Its not the first time.I found it Weeks ago 2-3 times on a new javascript page name:dont delete Now I found it in my javascript code.

Question


Last edited by MrMario on October 7th 2011, 5:54 am; edited 1 time in total (Reason for editing : code removed ~ mario)

DISTRACTION
Forumember

Male Posts : 77
Reputation : 0
Language : Greek,English,German HTML,Javascript
Location : Rhodes

http://thedestroyers.forumw.biz

Back to top Go down

Pro Admin Re: Strange Code

Post by Nera. on September 28th 2011, 7:46 pm

Do you have an other admin who might have added it?

Nera.
Energetic

Female Posts : 7077
Reputation : 2013
Language : English
Location : -

http://webartzforum.com

Back to top Go down

Pro Admin Re: Strange Code

Post by DISTRACTION on September 28th 2011, 7:50 pm

I have two other admins but they would never do this...and in Admin CP doesnt shows anything that have to do something with it.

DISTRACTION
Forumember

Male Posts : 77
Reputation : 0
Language : Greek,English,German HTML,Javascript
Location : Rhodes

http://thedestroyers.forumw.biz

Back to top Go down

Pro Admin Re: Strange Code

Post by Guest on September 28th 2011, 8:22 pm

You should find out who put this on your board. Look at the timestamp on the script, then go to your admin logs (ACP>General>Security) to see who did it.

After you get the timestamp information and check your logs, deactivate the script by removing all checkmarks at the top, then click Save. DO NOT delete the script...save it for evidence.

Guest
Guest


Back to top Go down

Pro Admin Re: Strange Code

Post by kirk on September 29th 2011, 4:00 am

well i would not leave it on the scripts page if you dont know what it is or what it's supposed to be doing??

kirk
Forumaster

Male Posts : 11037
Reputation : 651
Language : English,Vulcan,Klingon, Romulan,& Gorn

Back to top Go down

Pro Admin nfl cheap ersey

Post by zzkk201110 on September 29th 2011, 10:18 am

Spamm > Banned

zzkk201110
New Member

Posts : 1
Reputation : 1
Language : english

Back to top Go down

Pro Admin Re: Strange Code

Post by DISTRACTION on October 4th 2011, 5:55 pm

I am really sorry to saying this but 'Yes' Forummotion is hackable.
Do you remember my old post here-->http://help.forumotion.com/t97126-hack-on-forumotion-sites?? Well,that hacker can access my Site with my account and the rest Admins no matter,and we changed Passwords hundred times.He hacked my friend's Site lately--> http://ipclan.forumakers.com/

And that code dontdelete..he never stop adding it.

DISTRACTION
Forumember

Male Posts : 77
Reputation : 0
Language : Greek,English,German HTML,Javascript
Location : Rhodes

http://thedestroyers.forumw.biz

Back to top Go down

Pro Admin Re: Strange Code

Post by MrMario on October 5th 2011, 1:12 am

I'm going to contact Godfather about this. Please keep an eye out for this topic if possible.

MrMario
Helper
Helper

Male Posts : 22186
Reputation : 1830
Language : test

http://test.com

Back to top Go down

Pro Admin Re: Strange Code

Post by musket on October 5th 2011, 1:27 pm

Hackers can get your passwords or other information from your PC keyboard entries, if your PC gets infected with a 'Keylogger' I advise you scan your PC with Malewarebytes or other recommended spyware eliminator software.

musket
Helper
Helper

Male Posts : 1130
Reputation : 131
Language : English
Location : Northern Ireland

http://hemmingsdaman2.forumotion.co.uk/

Back to top Go down

Pro Admin Re: Strange Code

Post by DISTRACTION on October 6th 2011, 2:50 pm

Damn it...he keeps log in my account and add that code again.

DISTRACTION
Forumember

Male Posts : 77
Reputation : 0
Language : Greek,English,German HTML,Javascript
Location : Rhodes

http://thedestroyers.forumw.biz

Back to top Go down

Pro Admin Re: Strange Code

Post by Sanket on October 6th 2011, 2:58 pm

Rideem3 wrote:Also, did you do what Dion said?
@dion wrote:You should find out who put this on your board. Look at the timestamp on the script, then go to your admin logs (ACP>General>Security) to see who did it.

After you get the timestamp information and check your logs, deactivate the script by removing all checkmarks at the top, then click Save. DO NOT delete the script...save it for evidence.

Check to see who made the last adjustment to java management.

