Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
jackflash Posted December 12, 2012 Posted December 12, 2012 Virtually all of my IPB sites (dozens) have been infected with maleware. I've upgraded them to 3.4.0 and replaced the files again and again - I am at a sad loss here. I opened a ticket for one, but I have so many sites. All of my VB sites are in tact, but I don't want to migrate my IPB sites back to VB since I love IPB so much. Don't know what to do.
blair Posted December 12, 2012 Posted December 12, 2012 Did you actually delete the old source files and upload new ones? Save config_global.php, uploads... Malware files may look like legit files but not exist in the base install. You can also use the Security Center to check files and executables. Disable hooks, see if problems persist. Have you checked and or cleared the contents of your cache folders? Modern malware often inserts files into these caches. Caches are easily rebuilt. Checked .htaccess? If experiencing redirects this is the likely culprit. More information regarding the symptoms of your infection would be helpful. P.S. I prefer femaleware. ;)
jackflash Posted December 12, 2012 Author Posted December 12, 2012 Did you actually delete the old source files and upload new ones? Save config_global.php, uploads... Malware files may look like legit files but not exist in the base install. You can also use the Security Center to check files and executables. Disable hooks, see if problems persist. Have you checked and or cleared the contents of your cache folders? Modern malware often inserts files into these caches. Caches are easily rebuilt. Checked .htaccess? If experiencing redirects this is the likely culprit. More information regarding the symptoms of your infection would be helpful. P.S. I prefer femaleware. ;) I am trying this again. Deleting everything and installing fresh 3.4.0. On a test site though, it says incorrect incorrect_furl. How do I fix that?
blair Posted December 12, 2012 Posted December 12, 2012 Restore your .htaccess or add this to existing: <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase /forum/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /forum/index.php [L] </IfModule>
jackflash Posted December 12, 2012 Author Posted December 12, 2012 Restore your .htaccess or add this to existing: <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase /forum/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /forum/index.php [L] </IfModule> OK, thanks. So, now it looks like the below - is this OK? <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .(jpeg|jpg|gif|png)$ /public/404.php [NC,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase /forum/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /forum/index.php [L] </IfModule>
CnCNet Posted December 12, 2012 Posted December 12, 2012 On a side note, check your effected sites in chrome, I was lucky enough to have some twirp add malware to my past test sites and then report it to google as malware effecting the core domain. If you haven't already, register your sites with webmaster tools, you can then (once all cleaned) submit for a review. Mine only took a day to be set all clear.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.