Hi there,
we've had our phpbb forum in place for 20 years, with little issue until recently. (It's been upgraded periodically over those years, currently to phpbb3.3.5, I see there's now a 3.3.11. I can try upgrading if there's something in there that might help.).
For the past 6 months or so, users have been complaining that their antivirus SW sees malware on our site. (Same is true of our mediawiki install on the same site). Avast identifies it as JS/Agent Trojan. It appears to be similar to what's described here:
https://malcure.com/blog/security/javas ... ndsw-ndsx/
Each javascript file in the install has a little bit of added malicious code at the end.
I have been finding and removing the offending code via grep/sed/vim, and avast is happy for a few days, but then it keeps coming back.
My hosting service was not very helpful, but said that vulnerabilities in the php SW are the reason it keeps coming back.
Has anyone encountered this or something similar? Is there a patch or some setting I can us in phpbb to block it from recurring?
we've had our phpbb forum in place for 20 years, with little issue until recently. (It's been upgraded periodically over those years, currently to phpbb3.3.5, I see there's now a 3.3.11. I can try upgrading if there's something in there that might help.).
For the past 6 months or so, users have been complaining that their antivirus SW sees malware on our site. (Same is true of our mediawiki install on the same site). Avast identifies it as JS/Agent Trojan. It appears to be similar to what's described here:
https://malcure.com/blog/security/javas ... ndsw-ndsx/
Each javascript file in the install has a little bit of added malicious code at the end.
I have been finding and removing the offending code via grep/sed/vim, and avast is happy for a few days, but then it keeps coming back.
My hosting service was not very helpful, but said that vulnerabilities in the php SW are the reason it keeps coming back.
Has anyone encountered this or something similar? Is there a patch or some setting I can us in phpbb to block it from recurring?
Statistics: Posted by gonzoron — Fri Jan 26, 2024 6:10 pm