Why are you not giving us information on what dion has asked?

Sanket
ForumGuru

Male Posts : 48766
Reputation : 2819
Language : English
Location : Mumbai

http://webartzforum.com

Back to top Go down

Pro Admin Re: Strange Code

Post by Guest on October 6th 2011, 6:49 pm

I'll only add, for now, that this isn't a forumotion problem. You would be having this same problem even if you had your own site running vBulletin.


Guest
Guest


Back to top Go down

Pro Admin Re: Strange Code

Post by shadowz au on October 7th 2011, 2:49 am

@DISTRACTION wrote:Damn it...he keeps log in my account and add that code again.

demote/ban him

shadowz au
Forumember

Male Posts : 280
Reputation : 30
Language : Australia
Location : Sydney

http://tommyzserver.forummotion.com

Back to top Go down

Pro Admin Re: Strange Code

Post by DISTRACTION on October 9th 2011, 6:26 pm

@shadowz au wrote:
@DISTRACTION wrote:Damn it...he keeps log in my account and add that code again.

demote/ban him

Ha?? ban him he log in with my acc and the rest admins..and if you mean to ban his IP that wont work also because he simply change his IP when ever he want.

DISTRACTION
Forumember

Male Posts : 77
Reputation : 0
Language : Greek,English,German HTML,Javascript
Location : Rhodes

http://thedestroyers.forumw.biz

Back to top Go down

Pro Admin Re: Strange Code

Post by Base on October 9th 2011, 6:30 pm

I still don't understand why you haven't followed Dion's instructions and reported back to us:

@dion wrote:You should find out who put this on your board. Look at the timestamp on the script, then go to your admin logs (ACP>General>Security) to see who did it.

After you get the timestamp information and check your logs, deactivate the script by removing all checkmarks at the top, then click Save. DO NOT delete the script...save it for evidence.

Base
Forumaster

Male Posts : 10386
Reputation : 1687
Language : English and French
Location : United Kingdom, England

http://forumotionhub.net

Back to top Go down

Pro Admin Re: Strange Code

Post by Guest on October 9th 2011, 7:09 pm

OK, now that the code has been removed from the first post...

That script was sending your userID/password info to a third-party site. The accounts of every admin have been compromised. There is only one way to fix this, and only the founder (which I will assume is you) will be able to do it. Here's what you do:

Step ZERO: Unless you can contact them outside your board (email, text, voice, etc), do not alert your co-admins to what you are doing.

First, go to http://www.forumotion.com/en/utils and change the access password to something you have never used in the past. This is BY FAR your most important step, because it will keep your intruder from being able to undo what will happen next. If you cannot log in to the utilities (and I suspect this may be the case), send a PM to MrMario, and he will be able to reset the password for you.

At this point, log back into your board BUT DO NOT LOG OFF. It is critical that you remain logged in until you complete the rest of this task!!!!!

Once logged in, check the IP log on the ACP home page to see if anyone other than yourself is logged in with any of the admin accounts. If so, IP ban them. You can remove the IP ban once you complete the next two steps. Note: DO NOT IP BAN YOURSELF, but if you see more than one instance of your account logged in, IP ban the ones that are not you.

Now QUICKLY go to ACP>Users&Groups and remove all other admins from the administrator group. You will restore them later. This will keep your intruder from being able to use these accounts to access the ACP.

Now go back to the ACP homepage to see if your intruder has returned. If so, IP ban them AGAIN. Note: DO NOT IP BAN YOURSELF!

If not, QUICKLY go to your profile and change your board password to something you have never used in the past. At this point, as long as you remain logged in, your intruder no longer has access to your ACP. So now let's make it permanent.

Finally, go through your board THOROUGHLY and remove all scripts that you do not recognize. Check the javascript and HTML pages, the forum/portal widgets, the homepage message, the announcements, the site description, ranks, profile titles, forum titles and descriptions...EVERYWHERE. It is critical that you remove any trace of this rogue script.

Once you do this, remove the IP bans. You will now need to contact your co-admins and tell them what just happened. Also tell them that they must also reset their passwords to something they have never used in the past, and they will not regain admin access until they have confirmed that their passwords have been changed. DO NOT restore your co-admins to the administrator group until they have done this! If any one of them doesn't change their password, you are screwed, so this is important!!!

Your co-admins will be inconvenienced, but a short-term inconvenience is much better than what you have now.

Guest
Guest


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum