Weirdness....

jaywalker · March 31, 2010, 04:05:23 PM

Yesterday a couple of members got a warning that our site (forum) was infected with the "JS/Tenia.d" trojan. I checked the files and sure enough, a line of code was added to many of them with an Iframe redirect. So I went through and deleted all those lines of code when I found them, and changed the password for the account.

Today, I can't get into Cpanel with the new (or the old) password, but the new password works with FTP (FileZilla and WS_FTP).

Also today, the files I changed yesterday - along with some I didn't - are showing a "Last Modified" time of 2:45 this morning. I haven't told any of the other admins the new password, so I know it wasn't one of them. I don't see any changes to the random files I checked - no Iframe code added - but there are many files that were somehow updated early this morning.

Any thoughts on what is going on?

Thanks in advance!

Jason · March 31, 2010, 04:59:26 PM

Hi, please email or PM me so I can match your forum account here to who you are and grant you access to our "clients only" boards. There is a discussion there on this topic.

Thanks!

jaywalker · March 31, 2010, 05:33:47 PM

Thanks, Jason - sending a PM now!

Jason · March 31, 2010, 05:39:05 PM

Received and reply sent. Thanks!

-Jason

Weirdness....

jaywalker

Jason

jaywalker

Jason