ParanetOnline

The Site => Site Suggestions & Support => Topic started by: Yeratel on April 23, 2009, 09:34:27 PM

Title: Virus or Trojan on the Forum?
Post by: Yeratel on April 23, 2009, 09:34:27 PM
Every time I've gone onto jimbutcheronline.com today to get into the forums, I get a warning message from Norton Antivirus that JS.Downloader, a javascript program listed as a threat has been blocked. I haven't gotten that prompt on any other website but this one. Not sure if it's a coincidence, or not, but I clicked on several other web sites in a row, then came back here, and got the warning again. I'm doing a full system scan on my PC now, but I thought I'd give you a heads up.

*Edit- I did some further experimenting. I don't get the warning message when I go to the main Jim Butcher page, www.jim-butcher.com, only when I click to go to the Forums at www,jimbutcheronline.com, and again when I clicked to go to this particular forum for Suggestions and Support. This didn't occur when I was here yesterday, so something has changed since then.
Title: Re: Virus or Trojan on the Forum?
Post by: iago on April 23, 2009, 09:44:52 PM
I've hunted through the actual PHP source code on the site, and haven't found any references to JS.Downloader. If it's there, I'm not sure HOW it's there.

Anyone able to tell me anything?
Title: Re: Virus or Trojan on the Forum?
Post by: iago on April 23, 2009, 09:48:39 PM
Hmmm, sonofa -- I may have found something in the code somewhere. Stay tuned.
Title: Re: Virus or Trojan on the Forum?
Post by: iago on April 23, 2009, 10:08:55 PM
I THINK I've managed to scrub it all out. Anyone seeing any remaining signs?
Title: Re: Virus or Trojan on the Forum?
Post by: Yeratel on April 23, 2009, 10:53:57 PM
Quote from: iago on April 23, 2009, 10:08:55 PM
I THINK I've managed to scrub it all out. Anyone seeing any remaining signs?
I'm not getting any more warning messages, so it looks like that fixed it, thanks!  :)
Title: Re: Virus or Trojan on the Forum?
Post by: Priscellie on April 23, 2009, 11:17:18 PM
Thanks, Fred!
Title: Re: Virus or Trojan on the Forum?
Post by: Shecky on April 24, 2009, 12:14:47 AM
Fred = awesomeness. That is all.
Title: Re: Virus or Trojan on the Forum?
Post by: Phoenix_Kayden on April 24, 2009, 01:04:32 AM
Thanks for fixing it! I received a pop up saying my viris program blocked it, about 100 times! I'm super happy you fixed it! Thank you!
Title: Re: Virus or Trojan on the Forum?
Post by: Elanel on April 24, 2009, 05:59:22 AM
Awesome. Thanks Fred :)
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on April 24, 2009, 06:53:58 AM
Fred - as always, YOU ROCK!
Title: Re: Virus or Trojan on the Forum?
Post by: horsehearted on April 25, 2009, 12:43:31 AM
(http://www.thenibble.com/zine/archives/images/gourmet-fruit-basket_000.jpg)

Partake as you will Your Awesomeness, Sir!
Title: Re: Virus or Trojan on the Forum?
Post by: El Diablo on April 30, 2009, 10:26:10 PM
Thanx! All clear now!
Title: Re: Virus or Trojan on the Forum?
Post by: Matrix Refugee (formerly Morraeon) on April 30, 2009, 10:35:52 PM
I've been getting a wierd warning message from Adobe Acrobat, something like "Unable to perform this function". Might this have had anything to do with the not-so-little problem that just got rooted out?
Title: Re: Virus or Trojan on the Forum?
Post by: El Diablo on April 30, 2009, 10:57:07 PM
no Adobe got hit by a zero day, you have to shut off javascript.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9132307
Title: Re: Virus or Trojan on the Forum?
Post by: iago on April 30, 2009, 11:17:37 PM
Problem cropped up again. I've upgraded the site software; hopefully that will patch the hole.
Title: Re: Virus or Trojan on the Forum?
Post by: Quantus on May 01, 2009, 02:24:42 AM
I dont know if its related to the upgrade, but the spoiler tag seems to have stopped working
Title: Re: Virus or Trojan on the Forum?
Post by: XavierDLH on May 01, 2009, 03:32:35 AM
Quote from: Quantus347 on May 01, 2009, 02:24:42 AM
I dont know if its related to the upgrade, but the spoiler tag seems to have stopped working

