Home General support

Phoenix exploit kit detected on my website

matthicksphoto Member
in General support
Hey all, two different people recently had AVG pop up with a message on my website saying there was a phoenix exploit kit tooling around in it. Zenphoto is the only thing I have in my domain, and the only modification I've made is to add an ebay button. What do you think could be the problem?
www[dot]matthicksphoto[dot]com

Comments

  • acrylian Administrator, Developer
    I don't know much about that but what I read so far is that a root kit trojan for Windows computers. So it might be on the visitors computer/browser and not on your server.

    I fear I sadly cannot help further you will have to check available resources how to get rid of that.

    Although it was something different (I think) you can read on the security posts on our news section from last november about Zenphoto powered sites being hacked.
  • matthicksphoto Member
    Thanks, I looked through a few topics and then realized my install was out of date, so I updated it...I think. The version that zenphoto says I have is different from what my control panel says I have.
    Well, we'll just have to see if it happens again! I certainly couldn't reproduce it in clicking around my website for 15 minutes.
  • ron Member
    Your site tried to install a virus on my computer, straight from the homepage and without clicking. In the top-center of your homepage I noticed two 1x1-pixel iframes linking to a website in Poland (miporoskilosi[dot]bee[dot]pl) and they contain very suspicious encrypted code...
  • acrylian Administrator, Developer
    Seems then that you need to do some cleaning and check your file/folder permissions and else. You should also contact your host in case it got in via the server directly.
  • matthicksphoto Member
    I found this out a bit before you did, and I've been combing through files, but haven't found it yet. It's an iframe that isn't in any of the theme files. My host was...unhelpful.
  • acrylian Administrator, Developer
    Look also for strange Javascript or PHP code as the iFrame might be camouflaged. Also look into the database.

    Best is to clear the whole install and reupload all files fresh downloaded from our site (and of any other tool you might use).
Sign In or Register to comment.