Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
How can I remove information posted by hacker/scammer.
Prosper
✭✭
I noticed that Google marked my forum with the information - "This site may be hacked."
I logged in to Google Webmaster tool and fetched forum as Google and found out that viagra/cialis contents were hidden/posted on the forum. Please see attached screenshots. Please how can I remove the information? I have tried my best to trace the contents but could not. Could the contents come from installed or uninstalled plugin? Forum runs on version 2.1.11.
Tagged:
0
Comments
In all likelihood your server was hacked and the physical files are infected so you need replace all the files with fresh ones. As the payload script will be in them.
Often the payload is obscured using encoding such as base64, and often multiple layer of obfuscation, sometimes they have a "phone hone" script included.
However this doesn't mean you won't get reinfected.
One common vector is the persons with server or back-end access are themselves infected. Which is why it is important that everyone with access to the server get the latest Anti-virus updates and scan their computer. I mean every single device.
Also cheap host promote a system where file permissions are left open becuase they don't provide a way to do proper file management like ownership and groups. Therefore the scope of the infection can't be limited much, becuase most likely any malicious script has write access to many files, and even if they should people think they should chmod 777 everything.
So you need to take a holistic approach to harden your practices and server. I would say consult you host, but if you are on a cheap or mass appeal webhost the chance of getting someone knowledgeable and not reading off a script/painting by numbers are slim.
It is possible that the malware came from a plugin but unlikely from presentation, this is a typical non-specific attack, it really not something the gives a shit about what framework you are using or its addons. It is not operating on that level. If it was it would target the more popular frameworks like wordpress or use heuristics to find common vulnerabilities.
grep is your friend.
@x00 - thank you for your comment. The post is only on the recent discussion page/home page. I don't think it is in any other page. Is there a specific thing I can do apart from replacing all the files? But I will contact the host company for assistance also.
That is the best strategy.
Where the payload appears, isn't accurate enough to pin down where it resides.
Scan you computer.
Replace the core, then all the add-ons.
grep is your friend.
Id You aré using feedijt plugin for Wordpress you have been hacked. You will need to scan your website to find the affected files ....
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Thanks @x00 and @vrijvlinder for your comments.
I cleared up the scam contents by re-upgrading the forum to version 2.1.11.
@vrijvlinder - can Feedjit plugin introduce hacking on website?
Yes, it happened to me. It infected all sites that use php. Posted some script on all the php files. I recommend scanning your site often .
https://www.virustotal.com/
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
clearing the payload is not the same as identifying the problem, follow my advice.
grep is your friend.
@Prosper I am pretty sure the entry point for the attacker on your site was not feedjit - especially since you seem to only have a static html embedding of feedjit on your site, not a dynamic plugin.
@vrijvlinder The wordpress plugin seems safe, too. Couldn't identify any publicly known vulnerability. The plugin itself seems pretty basic, too. Would be surprised if it has any exploitation potential at all.
This is also a handy scanner: https://sitecheck.sucuri.net//
You are probably right, I confused it with another dutch plugin ...
http://vanillaforums.org/discussion/comment/212182#Comment_212182
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
"Dutch plugin" I've never heard that idiom before.
kind of like confusing a dutch treat with a dutch uncle who has Dutch Courage who you are in dutch with and talking double dutch before a dutch auction that led to the dutch act
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine
And then, of course, cockneys talk of their (old) Dutch, meaning 'wife' (short for Duchess)
From the song written by the magnificently named
Albert Onésime Britannicus Gwathveoyd Louis Chevalier
That's not as good as any old iron
https://www.youtube.com/watch?v=a4GdWK_WoNs
grep is your friend.
The most common rhyming slang for wife is "trouble and strife"
grep is your friend.
Are you saying what I think you are saying ???? If you have a wife, she is probably a total saint for putting up with crabby you
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Its a historical term, don't shoot the the messenger.
grep is your friend.
https://www.google.co.uk/search?q=trouble+and+strife
grep is your friend.
lmao, historical demeaning term that males apply to the only people who would have anything to do with them !!!!
Disingenuous
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
You have to take in context. whu606 said that duchess is used for wife in cockney indeed the following phrases have been used
Duchess of Fife
Trouble and strife
Ball and chain
The last one is not rhyming to the actual word (it would be better if it was for pain), but not all cockney is rhyming
Rhyming slang works like this:
have a Butcher's = have a look (from butcher's hook)
can you Adam and Eve it? = can you believe it?
Dog and Bone = phone
telling Porkies = telling lies (from Pork Pies)
Some rhyming slang is double rhyming as a phrase the rhyming with the phase that rhymes with the word.
grep is your friend.
The most likely slang term you would hear a cockney/Londoner use for wife would probably be 'old girl' or 'old lady'.