Possible virus on Simgames Just recently all the pages which contain the ads, so my whole site other than the forums, the pages are being redirected to http://www.mysevgi.net. According to Symantec Corp. this is caused by a virus, now there are 2 that just came out. One that works as a java and the other is a trojan that works as an exe. The name of the viruses are: Backdoor.Berbew.* JS.Scob.Trojan If it is a virus I tend to think it's the Backdoor.Berbew.*. Would it be possible to have a look into this please, these are some pretty bad trojans, which are sent out to people's computers through the internet, on a site.
I am unable to reproduce this problem. Are you certain it's not a virus or spyware on your computer that's affecting how your pages display? I've determined that in many cases people complain a web site is doing something (like generating excess popups), when in fact it's spyware or adware on the user's computer doing it.
Okay, I got it to happen, but it happened even when I blocked the ad from loading, so it is something else on your web pages that is causing the redirection. Edit: <meta http-equiv="REFRESH" content="2;URL=http://www.mysevgi.net"> Site design is done by <a href=mailto:fpcd115@hotmail.com>FP Cyber Design©</a> <meta http-equiv="REFRESH" content="2;URL=http://www.mysevgi.net"> This code appears at the bottom of every page on your site. That implies it exists in your phpnuke template. If a virus added it to your template it could only have occurred on your computer. SimGames.net's servers are not capable of running viruses that could harm your site.
Hmm that's weird because the whole and it's pages haven't been touched for over 3-4 months. It's now fixed, hopefully. I am guessing this is an other of PHP Nuke's darn security holes. Thankfully the system I am creating/modifying will be a lot safer from these kind of threats, I think this is the 5th time something has happened since I switched to Nuke. Sorry for "blaming" Simgames, although that was not my intention, just wanted a heads up since I receive letters from symantec and this one just seemed to be similar to what was happening. So this would be more a hack right? **Edit** Definatly a hacker, he added himself as a *god* to the site, which I wasn't able to remove other than from the phpmyadmin. He added his little code everywhere possible. Is there anything that can be done to fix this and should any actions be done? EDit 2 To add to this case they have done it before, maybe something should be done to both the site and the guy running it. http://www.mysevgi.net/modules.php?...opic&t=1&sid=940d1510479e725c303da0d85f6e49ba
a linux virus that is smart enough to harm your site do exists.. rm -rf then everything is gone, when done as root. But, with proper restrictions you can make sure that a virus is almost not able to access the server. and about PHP-Nuke.. another example on how 'nice' it is. If you want to be safe with php-nuke you should have the fixes installed before they are discovered anyway, checking for new versions (and uploading them) everyday would help
Sorry, I wasn't quite as clear as I meant to be. Standard (windows)viruses and worms cannot run on the server. Linux viruses, generally speaking won't be able to obtain root access and are quite rare. For the most part, arbitrary code can't be executed on your site unless you upload it there or someone hacks your site. In those cases, this isn't considered a virus because it requires direct user input to create and/or execute the code. I wouldn't consider rm -rf / a virus either because it's technically just a command you can run. It's not an infection so much as a simple way to remove everything.
I had the latest security patches for the version if currently have installed. Heck I even made one patch. The attacker seems to have entered a line in the mysql somehow, giving himself "god" rights on my site. With that he was able to add the little Code: <meta http-equiv="REFRESH" content="2;URL=http://www.mysevgi.net"> To many attacks have been made on PHP-Nuke sites (kinda makes me think of Windows...). I am in the process of a new system, which I hope will be a lot safer. Anyway to be on the safe side, who can I contact to change my passwords or can it all be done through H-Sphere?
