Danger: Malware (HELP)

wickedstangs

Well-known member
All,
When I go to one of my sites using Chrome i get this error page how can I fix it? Its running Vbulletin.
malware.webp
 
Is it a specific page? Because I don't get the same alert when I try to visit the front page.

EDIT: Oops, yes I do.
 
Arboristsite (221,390 Discussions 4,470,092 Messages 54,063 Members) got hacked on VB4 because they had not removed the install folder. The Hack persisted through several re-installs and eventually resulted in them converting to Xenforo.
 
Take your site offline, SSH in and search for any files which have been modified recently.
The following files have been modified in the past 3 days:

-----
/home/wmdracin

./mail/wmdracing.net/webmaster/tmp
./mail/wmdracing.net/webmaster/maildirsize
./mail/wmdracing.net/webmaster/new
./mail/wmdracing.net/webmaster/new/1391527103.H869844P19734.host.wickedstangs.com,S=59402
./mail/tmp
./mail/maildirsize
./mail/new
./mail/new/1391546401.H971214P14813.host.wickedstangs.com,S=2309
./mail/new/1391416862.H515557P21141.host.wickedstangs.com,S=1002
./mail/new/1391589662.H57157P7567.host.wickedstangs.com,S=1002
./mail/new/1391503261.H610025P22633.host.wickedstangs.com,S=1002
./mail/new/1391546405.H125313P14833.host.wickedstangs.com,S=2302
./clientscript/yui/uploader/assets
./clientscript/yui/uploader/assets/uploader.swf
./public_html
./public_html/index.php
./public_html/forum/clientscript/yui/uploader/assets
./public_html/forum/clientscript/yui/uploader/assets/uploader.swf
./public_html/google5c72b66b52db8ab1.html
./public_html/index.php.html
./tmp/awstats
./tmp/awstats/awstats.wmdracing.net.conf
./tmp/awstats/awstats022014.wmdracing.net.txt
./logs
./logs/ftp.wmdracing.net-ftp_log-Feb-2014.gz
-----

It looks like index.php was modified but after looking at it I do not see any obvious issues.
 
Then enable Proxy Images of XenForo 1.3.0 ;)
After just spending 4 hours cleaning up hot linked images that were dead links back to 2008 I am looking for a way to disable future IMG code while preserving any remaining ones. It just makes sense in the long term to host them yourself.
 
Top Bottom