Hello fellow reboot users & admins,
Edited by revrepo, 13 January 2015 - 03:32 PM.
Posted 13 January 2015 - 03:28 PM
Hello fellow reboot users & admins,
Edited by revrepo, 13 January 2015 - 03:32 PM.
Posted 13 January 2015 - 04:59 PM
Hello,
Thanks, there have been complaints about alnera.eu but my impression is that it was deployed directly by google adwords, not by the site itself.
I've renamed ips.quickpm.js to something else. Not sure if this file is compromised or not, doesn't really affect much the forum functioning in either way while we see what is happening.
Which steps do you think can be taken to clean/remove this problem?
Otherwise my opinion remains the same, google delivers the alnera javascript through the advertisement network.
Posted 13 January 2015 - 05:19 PM
Posted 13 January 2015 - 05:35 PM
DomainDomain name alnera.eu
Status REGISTERED (What this means)
Registered March 20, 2014
Expiry date March 31, 2015
Last update March 20, 2014, 9:39 pm
RegistrantName Anna Bednarova
Organisation NEROSO Inst., s.r.o.
Language Czech
Posted 13 January 2015 - 06:02 PM
Correct, that's because they have sink-holed that domain.
It was bad in 2013 and they took it over to stop malicious redirects like this site has been doing.
Just because its not being malicious now means nothing, the website was exploited back in 2013 and might still back backdoor access, you never know.
Best plan is to contact IP.Board for help and verify files.
You can see a old report here:
http://www.malware-t...7/08/index.html
alnera.eu redirects to malicious EKs
Posted 13 January 2015 - 06:26 PM
No hope for IPB support. They'll say something along the lines: "Install your forum from scratch", to which I'll reply: "but that way we lose the attachments and other tweaks made on the forum", to which they reply: "you asked for a solution".
Basically, their support ends up causing more harm than a virus. We are still suffering from the times when the post content was trashed during an upgrade.
Posted 13 January 2015 - 06:37 PM
Well then,
Removing that file is good start but there is no knowing what backdoors might have been setup.
Looks like a new platform is in order.
Posted 13 January 2015 - 08:22 PM
Looks like a new platform is in order.
Posted 13 January 2015 - 08:26 PM
Your Welcome
Just trying to help and save your users before something malicious happens again.
Posted 13 January 2015 - 10:26 PM
My friends, I wish that it was possible to accommodate each and every request but not an easy option.
Moving to another platform is an extreme option. Most members (like myself) have grown around forums built with IPB and it just works more or less the same manner for everyone when hoping across sites to participate.
In addition, changing to another forum software means a loss of attachments, user accounts and posts in some manner or other. While in the current process, we are completing a decade of existence with more or less the same data. IPB isn't the best software for a forum but works better than say, phpBB and a few others. Changing to MyBB was on top of the table back in 2011 but then was considered that the cost of change didn't really brought an overall improvement.
A forum software that recently caught my interest was the one seen on this site: http://forums.dotnetfoundation.org/
It is called Discourse. Looks great, seems to be headed on a way where transition wouldn't seem problematic but at the same time breaks with the current way of finding content around here and requires everyone to use a more recent web browser, which is very often not the case that I see from the analytics.
So, it seems that the only upgrade we will have is going to happen within one year when the next IPB series are released.
What I could probably do in the meanwhile is try to identify the files inside the forum software and match them against a vanilla edition of the forum, try to find if something was changed. However, this too requires time and plenty of effort so it might take me a while to be able of doing it.
Unless, someone with a fair reputation on the forum offers himself to proceed.
Posted 14 January 2015 - 02:08 AM
Groups →
Security →
Techware UninfectorStarted by Siginet , 13 Oct 2015 adwcleaner, registry, cleanup and 4 more... |
|
|
||
Groups →
Windows Extreme →
Windows 2K/XP/2003 →
TrueCrypt protects you against malware !Started by gid , 02 Dec 2014 truecrypt, ramdisk, ramdisk.sys and 3 more... |
|
|
||
Groups →
Security →
Tutorials →
Backdoors - The easy wayStarted by joakim , 26 Feb 2012 backdoor, malware, infection and 2 more... |
|
|
0 members, 0 guests, 0 anonymous users