Malware Detected!
Well, Google Chrome says so...
- whoami
- MM2X Very Active User
- Posts: 1370
- Registered for: 13 years 8 months
- Location: Has been located.
- Contact:
Malware Detected!
I just opened MM2X in Chrome, but it said "Malware Detected!" everytime I tried to open it. Now I've opened it in a VM, but still, what happened?
[color=white]Nobody told me MM2 works on Windows 10![/color]
- e-cobra
- MM2X Very Active User
- Posts: 1629
- Registered for: 13 years 4 months
- Location: Navi Mumbai, India
Oh! You too see this!? I took a screenshot of it to make a topic in this forum..
@Franch88, what can be this?
@Franch88, what can be this?
[img][/img]
[url=https://www.mm2x.com/page.php?name=Forums&file=viewtopic&t=5362&start=52&highlight=e-cobra][color=gold][size=75]MM2X Awards[/size][/color][/url]
[b][size=84][color=blue]If a tree falls in the woods and no one?s around to hear it, does it make a sound?[/color][/size][/b]
[url=https://www.mm2x.com/page.php?name=Forums&file=viewtopic&t=5362&start=52&highlight=e-cobra][color=gold][size=75]MM2X Awards[/size][/color][/url]
[b][size=84][color=blue]If a tree falls in the woods and no one?s around to hear it, does it make a sound?[/color][/size][/b]
- transdev_joe
- MM2X Newbie
- Posts: 41
- Registered for: 12 years 5 months
-
- MM2X Super Active User
- Posts: 2405
- Registered for: 16 years
- Location: Canada
- Been thanked: 1 time
Malware Warning
Has anyone got this on this site? I just refreshed a topic after last night and it said "MM2X IS BLOCKED, Malware has been detected", So i hit continue and it asked me if i wanted JAVA to be run. :/ Anybody else got anything like that?
WARNING : Guys, on some topics there is a white square for Java on the bottom left. Do not run this, Chrome reports it as malware.
If you guys have seen this square, but Java has run, I advise you to scan your computer.
WARNING : Guys, on some topics there is a white square for Java on the bottom left. Do not run this, Chrome reports it as malware.
If you guys have seen this square, but Java has run, I advise you to scan your computer.
[img]https://i61.tinypic.com/25zrngo.jpg[/img][color=white]
- Most creative active member
- Most smart active member
- Best MM2 innovation of the year
- Best programmer
[img]https://i60.tinypic.com/2m4c2h5.jpg[/img]
- Most helpful active member[/color]
- Most creative active member
- Most smart active member
- Best MM2 innovation of the year
- Best programmer
[img]https://i60.tinypic.com/2m4c2h5.jpg[/img]
- Most helpful active member[/color]
- ettieapple
- MM2X Active User
- Posts: 516
- Registered for: 14 years 5 months
- Location: Frysl?n, The Netherlands
- Franch88
- MM2X Admin
- Posts: 15759
- Registered for: 17 years
- Location: Italy
- Been thanked: 1 time
- Contact:
The website just got infected again today... last time happened in May of past year. So, unfortunately it's not the first time.
Surely all the index pages of the server got edited, I'll look into restoring them all, fortunately there are automatic daily and weekly backups. In the next hours everything should be fine.
Surely all the index pages of the server got edited, I'll look into restoring them all, fortunately there are automatic daily and weekly backups. In the next hours everything should be fine.
Fiat 500 = Italian motorization. Franch88, MM2 eXtreme forum and website Administrator.
|Franch88's MM2 Releases|
|Franch88's MM2 Releases|
- ettieapple
- MM2X Active User
- Posts: 516
- Registered for: 14 years 5 months
- Location: Frysl?n, The Netherlands
- Franch88
- MM2X Admin
- Posts: 15759
- Registered for: 17 years
- Location: Italy
- Been thanked: 1 time
- Contact:
I've taken 2 hours to restore all the files that have got the infection, such as several PHP scripts of this website and all the hosted websites. Now it's all fine, it's left to wait Google bots to scan again this website to find in no more infections and so remove it from its blacklist, this is going to happen tomorrow or in next few days.
Fiat 500 = Italian motorization. Franch88, MM2 eXtreme forum and website Administrator.
|Franch88's MM2 Releases|
|Franch88's MM2 Releases|
- DjDecibel
- MM2 eXtreme Owner
- Posts: 662
- Registered for: 21 years 10 months
- Location: Italy
- Has thanked: 5 times
- Contact:
i was contacted today from google about the problem..i checked the files but franch already replaced them with a backup...
so i can't see where the malware code was injected.. i just sent the message removal from the google admin page.. i hope it will removed tomorrow..
i think that the malware has been introduced by the HQTM forum or the Riva's site because 26 of the 30 hacked pages are from that 2 sites..
i hope all is working right now..
so i can't see where the malware code was injected.. i just sent the message removal from the google admin page.. i hope it will removed tomorrow..
i think that the malware has been introduced by the HQTM forum or the Riva's site because 26 of the 30 hacked pages are from that 2 sites..
i hope all is working right now..
- Franch88
- MM2X Admin
- Posts: 15759
- Registered for: 17 years
- Location: Italy
- Been thanked: 1 time
- Contact:
Good that you've got an advice from Google about the website infection, probably you use their services for the owners of websites. I've been able to fix the problem, like I already did in past with the previous infections, and so I hadn't no important reason to send you an e-mail about what happened, also because could be possible that you could get my message days later (I know that you're busy with personal reasons and that you couldn't have time to spend in this website).
I've restored the infected pages using the weekly backup because when I've connected today I've seen that the daily one got already updated with the infected pages, so, you're in time till the next few hours to check the infected pages present in the daily backup and see how's the inserted code. The infection happened between 12:10 and 12:40 GMT+1 time.
Really the infection has affected pages a bit everywhere in both the servers, and the infected files (HTML, PHP, JS types) were way more than 30.
I've restored the infected pages using the weekly backup because when I've connected today I've seen that the daily one got already updated with the infected pages, so, you're in time till the next few hours to check the infected pages present in the daily backup and see how's the inserted code. The infection happened between 12:10 and 12:40 GMT+1 time.
Really the infection has affected pages a bit everywhere in both the servers, and the infected files (HTML, PHP, JS types) were way more than 30.
Fiat 500 = Italian motorization. Franch88, MM2 eXtreme forum and website Administrator.
|Franch88's MM2 Releases|
|Franch88's MM2 Releases|
- DjDecibel
- MM2 eXtreme Owner
- Posts: 662
- Registered for: 21 years 10 months
- Location: Italy
- Has thanked: 5 times
- Contact:
i checked the files... the code was inserted using a js file wich added a iframe in almost all of the files... but i can't understand how did entered.. it can be from any of the hosted sites...
i'm happy to see that it has been solved for now and i'll try to solve that situation..
thanks a lot franch for your work
i'm happy to see that it has been solved for now and i'll try to solve that situation..
thanks a lot franch for your work
- A320_Pilot
- MM2X Very Active User
- Posts: 1159
- Registered for: 12 years 10 months
- Location: Home
So let me get this straight.
By infection you mean hack or something?
That happened to many websites (Especially game ones) in the past week.
Or just some damaged script or anything...
By infection you mean hack or something?
That happened to many websites (Especially game ones) in the past week.
Or just some damaged script or anything...
[img]https://i.imgur.com/Vj394OU.jpg[/img]
[color=cyan][b]4.6L V8?[/b][/color] [color=white]I think[/color] [color=red][b]YES![/b][/color]
[color=cyan][b]4.6L V8?[/b][/color] [color=white]I think[/color] [color=red][b]YES![/b][/color]
- Franch88
- MM2X Admin
- Posts: 15759
- Registered for: 17 years
- Location: Italy
- Been thanked: 1 time
- Contact:
What happened is an infection of the pages, a malicious code of few rows, an iframe this time, was inserted in many PHP, HTML and Javascript files. So those kind of files got edited. When the infected pages get loaded in a browser, throught the inserted code you get connect to some websites, like the one written in the above image. I don't really know how are possible these things, but I would think that's also because of lacunous protection given by the hoster; can't be excluded issues to the structure of the website and its security.
Possibly, DjDecibel, see to do something to avoid future infections of the pages, also because restore them manually is kinda a pain. Dunno, maybe is possible do the restoring automatically by using one of the two backups, but however the daily one already got updated after the infection, and use the weekly one it's not suggested because a bit outdated.
Possibly, DjDecibel, see to do something to avoid future infections of the pages, also because restore them manually is kinda a pain. Dunno, maybe is possible do the restoring automatically by using one of the two backups, but however the daily one already got updated after the infection, and use the weekly one it's not suggested because a bit outdated.
Fiat 500 = Italian motorization. Franch88, MM2 eXtreme forum and website Administrator.
|Franch88's MM2 Releases|
|Franch88's MM2 Releases|