Invision Community 4: SEO, prepare for v5 and dormant account notifications Matt November 11, 2024Nov 11
Posted December 12, 201212 yr Virtually all of my IPB sites (dozens) have been infected with maleware. I've upgraded them to 3.4.0 and replaced the files again and again - I am at a sad loss here. I opened a ticket for one, but I have so many sites. All of my VB sites are in tact, but I don't want to migrate my IPB sites back to VB since I love IPB so much. Don't know what to do.
December 12, 201212 yr Did you actually delete the old source files and upload new ones? Save config_global.php, uploads... Malware files may look like legit files but not exist in the base install. You can also use the Security Center to check files and executables. Disable hooks, see if problems persist. Have you checked and or cleared the contents of your cache folders? Modern malware often inserts files into these caches. Caches are easily rebuilt. Checked .htaccess? If experiencing redirects this is the likely culprit. More information regarding the symptoms of your infection would be helpful. P.S. I prefer femaleware. ;)
December 12, 201212 yr Author Did you actually delete the old source files and upload new ones? Save config_global.php, uploads... Malware files may look like legit files but not exist in the base install. You can also use the Security Center to check files and executables. Disable hooks, see if problems persist. Have you checked and or cleared the contents of your cache folders? Modern malware often inserts files into these caches. Caches are easily rebuilt. Checked .htaccess? If experiencing redirects this is the likely culprit. More information regarding the symptoms of your infection would be helpful. P.S. I prefer femaleware. ;) I am trying this again. Deleting everything and installing fresh 3.4.0. On a test site though, it says incorrect incorrect_furl. How do I fix that?
December 12, 201212 yr Restore your .htaccess or add this to existing: <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase /forum/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /forum/index.php [L] </IfModule>
December 12, 201212 yr Author Restore your .htaccess or add this to existing: <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase /forum/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /forum/index.php [L] </IfModule> OK, thanks. So, now it looks like the below - is this OK? <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteRule .(jpeg|jpg|gif|png)$ /public/404.php [NC,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> <IfModule mod_rewrite.c> Options -MultiViews RewriteEngine On RewriteBase /forum/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /forum/index.php [L] </IfModule>
December 12, 201212 yr On a side note, check your effected sites in chrome, I was lucky enough to have some twirp add malware to my past test sites and then report it to google as malware effecting the core domain. If you haven't already, register your sites with webmaster tools, you can then (once all cleaned) submit for a review. Mine only took a day to be set all clear.
Archived
This topic is now archived and is closed to further replies.