Jump to content

3.4.9 malware


Recommended Posts

I have a site still running 3.4.9 (do not ask! 😰) which has experienced a malware intrusion.

Inspecting the page source via Chrome I can see the following javascript block (highlighted with pink) planted within the header (shown top left in red). Could anyone please tell me which folder/directory would house that portion of ipboard_body code? I'm completely useless at finding where Invision places some of its code!


Any help appreciated.

Link to comment
Share on other sites

I concur likely All Global Templates > Global Template (I forget the exact wording)

More importantly how did it get there.

Visit the security centre in the ACP. You *have* run the 'IPBoard .htaccess protection' tool at some point yes ? This writes "no execute" to various directories, so if something did get where it should not, at least it would not be able to be ran (as in via name.php) which would likely do more damage.

Also worth running the file/directory permission checker too.

Link to comment
Share on other sites

Oh the 'suspicious file checker' would be well worth running too although given the way it works it *will* by its nature list some 'safe' files as it picks on size/last modified etc but its a start at least. Really you're looking for something like a .php file in the /uploads directory which should not be there.

As daft as it may sound ensure that /conf_global.php is not writeable either, if you can chmod it down to 0444 that would be quite sensible.


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...