 | ||||
| ||||
| | ||||
| ||||
| Welcome to the UltraBB public support forum! Did you know there is an inexpensive totally integrated gallery available for UltraBB? Read more here: Gallery Details |
| Moderated by: Fake Mod | Page:   1 2 3 4 5   |
|
|||||||||||||
| Problems, please read. | Rate Topic |
| Author | Post |
|---|
| Posted: Wed Dec 23rd, 2009 10:43 pm |
|
61st Post |
|
bhyder License holder 
|
its got me to robert. i want to know if anyone can tell me how to turn off my forum through cpanel ? at least until jim gets all this fixed up. what bothers me more is from what im getting with avast, it now seems anyone who logs onto chatter would pick up the virus. this is the warning im now getting when i try to pull up chatter.  i know jim has a lot going on and is busy. so if anyone can help me with turning off my forum through cpanel, please give me a shout.
|
||||||||||||||
| |||||||||||||||
| Posted: Wed Dec 23rd, 2009 10:45 pm |
|
62nd Post |
|
Robert Member 
|
That's the same Trojan that's got hold of me and I don't know what to do. Is it possibler for Avast to make a scan of the whole forum and get rid of the problem. I keep scanning the computer but no results. Last edited on Wed Dec 23rd, 2009 10:46 pm by Robert |
|||||||||||||
| ||||||||||||||
| Posted: Wed Dec 23rd, 2009 10:55 pm |
|
63rd Post |
|
bhyder License holder
|
im not sure robert im kinda new to all of this so i depend on the support team here. im like you i have scanned my comp- several times and come up with a clean slate. iv ran avast/ spybot 1.6.2.0 system protector 1.6.6.32 / and iv also ran symantec anti virus. idk what to do but wait. and im sure and have faith that things in time will return to normal.
|
||||||||||||||
| |||||||||||||||
| Posted: Wed Dec 23rd, 2009 11:07 pm |
|
64th Post |
|
John Floyd License Holder 
|
Hopefully Jim will be back Home Soon, poor guy has worked for days already, but as long as Avast keeps blocking it, Your Computer isn't getting infected, Its on the Server and it keeps bouncing around on the server, it appears to me. It has to be cleaned at that level. If you have a link to a post in an email, then you can probably get in your board go to the bottom of the page and get to the admin panel that way and turn your board off, I did mine that way. Then I realized if I could get into the admin panel, then I could send a mass email warning my members to avoid the site until further notice, which I did. It Looks like the Index.php file is the one getting infected or one of the initial startup files. John
|
|||||||||||||
| ||||||||||||||
| Posted: Wed Dec 23rd, 2009 11:25 pm |
|
65th Post |
|
John Floyd License Holder
|
Since I Changed my Password and I have a Very Secure one, Right now not even Jim Knows it and I haven't attempted to log in to FTP since Jim Last Cleaned my Site. So Far I have been up for a couple of days now. #1 You have to change your FTP password to a secure one. #2 Jim Has To Clean Your Site. #3 Don't attempt to log in to your site FTP until a method of blocking This Trojan is figured out. Right now all that has been done is clean, There have been no prevention Steps taken. Just my take on all of this John
|
||||||||||||||
| |||||||||||||||
| Posted: Wed Dec 23rd, 2009 11:43 pm |
|
66th Post |
|
John Floyd License Holder
|
I Wanted To Add Don't Panic! You can't Scan Your Site From Your Computer! Just Sit Tight Until Jim Is Back! It appears that this will not get any worse if you do nothing, Just use Avast and it will Block your computer from logging in to your site if it is infected. There is no danger to your computer if it doesn't log in to an infected site. Don't Tinker or Log in Thru your FTP. Let Jim Handle it and Follow his instructions about Changing Your FTP Password. There has yet to be a Fix Determined and applied to Block this Trojan From getting into the sites. Until this is done we are in for a rough ride. John
|
|||||||||||||
| ||||||||||||||
| Posted: Wed Dec 23rd, 2009 11:47 pm |
|
67th Post |
|
Robert Member
|
Jim has already changed my FTP password for me and now I have reached the stage where I can't access my site at all, even through saved PM's and e-mails.
|
||||||||||||||
| |||||||||||||||
| Posted: Wed Dec 23rd, 2009 11:53 pm |
|
68th Post |
|
sol Member
|
Bob, I see you as being on-line in YMR now.
