buldo wrote: [View Post]

slavija333, did you add some extra code (like visit counters) or any HTML block?

I added, statcounter, then freemeteo, then google translate, a chat hosted on other site and so on why?

And BTW limun I don't have any backup what now? anyone has an idea?

slavija333 wrote: [View Post]

And BTW limun I don't have any backup what now? anyone has an idea?

check in your ftp root templates/mg_themas if you have this file "style_ice.css"

or send me on PM ftp username and pass so i will check if you want  

____________
We are the phpBBorg. Lower your Crackers. Your phpological and forumological distinctivness will be added to our own. Resistance if futile!

You should shut your site down until you either get rid of the virus by elimination or re-installation, because all you are doing at present is helping to spread the thing.

Lopalong wrote: [View Post]

You should shut your site down until you either get rid of the virus by elimination or re-installation, because all you are doing at present is helping to spread the thing.

Damn, can I somehow save the topics post and registered users? I would appreciate any solution.

slavija333 wrote: [View Post]

Damn, can I somehow save the topics post and registered users? I would appreciate any solution.

for this download your database via your cp panel on server or phpMyadmin

____________
We are the phpBBorg. Lower your Crackers. Your phpological and forumological distinctivness will be added to our own. Resistance if futile!

Limun wrote: [View Post]

slavija333 wrote: [View Post]

Damn, can I somehow save the topics post and registered users? I would appreciate any solution.

for this download your database via your cp panel on server or phpMyadmin

You have any time or MSN to explain to me how can I do that? Sorry to disturb you, neću ti uzeti dugo vremena  

slavija333 wrote: [View Post]

Damn, can I somehow save the topics post and registered users? I would appreciate any solution.

Depending on your host, you could .zip the whole forum and download it to your PC, else you could just download the whole thing as it is.

The second option will take some time, but it may be wise to back up the forum that way - infected or not.

If you need any more help, then consider giving someone your FTP and CPanel details (You can always change them later). You could also PM me the EXACT details of your config.php file, and I'll see if I can connect to your DB from here.

I do not think the virus has got into his webpage because of some code he added thought the ACP/CMS, so I recommend you to get the logs form your server from 2 weeks ago you detected the virus was active in your website. I think that should be engough time.

Please, get that logs as faster as you can, as the servers only storage that logs for 1-2 months. The most secure way is to contact your hosting support staff.



Please, try to get them and send them to whoever you want at the Staff.

Also, make a backup of the actual files and the database and storage them out of any webserver. They could being required by the Staff when we get the vulnerability the hacker used to inyect those malignant code in order to make the security issue patch.

slavija333 wrote: [View Post]

I added, statcounter, then freemeteo, then google translate, a chat hosted on other site and so on why?

Because I think that the advice you get depends by one of those services (probably the counter), try to turn off those blocks and see if you get notifications.

____________
~~~ Andrea ~~~
User #379756 on Linux Counter
"If you can't apt-get something, it isn't useful or doesn't exist!!"

i will add this...

in his database he have

about 124 ip_ tables (i have on my 147)
and he also have phpbb tables

and second strange thing

in my base al ip_ are type MyISAM

but in his some ip_tables like ip_logins are InnoDB

____________
We are the phpBBorg. Lower your Crackers. Your phpological and forumological distinctivness will be added to our own. Resistance if futile!

The phpBB prefixes suggest that that someone has been trying to install phpBB mods without changing the prefix in the SQL ?

It could have also opened up avenues for exploits, as I understand that some of the old mods didn't have escape strings for Db queries. Don't know a real lot about that though, as the only thing I know is what I read.

InnoDB is an alternative DB that either the server may be using or the MOD applications may be using. That's how I read it here. Whether it's compatible with IP and MySQL is another matter.

h**p://en.wikipedia.org/wiki/InnoDB