YaBB Community and Support Forum
YaBB Home About YaBB Download YaBB YaBB Support Customize Your Forum Development Contribute to the Project
  Welcome, Guest. Please Login or Register


 
Pages: 1 2 
Topic Tools
 
Admin Center A/V warning (Read 2,951 times)
 Dec 28th, 2012 at 2:56am
There are no actions to perform.  

westwegoman 
Ex Member
*


YaBB 2.5
Admin Center A/V warning
I visited my admin center just now and to my surprise, I got a pop-up from my AV. (see attached)

Is it possible that something is still lurking around from last nights problems?

Also, I have a link that I can PM if needed. I don't want to post it in here.

Edited:
forgot to post the attachment Cheesy
« Last Edit: Dec 28th, 2012 at 2:58am by westwegoman »  
YabbAVAttack.bmp (542 KB | 52 )
YabbAVAttack.bmp
Never use both feet to test the depth of the water
 
IP Logged  
 Reply #1 - Dec 28th, 2012 at 4:10am
There are no actions to perform.  

forumguy99 
Junior Member
**
Offline
Posts: 96


None
Re: Admin Center A/V warning
westwegoman wrote on Dec 28th, 2012 at 2:56am:
I visited my admin center just now and to my surprise, I got a pop-up from my AV. (see attached)

Is it possible that something is still lurking around from last nights problems?

Also, I have a link that I can PM if needed. I don't want to post it in here.

Edited:
forgot to post the attachment Cheesy


That's part of the problem yabb had. They fixed it.
 
 
IP Logged  
 Reply #2 - Dec 28th, 2012 at 4:26am
There are no actions to perform.  

westwegoman 
Ex Member
*


YaBB 2.5
Re: Admin Center A/V warning
Either something was missed or I'm being attacked now.

Friggin retards!! (the attackers, that is)
 
Never use both feet to test the depth of the water
 
IP Logged  
 Reply #3 - Dec 28th, 2012 at 5:12am
There are no actions to perform.  

depablo 
YaBB Moderators
YaBB Next Team
Beta Testers
***
Offline
Posts: 577
UK


YaBB 2.5
Re: Admin Center A/V warning
Clear your cache, temp Internet files etc and try again Smiley
 
Taking a peek behind the mask Wink
 
IP Logged  
 Reply #4 - Dec 28th, 2012 at 5:25am
There are no actions to perform.  

westwegoman 
Ex Member
*


YaBB 2.5
Re: Admin Center A/V warning
I did that. Still getting pop-ups from my AV program and IE still shows its waiting for global conference management group website when its loading. This cant be normal eh?

This is happening on all my YaBB forums.
 
gcmg.bmp (183 KB | 55 )
gcmg.bmp
Never use both feet to test the depth of the water
 
IP Logged  
 Reply #5 - Dec 28th, 2012 at 6:29am
There are no actions to perform.  

depablo 
YaBB Moderators
YaBB Next Team
Beta Testers
***
Offline
Posts: 577
UK


YaBB 2.5
Re: Admin Center A/V warning
Did you follow the link to the malware site at any time? Maybe you should do a full scan of your system with AV and Malwarebytes etc
Plus ccleaner
« Last Edit: Dec 28th, 2012 at 6:31am by depablo »  
Taking a peek behind the mask Wink
 
IP Logged  
 Reply #6 - Dec 28th, 2012 at 8:56am
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,614
Land of the Blazing Sun!


None
Re: Admin Center A/V warning
Your servers and workstations were never in danger

That admin panel 'insert' is an linline frame that 'peers' into Yabbforum.com. Our host was attacked last night, and our .htaccess files were screwed for a short period of time as a result. It (the webkit exploit) is a server attack, not a workstation attack - and it was not on your server. It places bogus .htaccess and javascript into a server, and works almost exactly like a 'virus'.  Its purpose is to infect servers and spread itself. Its actually a 'packaging' system, not the 'payload'.