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 12:17 am |
|
69th Post |
|
sol Member
|
I have just been advised that another YMR member ( the forum that Robert is the owner of) using Avast had a Trojan virus & according to Avast it came from Yourmodelrailway. It did kill his PC & fortunately for him, his son is a IT person who manged to get 90 odd % back. Again, with the exception of the header mising, I have had no problems , only going to Chickenchatter , in using ESET NOD32. So is Avast casuing the problem?
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 12:35 am |
|
70th Post |
|
John Floyd License Holder
|
Sol I don't think so, but you can never be sure, I have also scanned Using Malware-bytes Anti Malware and Super anti-Spyware in addition to Avast and The only difference Is that I haven't been to any of the sites you guys mentioned. The Infection is definitely on the servers and if your computer is blocked from going to those sites that are infected, then it doesn't appear that your computer will get infected. My main question is did the person that sufered the damage have Avast registered and was the 7 main scanners in avast up and running. This can be determined by looking in the system tray and see if there is a blue ball with an "A" rotating around at times. My next door neighbor thought he had Avast on his computer, but he never registered it, thus not activating it. When I asked him if he had registered it, he said "Oh I didn't want to do that, its not necessary" My neighbor is Just another self proclaimed expert that knows ot all, just ask him  You can't help people like that. John
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 12:39 am |
|
71st Post |
|
Jim I work here 
|
I'm back. Looks like there are still some problems. Bob I have no idea how they are getting to yours yet, looking now. You too Johnny
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 12:46 am |
|
72nd Post |
|
martin_wynne Licence Holder 
|
John Floyd wrote: #1 You have to change your FTP password to a secure one. Hi John, Bob, Before changing your FTP password, it's a good idea to check for any current FTP sessions and disconnect them if any found -- Gumblar may be online to your site right now.  In cPanel, go to Files > FTP Session Control and disconnect any live sessions. Changing your FTP password will also change your cPanel password -- so write it down before you enter it! When your browser asks if you want it to be remembered, say no until these problems have been fixed. And until then, don't use any of your FTP software -- use cPanel only. regards, Martin.
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 01:01 am |
|
73rd Post |
|
Jim I work here
|
NEW INFO Evidently it attacks the stats also. /tmp/webalizer/ Didn't know this, sorry. Looking at your stats in your cpanel could infect you till I clean it. What a freaking mess.
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 01:10 am |
|
74th Post |
|
gandalf42 Part time wizard... 
|
I just discovered my site was hit. I'm not really sure when it happened and it seems localized to one host provider as none of my other sites got whacked. It's less problematic for me, since I was planning on transferring my forum license to a new site (I can just reinstall). Even though the removal of the infection (per file) is very simple.. you just have so many files to process that it can be a _real_ pain. Glad to hear Jim is on top of things- in the form of a recursive script to scrub the files. As to protection on the PC side of things, I highly recommend MalwareBytes. Be sure and register the program, enter your code and turn on active protection. This will block redirects to sites known to spread this (and other) scripts. It's also a safe way to see if one of your sites gets hit. -Chip Last edited on Thu Dec 24th, 2009 01:11 am by gandalf42 |
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 01:22 am |
|
75th Post |
|
John Floyd License Holder
|
I did look at mine just before I got infected.
