fatpuffer Posted February 28, 2016 Report Share Posted February 28, 2016 Sorry tanker...URLs info started popping this am for me. Quote Link to comment Share on other sites More sharing options...
Tanker Posted February 29, 2016 Report Share Posted February 29, 2016 Yeah I just found another location on the server the injected code was hiding in, and tore it out of there... I have gone through every directory now and have made notes on the changed files and where they are, etc... so I will continue to check the entire directory every 24 hours for the next few nights and see if we get a file changed again. I had already reset all the passwords, etc to access the server so once I get the last remnants of the attack off the server we'll be good again. This was ONLY a 'server code' attack, and NOT a database or content attack... no information about AA members/passwords/emails/etc was compromised as the database is on a completely different access. All this malware does is send you to a different website once in a while when you are flagged as 'new to the site' ie. coming from a search engine, etc. That's why typically using links, favourites, or bookmarks should not affect you. In the 11 years I have been handling this site this is by far the worst thing that's happened here and frankly, it could be SO much worse!! We're truly blessed! hahah Quote Link to comment Share on other sites More sharing options...
jumpsmasher Posted June 9, 2016 Report Share Posted June 9, 2016 hmm... stilling get the http://url4short.info/ redirect when i provide ppl with links to AA Quote Link to comment Share on other sites More sharing options...
Tanker Posted June 9, 2016 Report Share Posted June 9, 2016 Yeah... just rescanned and found that there's one little PITA file that creeped back in... off I go to scour the %&*(*%#@ server again... Sigh. Quote Link to comment Share on other sites More sharing options...
ckmullin Posted June 9, 2016 Report Share Posted June 9, 2016 Is this an IP Board issue or an issue of their customers? Quote Link to comment Share on other sites More sharing options...
Tanker Posted June 14, 2016 Report Share Posted June 14, 2016 Technically... neither. It's an issue that crept into the hosting server through what I believe to be a vulnerability in our previous banner software. It's a replicating virus that I am continuing to battle - quite literally as we speak at this very moment! The host says it's my problem to deal with since I 'allowed' the security hole, the banner software people say it's not their problem because the little virus is not actually messing with their software and Invision says it's not their problem because it's not their server... even though the virus is changing the code in one of the Invision files every 48 hours or so. So at this point I have basically stripped AA down to the bare bones, wiped and reinstalled everything from 'fresh' files and have gone through each and every folder so many times looking for replications I'm dizzy. I've found more then 300 files now, and it's exhausting. This virus is not 'supposed' to replicate... I'm supposed to have found the changed file, find the file that changes the file, and eradicate them both... but this is a 'new' variant... it's being difficult. And there's no real option for me to run an 'antivirus' on the server. I have a few more tricks up my sleeve to try, and have just made some changes that I hope will stop it. Time will tell! If nothing else works I'll just back up the database, and move our hosting to a fresh server and reinstall everything from scratch. While the database uploads (takes a couple hours!) I can go through the uploads folders and make sure that's clean since it would be the only thing retained other than the posts/messages/users. Fun, huh?? Glad I have a full time business to run during the day - otherwise I might be bored. Quote Link to comment Share on other sites More sharing options...
cjerrom Posted October 11, 2016 Report Share Posted October 11, 2016 God bless the IT people or we'd be in a whole lot of trouble!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.