More than likely. Thankfully it's not something too mission-critical.
I imagine it could take some time to reimplement.
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 01, 2009, 03:45:44 AM
I'd agree. It was an aftermarket addon in the beginning as I understand. Iago will probably have to manually put it back in place (I assume.)
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 01, 2009, 04:08:09 AM
Quote from: Murphy's Stunt Double on May 01, 2009, 03:45:44 AM
I'd agree. It was an aftermarket addon in the beginning as I understand. Iago will probably have to manually put it back in place (I assume.)
Yep. I'll see what I can do.
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 01, 2009, 04:13:33 AM
Thanks, Darlin! You da MAN!
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 01, 2009, 04:30:15 AM
(click to show/hide)

Looks like it's back?
Title: Re: Virus or Trojan on the Forum?
Post by: El Diablo on May 01, 2009, 04:30:16 AM
Unless you're hosting, I still say it's the site provider.

When you don't change code, and stuff happens, blame "I.T." first. They have to patch and pay attention to their end, so you don't suffer on your end.
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 01, 2009, 04:31:27 AM
No. No spoiler on that Potter reference there.
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 01, 2009, 04:37:36 AM
Quote from: Murphy's Stunt Double on May 01, 2009, 04:31:27 AM
No. No spoiler on that Potter reference there.
Actually, I think there is, but you need to do a total refresh page load -- if your browser is caching the stylesheet, the spoiler tag won't work.

Try holding down the shift key when you click the reload button (or something like that) -- I have to do that in Firefox when I mean "no, really, reload everything."
Title: Re: Virus or Trojan on the Forum?
Post by: El Diablo on May 01, 2009, 04:40:28 AM
(click to show/hide)
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 01, 2009, 04:40:45 AM
You're right, that worked!

Thanks again, iago!
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 01, 2009, 04:42:48 AM
Spread the word. :)
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 01, 2009, 04:44:02 AM
Word!
Title: Re: Virus or Trojan on the Forum?
Post by: horsehearted on May 01, 2009, 04:50:40 AM
*bows to Iago's awesomeness*
Title: Re: Virus or Trojan on the Forum?
Post by: Yeratel on May 01, 2009, 05:18:40 AM
I hope it's not sneaking onto the server from something like posting links or images here.
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 01, 2009, 05:19:33 AM
Quote from: The Angel Yeratel on May 01, 2009, 05:18:40 AM
I hope it's not sneaking onto the server from something like posting links or images here.
Naw. I think it was a PHP code exploit. I've done the plugging I can.
Title: Re: Virus or Trojan on the Forum?
Post by: Yeratel on May 01, 2009, 05:26:44 AM
Quote from: iago on May 01, 2009, 05:19:33 AM
Naw. I think it was a PHP code exploit. I've done the plugging I can.
Great job, staying up until this time of the morning to fix it. I'd say your boss should double your salary, but you're him.
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 01, 2009, 05:28:22 AM
Quote from: The Angel Yeratel on May 01, 2009, 05:26:44 AM
Great job, staying up until this time of the morning to fix it. I'd say your boss should double your salary, but you're him.
Buy your next Butcher item through the Jim-Butcher.Com store, and you'll help him do that. ;)
Title: Re: Virus or Trojan on the Forum?
Post by: Yeratel on May 01, 2009, 05:30:02 AM
Quote from: iago on May 01, 2009, 05:28:22 AM
Buy your next Butcher item through the Jim-Butcher.Com store, and you'll help him do that. ;)
You got it.  :)
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 02, 2009, 05:33:58 PM
Virus intrusion happened again. Scrubbed it out again. This time I've taken a few more steps -- turned off writability of the php files, and made sure PHP *itself* was upgraded to the latest version -- the system my provider stuck me on was on a version of PHP that was a year out of date (5.2.6 instead of the current 5.2.9). 

