ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site

This is a discussion on ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site within the Forum News, Feedback, Problems & Comments forums, part of the DefensiveCarry.com Forum Office category; Originally Posted by kahman Hey guys, I run usacarry.com and also had this hack. I've fixed it for now. Whoever is a moderator just needs ...

Page 9 of 11 FirstFirst ... 567891011 LastLast
Results 121 to 135 of 161

Thread: ATTN: Webmaster/Everyone - Suspicious/Malicious content from this site

  1. #121
    Member Array kahman's Avatar
    Join Date
    Jan 2007
    Location
    Tampa, FL
    Posts
    107
    Quote Originally Posted by kahman View Post
    Hey guys, I run usacarry.com and also had this hack. I've fixed it for now. Whoever is a moderator just needs to remove that iframe from the header template in vbulletin. Feel free to contact me if you need any help with this site admins.
    Looks like they exploited vbulletin sites using Tapatalk. Here is a post about it on another site.
    Prius Chat Virus Warning - Page 7 - PriusChat Forums

    I have removed Tapatalk from usacarry.com.

    I still see the iframe in the code here. All someone needs to do is remove it.
    USA Carry - Concealed Carry Information, Reciprocity Maps, News & Articles, Forums, Directory and more!

  2. Remove Ads

  3. #122
    Member Array swatspyder's Avatar
    Join Date
    May 2009
    Location
    Washington
    Posts
    157
    Quote Originally Posted by kahman View Post
    Looks like they exploited vbulletin sites using Tapatalk. Here is a post about it on another site.
    Prius Chat Virus Warning - Page 7 - PriusChat Forums

    I have removed Tapatalk from usacarry.com.

    I still see the iframe in the code here. All someone needs to do is remove it.
    There needs to be more checking going on other than just removing it from the header template. They need to go through and set all file/folder permissions to 644 if they are not and check their .htaccess file for information that has been changed and then admins and mods need to change their passwords.

  4. #123
    DC Founder
    Array Bumper's Avatar
    Join Date
    May 2004
    Location
    Missouri
    Posts
    20,045
    Quote Originally Posted by swatspyder View Post
    There needs to be more checking going on other than just removing it from the header template. They need to go through and set all file/folder permissions to 644 if they are not and check their .htaccess file for information that has been changed and then admins and mods need to change their passwords.
    This is correct. I checked .htaccess last night but failed to check forum permissions. They were, though, set to vbulletin's suggested settings. I believe the problem that enabled the code to return is that I had not replaced the vbulletin_global.js, the java script that was loading the code. I have removed all of the suspect code, completed the current vBulletin upgrade (which replaced all of the scripts) and double checked everything. I also completely removed TapaTalk and about a half dozen of our modification scripts that were not being used anymore.

    I appreciate everyone's emails and PMs regarding this problem, which are too numerous to respond to. I'm keeping my fingers crossed but should this problem return I would strongly suggest that you PM or email me (not all of you, please) and then log off of the forum. It appears this code is not really accomplishing everything it is trying to do but it's not worth taking the chance with. I am going to be in and out of my office so I cannot be here to monitor the situation 24/7.
    Bumper
    Coimhéad fearg fhear na foighde; Beware the anger of a patient man.

  5. #124
    Member Array kahman's Avatar
    Join Date
    Jan 2007
    Location
    Tampa, FL
    Posts
    107
    Quote Originally Posted by swatspyder View Post
    There needs to be more checking going on other than just removing it from the header template. They need to go through and set all file/folder permissions to 644 if they are not and check their .htaccess file for information that has been changed and then admins and mods need to change their passwords.
    Thanks. I'm having my server admin check my file permissions now as well. I had checked htaccess and changes admin passes. Hopefully this keeps them out.
    USA Carry - Concealed Carry Information, Reciprocity Maps, News & Articles, Forums, Directory and more!

  6. #125
    Distinguished Member Array SpringerXD's Avatar
    Join Date
    Nov 2007
    Location
    Southeast
    Posts
    1,971
    Three cheers for Bumper! I'm also a webmaster and I can appreciate how sticky these issues can be.

    "I practice the ancient art of Klik Pao."

    -miklcolt45

  7. #126
    Member Array KWAG's Avatar
    Join Date
    Apr 2010
    Location
    Mississippi
    Posts
    197

    Smile

    an I thought yall didnt want me hangin out with yall !

  8. #127
    Moderator
    Array Bark'n's Avatar
    Join Date
    Apr 2007
    Location
    West Central Missouri
    Posts
    9,917
    -Bark'n
    Semper Fi


    "The gun is the great equalizer... For it is the gun, that allows the meek to repel the monsters; Whom are bigger, stronger and without conscience, prey on those who without one, would surely perish."

