| Author |
Message |
mrix
Client
Joined: Dec 04, 2004
Posts: 757
|
 Posted:
Sat Mar 14, 2009 5:01 am |
|
Hi all, I purchased a theme over a site that does clan themes which I have had for around 2 years now. Today I go on my site to find my anti-virus is picking up trogens on my site at www.online-gaming-forums.com it shows in the security window that there is JS:Redirector-E [Trj] within some of the image files  Is it possible for trogens to be placed within image files???
I havnt changed anything files wize since I had it... Is this just some kind of glitch or is it likely these are actually placed trogens???
cheers all
mrix |
Last edited by mrix on Sun Mar 15, 2009 5:26 pm; edited 2 times in total |
|
 
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
|
| Posted:
Sat Mar 14, 2009 7:10 am |
|
What antivirus are you using? It could be a false-positive. I am seeing the message in Avast.
Are you running the latest version of RN? |
| |
|
|
|
|
mrix
|
| Posted:
Sat Mar 14, 2009 7:13 am |
|
Yea I am using the latest ravennuke 2.30.01
I have also noticed I had an extra folder added in the public_html folder filled with html spam files 
I am not only person with ftp access is it possible to add files another way through some sort of exploit?
bad day here
thanks for the help
mrix |
| |
|
|
|
|
mrix
|
| Posted:
Sat Mar 14, 2009 7:42 am |
|
Having re-uploaded all the fresh files I find when clicking on the /admin.php I now get an error 404 page?
any idea`s at all?
cheers
mrix |
| |
|
|
|
|
nuken
RavenNuke(tm) Development Team
Joined: Mar 11, 2007
Posts: 2024
Location: North Carolina
|
| Posted:
Sat Mar 14, 2009 7:52 am |
|
404 is a not found error. look in your config.php file and make sure on around line 69 you see Code:$admin_file = 'admin';
|
|
_________________
Only registered users can see links on this board! Get registered or login! |
|
|
|
mrix
|
| Posted:
Sat Mar 14, 2009 8:21 am |
|
I checked the config and all seems ok... the error sorry I get is this when trying to access anything admin
Internet Explorer cannot display the webpage
Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.
What you can try:
Diagnose Connection Problems
More information |
| |
|
|
|
|
mrix
|
| Posted:
Sat Mar 14, 2009 8:27 am |
|
Ok all fixed I removed files that should not have been there added by whoever
How do I stop this happening again though????
cheers
mrix |
| |
|
|
|
|
nuken
|
| Posted:
Sat Mar 14, 2009 8:32 am |
|
I had a similar problem with a webhosting company. Someone was able to upload through FTP without me knowing it. Try asking your webhost company what they recommend and make your FTP password and username very difficult to guess. Like not using words in the dictionary and alternating upper and lower case letters along with some random numbers. |
| |
|
|
|
|
mrix
|
| Posted:
Sat Mar 14, 2009 8:33 am |
|
Ok thanks for those idea`s I`ll take them onboard and get to work now.
cheers and thanks
mrix |
| |
|
|
|
|
floppydrivez
Involved
Joined: Feb 26, 2006
Posts: 340
Location: Jackson, Mississippi
|
| Posted:
Sat Mar 14, 2009 8:19 pm |
|
I can assure you none of our images have no potential security issues. Did you find the problem? |
Last edited by floppydrivez on Sun Mar 15, 2009 5:06 pm; edited 1 time in total |
|
 
 |
|
jaded
Theme Guru
Joined: Nov 01, 2003
Posts: 1006
|
| Posted:
Sat Mar 14, 2009 9:08 pm |
|
I would be very cautious putting a company name in a thread that is talking about their images "possibly" being trojaned. These forums are picked up by many search engines and can damage the reputation and business of a site like theirs. It may not be a bad idea to remove the referrences to their site name from your post. It is not needed for the purposes of this thread. I do hope that you find whatever hole allowed your site to be damaged. In the meantime, let us try not to damage their good reputation. Good luck!  |
_________________
Themes BB Skins
http://www.jaded-designs.com
Graphic Tees
http://www.cafepress.com/jadeddesigns
Paranormal Tees
http://www.cafepress.com/HauntedTees
Ghost Stories & More
http://www.hauntingtales.net |
|
|
|
|
draxx
Involved
Joined: Nov 19, 2003
Posts: 282
|
| Posted:
Sat Mar 14, 2009 9:33 pm |
|
As much as I agree and would hate to see anyones good reputation ruined by a bad search spider I think in this case it was reliveant to indicate where the theme came from. Not to trash the makers but rather in this case to ask others with similar products to check their sites. Additionally to show that it came from a quality maker implies that its probably not something they did but rather a another bigger/different problem with a different source.