If the virus crops up again after this, I'll have to consider a multi-day shut-down and a move to a new provider.
Title: Re: Virus or Trojan on the Forum?
Post by: Yeratel on May 02, 2009, 05:41:59 PM
Well, that's a pain in the a$$.   :P
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 02, 2009, 05:53:24 PM
Thanks again for all your hard work, Fred. Sorry this is being such a PITA for you right now!
Title: Re: Virus or Trojan on the Forum?
Post by: Shecky on May 02, 2009, 05:54:35 PM
Yell at the provider. If nothing else, it'll be soothingly therapeutic for you. ;D
Title: Re: Virus or Trojan on the Forum?
Post by: BookLover♥ on May 02, 2009, 06:15:36 PM
Although I would have major withdrawals, if you think you need to take down the site to fix it, we'll cope!

*twitchtwitch*
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 02, 2009, 06:17:16 PM
Speak for yourself, Bookie. ;D Something like that will probably put me back on my meds!  :D



(J/K) 8)
Title: Re: Virus or Trojan on the Forum?
Post by: BookLover♥ on May 02, 2009, 06:22:51 PM
Yeah, this morning, I started trying to figure out how many people I could still contact if the forum were down for long.  :P
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 02, 2009, 08:00:59 PM
LOL! So did I!!

I realize there aren't many!  :'(
Title: Re: Virus or Trojan on the Forum?
Post by: Yeratel on May 02, 2009, 09:25:18 PM
Nope, almost all of the contact I've had outside the messages in the forums has been PMs here, not emails.  I've only got about two people from here in my address book.
Title: Re: Virus or Trojan on the Forum?
Post by: Matrix Refugee (formerly Morraeon) on May 02, 2009, 11:30:12 PM
I spent much of the morning browsing the web for an alternate TDF forum to hang out on in case this one went south. Glad it's back! Thanks for all the hard work, Fred!
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 04, 2009, 02:56:17 PM
I'm keenly interested in making sure the community stays alive and in contact with one another. Whenever possible, I will minimize the downtime this part of the site has -- my ideal scenarios would suggest any major issue should get sorted in under 48 hours.
Title: Re: Virus or Trojan on the Forum?
Post by: BookLover♥ on May 04, 2009, 03:09:49 PM
You know, we were talking about our Disaster Recovery/Business Continuity Plan this morning at work - specifically, the building evacuation procedures and the need to know the gathering location to check in at.  My mind immediately went to 'That's what we need for the forum - a designated meeting spot if there's a disaster and we have to evacuate.'   :D


We trust you to do what needs to be done, Fred!
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 04, 2009, 05:34:24 PM
Quote from: iago on May 04, 2009, 02:56:17 PM
I'm keenly interested in making sure the community stays alive and in contact with one another. Whenever possible, I will minimize the downtime this part of the site has -- my ideal scenarios would suggest any major issue should get sorted in under 48 hours.

And this is reason #5769 why you rock, Fred!

BL - I've got it. If there's a disaster and we have to evacuate, let's all meet at JB's house. You think he'll mind?  ;) :D
Title: Re: Virus or Trojan on the Forum?
Post by: Quantus on May 04, 2009, 07:19:30 PM
*whistles while subtly kicking plug out of wall *

Oops...I wonder what happened? 


Party at JB's place!!    ;)8)
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 06, 2009, 12:08:36 AM
And we're back.

I've got the security team at Midphase actively on the case now, so hopefully we'll be able to shut this guy out... eventually.
Title: Re: Virus or Trojan on the Forum?
Post by: horsehearted on May 06, 2009, 12:10:37 AM
YAY!!!!!!
*cuddles Iago*
DUDE! You're the epitome of awesome!!!! Thank you SO much! 
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 06, 2009, 12:12:11 AM
*Bows and conscripts first born to indentured servitude to Fred*

Dude! I appreciate the effort you went to to set us up on Yahoo but man, that format sucks!

So happy to be home!

*Snuggles Iago* Thanks, hon!
Title: Re: Virus or Trojan on the Forum?
Post by: XavierDLH on May 06, 2009, 12:15:34 AM
Quote from: iago on May 06, 2009, 12:08:36 AM
And we're back.

I've got the security team at Midphase actively on the case now, so hopefully we'll be able to shut this guy out... eventually.

