Member
Member
matthicksphoto   2012-02-29, 19:08
#1

Hey all, two different people recently had AVG pop up with a message on my website saying there was a phoenix exploit kit tooling around in it. Zenphoto is the only thing I have in my domain, and the only modification I've made is to add an ebay button. What do you think could be the problem?
www[dot]matthicksphoto[dot]com

Administrator
Administrator
acrylian   2012-02-29, 19:26
#2

I don't know much about that but what I read so far is that a root kit trojan for Windows computers. So it might be on the visitors computer/browser and not on your server.

I fear I sadly cannot help further you will have to check available resources how to get rid of that.

Although it was something different (I think) you can read on the security posts on our news section from last november about Zenphoto powered sites being hacked.

Member
Member
matthicksphoto   2012-02-29, 20:31
#3

Thanks, I looked through a few topics and then realized my install was out of date, so I updated it...I think. The version that zenphoto says I have is different from what my control panel says I have.
Well, we'll just have to see if it happens again! I certainly couldn't reproduce it in clicking around my website for 15 minutes.

Member
Member
ron   2012-03-01, 06:31
#4

Your site tried to install a virus on my computer, straight from the homepage and without clicking. In the top-center of your homepage I noticed two 1x1-pixel iframes linking to a website in Poland (miporoskilosi[dot]bee[dot]pl) and they contain very suspicious encrypted code...

Administrator
Administrator
acrylian   2012-03-01, 13:42
#5

Seems then that you need to do some cleaning and check your file/folder permissions and else. You should also contact your host in case it got in via the server directly.

Member
Member
matthicksphoto   2012-03-05, 23:12
#6

I found this out a bit before you did, and I've been combing through files, but haven't found it yet. It's an iframe that isn't in any of the theme files. My host was...unhelpful.

Administrator
Administrator
acrylian   2012-03-06, 09:55
#7

Look also for strange Javascript or PHP code as the iFrame might be camouflaged. Also look into the database.

Best is to clear the whole install and reupload all files fresh downloaded from our site (and of any other tool you might use).

  
Powered By MyBB, © 2002-2026 MyBB Group.
Made with by Curves UI.