Hacker attack
The second half of today has been frustrating and time wasting. Alpine Shire Community Forum was hacked into last night and a malicious worm was installed. People viewing the site this morning with Internet Explorer received error messages and anti-virus warnings.
I’ve got no idea why the site was hacked or by whom.
The site loaded with a trustbid.ws javascript code in IE. Viewing the page in IE also showed a cookie for vxiframe.biz and triggered anti-virus software into action. It took me a while to notice it because there were no problems using Firefox.
Viewing the index page source in Firefox showed:
(iframe width=”1″ height=”1″ src=”http: //www. trustbid.ws”) in the bottom right-hand corner, outside the html.
I had to shut down the site immediately because of the infection risk. I contacted my web host and they were co-operative, but unable to identify the cause beyond suggesting it might be a database attack.
I had checked all the template files, index files, headers and footers, so the theory sounded plausible.
I installed Xoops in another directory, calling to the main database, and bingo! the problem still existed, when it shouldn’t have done if it weren’t the database.
Finding it in the database wasn’t easy. There are 120 tables and thousands of words. I eventually searched for java and found all references in one table. I deleted the table and re-created it.
That appears to have fixed the problem. It took hours though and I’m not impressed.
The site is community based and its fairly new. Someone must be pretty twisted to want to sabotage it. Scarily, they must have cracked my password as well to get into the database.
I’ve had to change all passwords related to that site, which just makes something else to remember.
These articles might be of interest:
Well that’s just plain rotten! You did a great job of sorting it out so quickly, though!