Virus sent to me

Quote:

---

Originally Posted by TekWarren

Just as an FYI I was just made aware that one of the sister sites to a forum I run is having some issues. A user reported virus notification and automatic dowloading of file(s) via what appears to be a malicious PHP script. The site is now 404! Hope there are not any cracks in security here Smulkin!

---

Nope everything up to date.

We turned on image verification (where you have to repeeat the distorted characters displayed) as part of the registration process a while back.

Recently we noticed some registrations that had some spammy spammy posts which some of you may well have seen. We moved all these users to a banned group and blacklisted the email domains they came from and blocked several IP's. But they were just making spammy posts.

Reading some threads in the software support forum some of the devs said that lately in the ongoing spread of spam people were being paid by spam clearinghouses to register on forums that had the image verification on and then selling the usernames and passwords to these houses.

That could only result in these spam posts that occured recently.


HTML is disabled here for security reasons because of the potential for malicious code.

Even when you use the "contact" function to get in touch with another user you jusr get a message composing window same as posting a thread - no way to attach any kind of virus payload.

Though folks from time to time complained of having to use the gallery instead of just uploading attachments disabling attachments was decided on for the same reasons - security as much if not more for the users than for the site itself.

All the latest revisions and patches for security are actively installed here.


We value your membership here and take all precautions to protect folks from any sorts of potential issues from SPAM to embedded code.





All that being said . . longwindedly . . I'm continuing to check this out.

Quote:

---

Originally Posted by TekWarren

what was the virus name exactly? It could have been a false positive or a spoof email that didn't come from the forum at all. When someone uses this forum's email function there is no option to upload a file that a virus could be wrapped in. Howerver there is spyware and malware that can record things you see or simply make up official looking emails that contain malicious programs. Is this even a user you recognize? Have you done a search to see if its even a real user? Don't jump to conclusions just yet ;)

---

I don't remember the name. The antivirus said trojan found and gave the name and a link to read up on it. I just got rid of it and blocked the email so they can't send anymore.

If anyone ever receives a questionable email appearing to originate from or involve the site please PM me immediately so I can provide you an email address and instructions to forward it to me so I can take a look at the headers and take any necessary action.

good show Smulkin...keeping up on updates is key. I just implemented some patches on a forum yesterday myself. I use the image verification by default and many spam bots are even getting around this...or humans who then unleash the bots but we've got it under control now. I've yet to have a successful "attack" on my systems...like Ft Knox baby!