Norton (or AVG) was seeing that through the inline frame. Everything actually transpired on our host's system.  As it is in the Admin Center, the only person(s) who ever saw the code are administrators who opened the panel before I fixed 'update'.  Just scary looking, not an issue.  Someone took the offending distribution servers offline earlier, that's why it is showing a 404 on ngnix

I have resolved the problem some time ago, all you need do is refresh the page or clear your cache.  If you are still 'seeing' an error or getting warnings in your Admin Center, then you did not clear your cache correctly - as that code no longer exists.

I should also point out it was never possible to 'spread that' to your users either.

On order to ensure I was correct, I went into yabbforum.com and checked the fixes I made. My correct code is in place and the bad code no longer exists on the server.  As the code is no longer there to be read - the only place it can be is in your cache.

OTAY?

Smiley
« Last Edit: Dec 28th, 2012 at 10:45am by JonB »  
I find your lack of faith disturbing.
 
IP Logged  
 Reply #7 - Dec 28th, 2012 at 10:48am
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,614
Land of the Blazing Sun!


None
Re: Admin Center A/V warning
One other thing -

If you want to send screenshots etc, please make them .png or .jpg files.  Bitmap files are huge, eat bandwidth, and make for sloooow refreshes.

Thanks very much
Wink
« Last Edit: Dec 28th, 2012 at 11:25am by JonB »  
plz_no_BMP.png (13 KB | 57 )
plz_no_BMP.png
I find your lack of faith disturbing.
 
IP Logged  
 Reply #8 - Dec 28th, 2012 at 12:39pm
There are no actions to perform.  

Elrick 
YaBB Moderators
Beta Testers
***
Offline
Posts: 147
Edge of the Abyss


YaBB 2.5
Re: Admin Center A/V warning
JohnB Quote:
That admin panel 'insert' is an linline frame that 'peers' into Yabbforum.com.

(what’s new at YaBB?). – Updates?.


As this ‘insert’ is integral with the Admin panel, whenever an admin access the Admin panel a link is established to YaBB.com and if YaBB is down (as recently) the the Admin Panel hangs there waiting for connection.

A while ago I disabled (removed) (with a little help from my friends here at YaBB) these ‘insert’ so there is no link to YaBB updates. Wink

Could these updates ‘insert’ links be made optional to admins on the new 2.5.2 and 3 versions? (or a new patch) to allow admins to chose to disable updates links? – Just a thought! Roll Eyes
 
~ Elrick ~
There is no direct experience of reality without interpretation; and all interpretation is corrupted by the cultural and personal prejudices or prejudgments of the interpreter.
 
IP Logged  
 Reply #9 - Dec 28th, 2012 at 2:08pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,614
Land of the Blazing Sun!


None
Re: Admin Center A/V warning
Elrick -

That is a valid point and it was already my intention to ask Dandello to put that on the list.

Thanks
Smiley
 
I find your lack of faith disturbing.
 
IP Logged  
 Reply #10 - Dec 28th, 2012 at 2:36pm
There are no actions to perform.  

Elrick 
YaBB Moderators
Beta Testers
***
Offline
Posts: 147
Edge of the Abyss


YaBB 2.5
Re: Admin Center A/V warning
JonB wrote on Dec 28th, 2012 at 2:08pm:
Elrick - That is a valid point and it was already my intention to ask Dandello to put that on the list. Thanks:)


Excellent initiative John! ...

It would be great to have a button available to admin, something like… ...


 
~ Elrick ~
There is no direct experience of reality without interpretation; and all interpretation is corrupted by the cultural and personal prejudices or prejudgments of the interpreter.
 
IP Logged  
 Reply #11 - Dec 28th, 2012 at 2:50pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,614
Land of the Blazing Sun!


None
Re: Admin Center A/V warning
In our internal Roadmaps, we are looking at ways to do automated updating (it goes with a new installer and Admin Center), but that is several (one or two) major versions away.