I am only chiming in because I had this happen to me once with nukeplat - my own site was setting off my anti-virus! They had embedded it in index.php.
Gawd I can't spell. |
| |
|
|
|
|
jaded
|
| Posted:
Sat Mar 14, 2009 9:36 pm |
|
Perhaps some identification of the theme maker, but not the entire domain and either way, at this point, the domain name could be removed from the posts since the matter was cleared up. That is only my opinion of course. |
| |
|
|
|
|
mrix
|
| Posted:
Sun Mar 15, 2009 4:25 am |
|
About domain I agree and have edited my origional Post ...
My question is still onboard though, is it possible to add this trogen JS:Redirector-E [Trj] to image files???? my antivirus was picking up this trogen in a fair few image files of my theme
Cheers
mrix |
| |
|
|
|
|
draxx
|
| Posted:
Sun Mar 15, 2009 12:31 pm |
|
Well I think the problem is that it is not clear how they got there.
Im not a staff member but I will say in summary if someone can gain unfettered access to your site then yes they can do that .... in fact anything is possible under those circumstances. |
| |
|
|
|
|
jakec
|
| Posted:
Sun Mar 15, 2009 3:31 pm |
|
mrix, you need to find out how this happened. Check your logs, speak to your host etc. If they have got in once and you haven't closed the hole they will be back. |
| |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Sun Mar 15, 2009 4:01 pm |
|
I know there was in the past often a similar security problem with free Wordpress themes.
And after all I know about this I´m absolute for blacklists to warn other people about such themes and desperados.
Of course to warn others it´s required to post the name of the theme and the sitename where you got the theme. |
| |
|
|
|
|
mrix
|
| Posted:
Sun Mar 15, 2009 5:21 pm |
|
My first port of call is really to find out if images can have trogens added to them ? If it is possible, I guess the whole theme could possibly have nasties in it.
no one seems to be able to give me an answer though:?
cheers
mrix |
| |
|
|
|
|
floppydrivez
|
| Posted:
Sun Mar 15, 2009 5:23 pm |
|
An image itself, probably not. However, in the theme code where the image is called is possible. |
| |
|
|
|
|
mrix
|
| Posted:
Sun Mar 15, 2009 5:24 pm |
|
I have the theme backed up from new... is there an admin here that could have a look at it for me to see if there is anything wrong?
cheers all
mrix |
| |
|
|
|
|
floppydrivez
|
| Posted:
Sun Mar 15, 2009 5:26 pm |
|
We need a lot more details. Like specifics and data from the server logs. That is where the truth lies about how this happen. |
| |
|
|
|
|
mrix
|
| Posted:
Sun Mar 15, 2009 5:27 pm |
|
I have the origional files of the theme.
Cheers
mrix |
| |
|
|
|
|
duck
Involved
Joined: Jul 03, 2006
Posts: 273
|
| Posted:
Sun Mar 15, 2009 7:21 pm |
|
Actually an image file can contain a trojan downloader however it cannot execute itself within an image file so it can't self propogate. Also because oif the nature of an image file a virus can't be hidden to the point of nondetection by antivirus software. Get clean copies of images and replace. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
