RMweb Posted December 29, 2018 Posted December 29, 2018 I have a site still running 3.4.9 (do not ask! 😰) which has experienced a malware intrusion. Inspecting the page source via Chrome I can see the following javascript block (highlighted with pink) planted within the header (shown top left in red). Could anyone please tell me which folder/directory would house that portion of ipboard_body code? I'm completely useless at finding where Invision places some of its code! Any help appreciated.
steve00 Posted December 29, 2018 Posted December 29, 2018 If that code appears in all pages then likely global template
RMweb Posted December 29, 2018 Author Posted December 29, 2018 7 minutes ago, steve00 said: If that code appears in all pages then likely global template Thanks Steve; that's got me heading in the right direction!
AndyF Posted December 29, 2018 Posted December 29, 2018 I concur likely All Global Templates > Global Template (I forget the exact wording) More importantly how did it get there. Visit the security centre in the ACP. You *have* run the 'IPBoard .htaccess protection' tool at some point yes ? This writes "no execute" to various directories, so if something did get where it should not, at least it would not be able to be ran (as in via name.php) which would likely do more damage. Also worth running the file/directory permission checker too.
AndyF Posted December 29, 2018 Posted December 29, 2018 Oh the 'suspicious file checker' would be well worth running too although given the way it works it *will* by its nature list some 'safe' files as it picks on size/last modified etc but its a start at least. Really you're looking for something like a .php file in the /uploads directory which should not be there. As daft as it may sound ensure that /conf_global.php is not writeable either, if you can chmod it down to 0444 that would be quite sensible. Â
Recommended Posts
Archived
This topic is now archived and is closed to further replies.