When we release the next version, I will post the next level of Roadmaps.  LOL One step at a time...

Smiley





 
I find your lack of faith disturbing.
 
IP Logged  
 Reply #12 - Dec 28th, 2012 at 3:51pm
There are no actions to perform.  

westwegoman 
Ex Member
*


YaBB 2.5
Re: Admin Center A/V warning
JonB wrote on Dec 28th, 2012 at 8:56am:
I have resolved the problem some time ago, all you need do is refresh the page or clear your cache.  If you are still 'seeing' an error or getting warnings in your Admin Center, then you did not clear your cache correctly - as that code no longer exists.

OTAY.

I was only wondering since the attacks, or apparent attacks, on my end didn't start until last night and I was under the impression that all had been resolved on Yabbforum.com. At that time, I assumed that it may have still been lurking around since I only got a warning when visiting the admin ctrs. My thoughts was it was from the links within the admin ctr.

It was happening in all admin ctrs,(2.5AE and 2.5.2) and including my test forums, I have probably 10 forums set up. (YaBB OCD) Grin

Elrick wrote on Dec 28th, 2012 at 12:39pm:
A while ago I disabled (removed) (with a little help from my friends here at YaBB) these ‘insert’ so there is no link to YaBB updates.

I think that will be on my list to do. I visit Yabbforum enough to know when there are updates.

JonB wrote on Dec 28th, 2012 at 10:48am:
One other thing -

If you want to send screenshots etc, please make them .png or .jpg files.  Bitmap files are huge, eat bandwidth, and make for sloooow refreshes.

Thanks very much
Wink

Noted Cheesy

At this time, all appears to be fine Smiley Thanks for your time.
 
Never use both feet to test the depth of the water
 
IP Logged  
 Reply #13 - Dec 28th, 2012 at 11:13am
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,614
Land of the Blazing Sun!


None
Re: YaBBforum.com .htaccess issue.
Yesterday, I fixed the primary problem; the 'public' .htaccess files that were affecting the Admin Center.

This morning I went through the server with a fine-tooth comb. There were other files affected, but none would likely harm visitors. As far as I can tell, its a server 'infection' system, not the actual payloads. It puts redirectors on servers. I also think I know how the attack worked now. I think its a generalized purely scripted attack, not a specific vectored attack. For .htaccess, it places new files where it has mapped them in previous visits. For .js, it appends a 'document.write' where they were mapped.  For index.php, it appends an inline frame. JonB's guess is they are using SEO site mappings to locate the targets. I say that because they 'missed' some opportunities. These attacks are usually aimed at server farms.

Heh - I will say that our creation of a 'mirrored test server' for yabbforum.com has just paid a very, very large dividend.

Cool

Edited:
I have used a variety of active site scanning tools and we are 'publicly clean', as is our reputation  Wink
« Last Edit: Dec 28th, 2012 at 4:26pm by JonB »  
norton_safe_web.JPG (54 KB | 57 )
norton_safe_web.JPG
I find your lack of faith disturbing.
 
IP Logged  
 Reply #14 - Dec 28th, 2012 at 4:17pm
There are no actions to perform.  

JonB 
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline
Posts: 3,614
Land of the Blazing Sun!


None
Re: Admin Center A/V warning
The last 1 Posts were moved here from Support  & Moderation Concerns by JonB.
 
I find your lack of faith disturbing.
 
IP Logged  
Pages: 1 2 
Topic Tools
 

Get Yet another Bulletin Board at SourceForge.net. Fast, secure and Free Open Source software downloads Support This Project BoardMod - YaBB features and templates YaBB Codex - support on installation and usage YaBB Toolbar for your browser

YaBB Facebook Group Page

Vulnerability Scanner

Valid RSS Valid XHTML Valid CSS Powered by Perl
YaBB Chat and Support Community » Powered by YaBB 3.0 Beta!
YaBB Forum Software © 2000-2011. All Rights Reserved.