  9. #128
    VIP Member Array SpencerB's Avatar
    Join Date
    Feb 2010
    Location
    Fort Bliss, Texas/Mesa, Arizona
    Posts
    4,301
    all this computer stuff makes me scratch my noggin

  10. #129
    Member Array Judo's Avatar
    Join Date
    Jul 2009
    Location
    Pittsburgh, PA
    Posts
    54

    Removing tapatalk from phone

    I wondered what the heck was happening. I went to use Tapatalk for this forum and USACarry. Says that the administrators disabled Tapatalk. I had no idea it was causing so many problems. I just installed Tapatalk two weeks ago on my Droid phone. Good thing I only paid 2.99 for it. UNINSTALL before I have problems too.

  11. #130
    Member Array lordhamster's Avatar
    Join Date
    Feb 2010
    Location
    Ohio
    Posts
    381
    Anyone else on chrome have the thing "auto download" something yesterday without your permission? I found that part disturbing. The popup in some other browsers doesn't bother me nearly as much.

  12. #131
    VIP Member
    Array DaveH's Avatar
    Join Date
    Feb 2008
    Location
    SW Virginia
    Posts
    5,036

    Thank you!

    Quote Originally Posted by Bumper View Post
    ....
    I appreciate everyone's emails and PMs regarding this problem, which are too numerous to respond to....
    Never expected an individual response! Just sent the message, hoping that the behavior on IE using Webroot Internet Security Esencials might provide a clue, to someone far more knowledgeable than I.

    Thanks for all your work.

    Not just with this problem, but all your work in providing this site.

    I was having real withdrawal symptoms.
    Μολὼν λαβέ

    I'm just one root in a grassroots organization. No one should assume that I speak for the VCDL.

    I am neither an attorney-at-law nor I do play one on television or on the internet. No one should assumes my opinion is legal advice.

    Veni, Vidi, Velcro

  13. #132
    VIP Member Array dukalmighty's Avatar
    Join Date
    Feb 2008
    Location
    texas
    Posts
    15,177

    Virus

    My computer got the virus yesterday and I could not log into DC until my computer was repaired
    "Outside of the killings, Washington has one of the lowest crime rates in the country,"
    --Mayor Marion Barry, Washington , DC .

  14. #133
    Senior Member Array dunndw's Avatar
    Join Date
    Jul 2006
    Location
    Nashville
    Posts
    1,123
    Is tapatalk the vector?
    "If I was an extremist, our founding fathers would all be extremists," he said. "Without them, we wouldn't have our independence. We'd be a disarmed British system of feudal subjectivity."

  15. #134
    VIP Member
    Array GunnyBunny's Avatar
    Join Date
    Apr 2007
    Location
    Victoria, B.C.
    Posts
    3,911
    All's good here now!!

    Thanks Bumper!!
    CCW permit holder for Idaho, Utah, Pennsylvania, Maine and New Hampshire. I can carry in your country but not my own.

  16. #135
    Member Array Bald1's Avatar
    Join Date
    Jun 2010
    Location
    Black Hills of S. Dakota
    Posts
    65
    Quote Originally Posted by DaveH View Post
    Never expected an individual response! Just sent the message, hoping that the behavior on IE using Webroot Internet Security Esencials might provide a clue, to someone far more knowledgeable than I.

    Thanks for all your work.

    Not just with this problem, but all your work in providing this site.

    I was having real withdrawal symptoms.
    +1. Absolutely concur. Kudos to ALCON that had to deal with this mess!!!!

Page 9 of 11 FirstFirst ... 567891011 LastLast

Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Loudoun malicious wounding suspect possibly caught...
    By packinnova in forum In the News: The Good, the Bad and the Ugly
    Replies: 1
    Last Post: January 11th, 2011, 12:10 AM
  2. I'm always suspicious...
    By ctsketch in forum Home (And Away From Home) Defense Discussion
    Replies: 27
    Last Post: May 27th, 2010, 10:37 PM
  3. Charged with burglary and malicious wounding and still on the street???
    By DaveH in forum In the News: The Good, the Bad and the Ugly
    Replies: 1
    Last Post: August 26th, 2009, 10:46 AM
  4. William Steele Jr: guilty of aggravated malicious wounding
    By DaveH in forum Law Enforcement, Military & Homeland Security Discussion
    Replies: 8
    Last Post: February 9th, 2009, 06:41 PM
  5. Suspicious Character!
    By Phil Elmore in forum Off Topic & Humor Discussion
    Replies: 11
    Last Post: March 26th, 2006, 09:44 PM

Search tags for this page

73.102.216.1

,
a website with suspicious or malicious content
,
hacked webmaster at bersa.com
,
malicious or suspicious user agents
,
marion lawyer jav
,

suspicious mozilla user-agent typo

,

tapatalk vbseo .htaccess

,

tracert 73.102.216.1

Click on a term to search for related topics.