Jump to content

Issue With Serps


Recommended Posts

Yeah I just found another location on the server the injected code was hiding in, and tore it out of there...

I have gone through every directory now and have made notes on the changed files and where they are, etc... so I will continue to check the entire directory every 24 hours for the next few nights and see if we get a file changed again. I had already reset all the passwords, etc to access the server so once I get the last remnants of the attack off the server we'll be good again.

This was ONLY a 'server code' attack, and NOT a database or content attack... no information about AA members/passwords/emails/etc was compromised as the database is on a completely different access. All this malware does is send you to a different website once in a while when you are flagged as 'new to the site' ie. coming from a search engine, etc. That's why typically using links, favourites, or bookmarks should not affect you. In the 11 years I have been handling this site this is by far the worst thing that's happened here and frankly, it could be SO much worse!! We're truly blessed! hahah

Link to comment
Share on other sites

  • 3 months later...

Technically... neither. It's an issue that crept into the hosting server through what I believe to be a vulnerability in our previous banner software. It's a replicating virus that I am continuing to battle - quite literally as we speak at this very moment! The host says it's my problem to deal with since I 'allowed' the security hole, the banner software people say it's not their problem because the little virus is not actually messing with their software and Invision says it's not their problem because it's not their server... even though the virus is changing the code in one of the Invision files every 48 hours or so.

So at this point I have basically stripped AA down to the bare bones, wiped and reinstalled everything from 'fresh' files and have gone through each and every folder so many times looking for replications I'm dizzy. I've found more then 300 files now, and it's exhausting. This virus is not 'supposed' to replicate... I'm supposed to have found the changed file, find the file that changes the file, and eradicate them both... but this is a 'new' variant... it's being difficult. And there's no real option for me to run an 'antivirus' on the server.

I have a few more tricks up my sleeve to try, and have just made some changes that I hope will stop it. Time will tell! If nothing else works I'll just back up the database, and move our hosting to a fresh server and reinstall everything from scratch. While the database uploads (takes a couple hours!) I can go through the uploads folders and make sure that's clean since it would be the only thing retained other than the posts/messages/users.

Fun, huh?? Glad I have a full time business to run during the day - otherwise I might be bored.

Link to comment
Share on other sites

  • 3 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...