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 01:24 am |
|
76th Post |
|
DPorter Old Dude 
|
I had noticed a couple days ago that my forum http://eddycountynews.com had been acting odd. Using transitions that I had not inserted into the code. After reading this article I did a "View Source" on my sites. I also used http://www.unmaskparasites.com/ to check the coding. I noticed and extra "Script" in the coding that did not belong there. Now just to put this in perspective I have a different host server located out of Phoenix. I replaced the files that Jim recommended and the site was back to normal. I used my unix computer to change the passwords for FTP as well as the database, changing the config.php file in the forum to correspond with the password change. That was yesterday at 5:00 pm. This morning at 5:30 am the site was infected again with the same code. I made the changes and changed the paswords again. Now I use CoreFTP Lite to upload and the computer I normally use to make website changes runs Win XP Media. By 9:00 am the site was infected again grrrrrrrrumblar gonna get my goat. So I deleted all passwords on my two remaining windows computers used my unix computer and changed all the passwords again. I then reset the core FTP Lite to "not save passwords" By this evening all is well. Now from what I can tell this forum software does not infect other computers, I ran off site virus scans to both windows XP Media computers and they are not infected, so I am unsure how the passwords got out. The odd thing is my second forum is also ultraBB and it was never infected, go figure. However running the test from the online service above it show my server has been infected on other sites. I called them and they are going to look into it. I have to give Jim great Kudos, without his letting us all know there was a problem I never wouyld have caught it as we don't host with him. Not that I wouldn't but I have had the same server for 9 years and with 22 gigs of webspace and over 150,000 files that is a lot to move. So I bow gracefully to Jim and all his efforts and thank him for his help.
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 01:47 am |
|
77th Post |
|
Jim I work here
|
gandalf42 wrote: I just discovered my site was hit. I'm not really sure when it happened and it seems localized to one host provider as none of my other sites got whacked. It's less problematic for me, since I was planning on transferring my forum license to a new site (I can just reinstall). Even though the removal of the infection (per file) is very simple.. you just have so many files to process that it can be a _real_ pain. Malware bytes is great IMO BTW. Funny thing, the recursive script to remove the virus gets detected as a virus when you scan a computer with it on it. It freaked Di out 2 days ago. It contains a sample of the virus string that it has to have in order to know what to strip. Advanced crap.
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 09:59 am |
|
78th Post |
|
Robert Member
|
You must have been very busy overnight Jim as this morning my forum seems to be working normally with everything restored as it should be. I can't thank you enough for your efforts on my members behalf because when it came to the point where I couldn't access my own forum then panic stations really cut in as I hadn't a clue what was going on. I can't imagine what it must be like for you carrying the responsibility of trying to keep thousands of people happy and protecting them and their members from what seems horrible situations. I'm sure I speak for all members when I express my gratitude and I wish you and your family all the very best for Christmas and the new year and may your business continue to be a success.
|
|||||||||||||
| ||||||||||||||
| Posted: Thu Dec 24th, 2009 10:41 am |
|
79th Post |
|
John Floyd License Holder
|
I echo Your Appreciation Robert and I can so no reason Why anyone should lose faith in Ultrabb, Data1 Systems Hosting or Jim Hale. Its Still the best Customer Service in the World, Bar None. John
|
||||||||||||||
| |||||||||||||||
| Posted: Thu Dec 24th, 2009 11:25 am |
|
80th Post |
|
Jim I work here
|
Robert wrote: You must have been very busy overnight Jim as this morning my forum seems to be working normally with everything restored as it should be. I can't thank you enough for your efforts on my members behalf because when it came to the point where I couldn't access my own forum then panic stations really cut in as I hadn't a clue what was going on. LOL @ thousands  It's just hundreds at this point Bob but thank you for the kind words.And of course you also John. Always remember, if it were not for the customers there would be no Data 1. Thank you all-
|
|||||||||||||
| ||||||||||||||
| Current time is 10:39 am | Page: 1 2 3 4 5 |
| UltraBB Forums > UltraBB > Troubleshooting > Problems, please read. | Top |
 |