*Applauds*

Midphase... Does that mean the forums are physically hosted in Chicago? That could make for a believable "Harry did it" if the lights were to go out on the host!

:)
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 06, 2009, 12:16:21 AM
*Applauds* I'd say that's the best reason I've ever heard. I'm blaming Harry!
Title: Re: Virus or Trojan on the Forum?
Post by: Bookboym on May 06, 2009, 12:17:15 AM
Quote from: iago on May 06, 2009, 12:08:36 AM
And we're back.

I've got the security team at Midphase actively on the case now, so hopefully we'll be able to shut this guy out... eventually.
We're not worthy, we're not worthy.
Title: Re: Virus or Trojan on the Forum?
Post by: Matrix Refugee (formerly Morraeon) on May 06, 2009, 12:18:11 AM
:: Hugs Fred:: Thanks for all the hard work, fella!
Title: Re: Virus or Trojan on the Forum?
Post by: BookLover♥ on May 06, 2009, 12:34:06 AM
You are the awesomest, Fred!!

And I feel so much more at ease knowing there's a security blanket out there for us!  :-*
Title: Re: Virus or Trojan on the Forum?
Post by: Yeratel on May 06, 2009, 01:01:55 AM
Thank's for all the hard work Fred, this is kinda getting to be like a real job, isn't it?  And thanks for setting up the NeverNever, I've got it bookmarked now, for use in case of emergencies.  :)  http://groups.yahoo.com/group/thenevernever/
Title: Re: Virus or Trojan on the Forum?
Post by: Quantus on May 06, 2009, 01:12:34 AM
Fred your kung fu is supreme 8)  Steaks are on me next time you're in NC
Title: Re: Virus or Trojan on the Forum?
Post by: El Diablo on May 06, 2009, 01:46:51 AM
er, I can't send messages I think. I tried sending this to you twice Iago
******************
I can set up an emergency bypass on my site. I can rig up a snitz forum , and wouldn't mind paying a few bucks a year for a URL to point at it.

Heck, if you're using a db that you can export to, I can always export the posts in the down time to a file, and the threads could be added back to your forum.

I host on Crystaltech, not sure if they do PHP .

Lemme know. If you're contemplating , give me an idea of transfer so I can see how much of a buffer zone I have on my plan. I think I'm somewhere near 400 gigs free and clear a month over my needs.
Title: Re: Virus or Trojan on the Forum?
Post by: ToddM326 on May 06, 2009, 01:48:48 AM
All hail the mighty Fred.
Title: Re: Virus or Trojan on the Forum?
Post by: Priscellie on May 06, 2009, 03:21:36 AM
WOOHOO!  All hail Fred!
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 08, 2009, 05:10:55 PM
Happened again. Midphase (after some yelling about their brush-off maneuver) is on the job again, though we don't have clear answers yet as to how/why it's happening. I've cleaned the virus out, but it's probably only a matter of days before it crops up again.
Title: Re: Virus or Trojan on the Forum?
Post by: Shecky on May 08, 2009, 05:46:29 PM
Get me a name and address of the culprit, and I'll get it taken care of.
Title: Re: Virus or Trojan on the Forum?
Post by: BookLover♥ on May 08, 2009, 06:01:08 PM
We'll stick with ya, Fred!
Title: Re: Virus or Trojan on the Forum?
Post by: iago on May 12, 2009, 04:35:54 PM
We had another incident today, but I think I managed to scrub the virus out this time without any forum downtime.
Title: Re: Virus or Trojan on the Forum?
Post by: Fyrchick on May 12, 2009, 04:40:59 PM
Quote from: iago on May 12, 2009, 04:35:54 PM
We had another incident today, but I think I managed to scrub the virus out this time without any forum downtime.

That is because
1. You are cool
2. you are in Maryland, my home state (sort of)
3. you can't deny the fact you like us. You like us!
Title: Re: Virus or Trojan on the Forum?
Post by: Murphy's Stunt Double on May 12, 2009, 04:50:33 PM
Shhhh... you're gonna make him implode if he has to admit that.

Now just run along and "quietly know" the truth.  ;) :D
Title: Re: Virus or Trojan on the Forum?
Post by: Fyrchick on May 12, 2009, 04:56:45 PM

oops! ok!