1. Guest - Remember that Thread Prefixes are a search tool! Click on a Thread Prefix and all threads with the same Prefix in that forum will be offered to you. To dismiss this notice click on X >>>
    Dismiss Notice
  2. Our gif only content threads have a rule where all thumbs must be posted as a static thumbnail that does not play. Currently imagebam made a change where they no longer produce static thumbs. Therefore, please do not use imagebam, or any host, that provides live playing gifs in those specific threads. If you see your gif playing once you post, try to use a smaller thumbnail and if that does not work use a different approved host.
    Dismiss Notice
  3. Can't Log-in?. If your password is no longer accepted but the email address registered in your profile is working, use the "Forgot Your Password?" routine. However, if your registered email address is unusable, create a new temporary phun account and contact S-type.
    Dismiss Notice
  4. ATTN: Imagehost picpie is infected with the "internet security warning" redirect that tries to take users hostage with an inescapable redirect. Avoid using picpie as an imagehost.
    Dismiss Notice
  5. Too many Alerts? Why not adjust your "Alert Preferences" in your Profile Page?
    Dismiss Notice

Malware Warning

Discussion in 'About phun.org' started by cayne, Sep 17, 2012.

  1. robo99

    robo99 passing thru ★ ★ ☆ ☆ ☆

    Joined:
    Oct 20, 2008
    Messages:
    10,718
    Likes Received:
    15,088
    Do not kick a hornet's nest. This is the only thread I've clicked on since it all started. I love phun but do not want a virus so am not opening threads except this. Quit while you're ahead.
     
    Ramsfan and JDoeson69 like this.
  2. darkfido

    darkfido

    Joined:
    Oct 29, 2009
    Messages:
    403
    Likes Received:
    967
    I dont know who is in charge of Phun.And i dont know he/she isn't just sitting on his/her finger.Apart from "cayne" it's the only person iv seen giving us updates.
     
  3. cayne

    cayne Guest

    And now if you add 1 and 1 together, you maybe find out who's in charge :)
     
    Ramsfan and JDoeson69 like this.
  4. darkfido

    darkfido

    Joined:
    Oct 29, 2009
    Messages:
    403
    Likes Received:
    967
    If you are in charge Cayne.I really hope you get Phun back up and running quickly.It's my fav forum.
     
  5. cayne

    cayne Guest

    You got it!

    Oh and well, Google loves us. AGAIN!

    Came in 5 minutes ago.

    God damn, I hope this shit never comes back!
     
    Ramsfan, Magge, p0rnstar82 and 2 others like this.
  6. whoswho

    whoswho

    Joined:
    Sep 13, 2009
    Messages:
    95
    Likes Received:
    92
    @cayne, just for curiosity - what was the specific injection this time? A user sig?
     
  7. z0diac

    z0diac

    Joined:
    Jun 15, 2008
    Messages:
    78
    Likes Received:
    694
    ADMIN: If you're running Plesk as your control panel I can almost guarantee you that's how they're getting in. Certain versions of Plesk allow PUT commands over port 80 and they can directly put files into writable directories. From there the malware can infect your vBulletin's vbulletin_global.js , ajax.php ,etc... And if they got access through Plesk they could have all your passwords (anything that's stored in Plesk, meaning email, ftp, etc..) If you're not running Plesk then you can obviously ignore this entire msg :)
     
    Ramsfan and whoswho like this.
  8. JDoeson69

    JDoeson69 Phun's Faux-Canadian Ten Years of Phun

    Joined:
    Nov 20, 2009
    Messages:
    2,697
    Likes Received:
    1,555
    Well damn...I got hit by a drive-by virus from a webpage 2 days ago...I was trying to figure out where it came from. I think I found the source: phun. :-/ It was the "FBI has detected child porn on your computer. To avoid jail time, you must pay them $200 via a prepaid card from WalMart" malware, locked up the whole screen; I had to boot in safemode and run anti-malware to get rid of it...was relatively nasty.

    Best of luck getting it all sorted out, Cayne and mod staff!
     
    Ramsfan likes this.
  9. juggs.world

    juggs.world Juggling Big Boobs ★ ★ ★ ★ ☆ Ten Years of Phun

    Joined:
    Dec 24, 2007
    Messages:
    4,090
    Likes Received:
    80,372
    Still getting those Malware warnings when I try to log in from Chrome. But when I checked the website on McAfee SiteAdvisor, the results were normal. This is the exact message I got after the scan for forum.phun.org ---- "We tested this site and didn't find any significant problems". So hopefully everything is back to normal, as Cayne mentioned above.

    Just hope Google gets its act together & gives us back our favorite forum!
     
  10. trolha555

    trolha555 ★ ☆ ☆ ☆ ☆ 15 Year Member

    Joined:
    Feb 21, 2008
    Messages:
    3,522
    Likes Received:
    9,457
    No warnings for me with Chrome!
     
  11. muletin

    muletin

    Joined:
    Apr 21, 2007
    Messages:
    2
    Likes Received:
    1
    When *not* logged in, I see that there is a script from cmsmadesimple.org injecting a 1x1 iframe to a russian site... never noticed it before and seems kind of suspicious...
     
  12. cayne

    cayne Guest

    Yeah, that was in inject. I removed it. But I don't understand how no malware check (besides the AV software) found it. Scan the site with three different scan pages, with no result.

    Thanks a lot for the heads-up!!
     
  13. muletin

    muletin

    Joined:
    Apr 21, 2007
    Messages:
    2
    Likes Received:
    1
    Checking the russian site manually I only found what seemed to be various counters (but it was not a thorough check), so maybe that's why no scanner recognized it. Still dangerous ofc, if they decide to change the code delivered. So it's good that it was removed ;)

    /e: still seems to be around though...
     
  14. cayne

    cayne Guest

    Yes, there seems to be script hidden, that re-injects the code after you remove it. Quite the pain in the ass, but the techs are on it and will find out, how it got there. But thanks again for the heads-up!
     
  15. cayne

    cayne Guest

    It should be gone for good now. They used a different domain, running on the same server to install this crap, but the whole CMS of the other domain is being disabled now.
     
  16. robo99

    robo99 passing thru ★ ★ ☆ ☆ ☆

    Joined:
    Oct 20, 2008
    Messages:
    10,718
    Likes Received:
    15,088
    it's pretty amazing this is the only security breach in 7 years
     
    JDoeson69 and Ramsfan like this.
  17. iCeleb

    iCeleb ★ ☆ ☆ ☆ ☆

    Joined:
    Feb 25, 2012
    Messages:
    550
    Likes Received:
    8,585
    s u p e r i o r p i c s is now under attack ... these 'guys' may be going after all celeb pic sites by exploiting image hosting vulnerabilities ??? ... fyi
     
  18. Damocles

    Damocles

    Joined:
    Jun 9, 2009
    Messages:
    700
    Likes Received:
    518
    Just to let people know, I just got a Malware warning when trying to visit ImageBam. Firefox and my AV software stopped it but be aware.

    It looks like it might be the same attack that Phun was under hidden in the iframe.
     
  19. Cold As Ice

    Cold As Ice Master of Solid Water Ten Years of Phun

    Joined:
    Sep 24, 2005
    Messages:
    143,078
    Likes Received:
    73,958
    I just went to www.imagebam.com but no malware warning
     
  20. Damocles

    Damocles

    Joined:
    Jun 9, 2009
    Messages:
    700
    Likes Received:
    518
    It's not on the main page, but it pops up every time I've tried to view a linked image posted on phun.
     

Share This Page