Reply to: Virus Threat AGAIN!!!

:

What Spod Said.

ftfy

Wont HMRC query your return when they notice 2 invoices from the same company?

Yes. The invoice will be made out from Arse Tickler's Faggots Fan Club though, to ensure you're not embarrassed by membership of CUK.

Exactly. Personally I would like to see different categories of membership. There are a few here who would pay ALOT more to be platinum members - without them realising that the rest of us are not impressed and merely see them as kn0bs.

I will be the first to ask, are CUK fees deductible?

It'll keep the dross out.

A good move IMO

Cojak for Admin!

You're fired!

None of this namby-pamby "And we all learned a lesson from that and we've tightened up procedures" bollocks, that's it, security are on the way to escort you from the building.

Yes, I am a pillock and should not be in charge of a smart phone, let alone a server if the truth be known.

As I said before, the banner ad system got hacked due to the provider (OpenX) getting hacked. This initial hack created a new user account on the system and the hacker logged in to the account via the control panel and added the JavaScript code to the database for each banner entry in a field that can be used to append or prepend the code to the banners.

So cleaned this out, removed the new admin account and changed the password on the main account.

They must have left some sort of backdoor on the file system though as the JavaScript calls were re-inserted into the database for each banner prepend field last Friday. I deleted them out again and saw that OpenX had an upgrade so ran through this as well. This was a complete change of all files on the file system bar the config file. The DB content was not touched though.

This morning I tracked the code down to append and prepend fields in the zone table - the zones are the blocks which you serve ads in. I have checked backups over the last week and these were added to the DB at the same time as the banner ones (Friday) but I missed these when I cleaned the others out and patched the software - these don't appear to have become activate until yesterday for some reason or other.

So with these cleaned out as well I really do hope this is the last of it. If not just raise another forum thread, or if you are feeling really generous send me a PM so I get to see it a bit quicker. I have added a couple of other checks - the prepend and append fields from the banner and zone tables to be emailed to me 4 times a day just in case there is still a route into the server and will also basic auth the admin area later so even if new admin accounts can be injected or passwords revealed somehow they shouldn't be able to get past that to do any damage.

I've heard rumours that it's a ploy so Admin can start to charge for user accounts to CUK.

£20 per user, so that's AtW and Suity a couple of grand out of pocket each.

Until Admin decides to stop paying the server fees...

If nothing, these pesky virii have managed to get Ads removed off the CUk forums. It can only be good news.

I doubt you've the cojones! Oi MaryPoppins, We've got a job for you!