Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff
Author Message
sak
Worker
Worker



Joined: Jul 06, 2005
Posts: 172

PostPosted: Fri Sep 23, 2005 2:58 pm Reply with quote

I've had a number of users reporting that their AV software detects an ANIfile-exploit on my phpnuke 7.6 site. I haven't been able to determine if it's a false warning or not, it seems to be. But a few users have reported that the site freezes up on them. I posted a thread HERE [ Only registered users can see links on this board! Get registered or login! ] if anyone knows what it might be or could offer help. I'm afraid I may be losing lots of possible members because of this Sad
 
View user's profile Send private message Visit poster's website
Raven
Site Admin/Owner



Joined: Aug 27, 2002
Posts: 17088

PostPosted: Fri Sep 23, 2005 3:09 pm Reply with quote

Google search on panda av anifile removal

There are many hits. This one might help [ Only registered users can see links on this board! Get registered or login! ]
 
View user's profile Send private message
sak







PostPosted: Fri Sep 23, 2005 8:35 pm Reply with quote

thanks raven. indeed ive seen that site before too. I scanned all my files for any off-site .css links and found NONE :O. I then checked all my css files for any offsite links and found none :O

I'm at a complete loss. If there aren't any links going elsewhere, and none of my own css files are infected, what is the problem?
 
Raven







PostPosted: Fri Sep 23, 2005 9:27 pm Reply with quote

Were they visiting a particular area of your site? Are you doing anything on your front page that is variable? I mean are you pulling rss feeds or other content from elsewhere, like in ads, etc?
 
sak







PostPosted: Fri Sep 23, 2005 9:39 pm Reply with quote

As far as I can tell, the problem was reported immediately when visiting the website. I had a number of users report it right when they typed in [ Only registered users can see links on this board! Get registered or login! ] and the site loaded for the first time. We currently aren't syndicating any newsfeeds or running any adds either Confused
 
Raven







PostPosted: Fri Sep 23, 2005 9:45 pm Reply with quote

I haven't been able to produce it. It could be just a false positive by their software. When this happens, have them do a view source, copy and paste the source in an editor, zip it up, and email it to you for further analysis. If you are unable to see anything, then have them send it to their virus vendor for analysis to determine why they are getting the false positive.
 
sak







PostPosted: Fri Sep 23, 2005 9:58 pm Reply with quote

This is what I suspected all along. After giving it some thought, the only thing I can come up with is the theme. Perhaps something about Helius (or whatever copy of Helius I have) sets it off. I could try using a new theme, might throw the users off a bit though hehe.

Just unfortunate when something like this happens and prospective users are lost Sad
 
djmaze
Subject Matter Expert



Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv

PostPosted: Sat Sep 24, 2005 6:16 am Reply with quote

Check your favicon.ico's most browsers check for it in the root / although the website maybe says to look in /themes/Helius/
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> General/Other Stuff

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©