Best Blackhat Forum

Best Blackhat Forum > General Discussion > Announcements And Updates > [SOLVED/FIXED] Malware on bestblackhatforum.com ??! Please READ everyone! Thanks!
Full Version: [SOLVED/FIXED] Malware on bestblackhatforum.com ??! Please READ everyone! Thanks!
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5

ccpaleadvipp

04-21-2012, 12:41 AM
Finally the malware was been COMPLETELY REMOVED.
Code:
http://sitecheck.sucuri.net/results/http://www.bestblackhatforum.com
[Image: cleanbbhf.png]

and for google safebrowsing
Code:
http://www.google.com/safebrowsing/diagnostic?site=www.bestblackhatforum.com

The malware injected was on the outside of the php files.
It is a malware being called from the php.ini file

This is the malicious iframes i found
[Image: 21669806.png]

These specific strings aren’t typically found anywhere in the website files, which is very concerning. We’re finding that entire servers are being compromised, and the main server php.ini file (/etc/php/php.ini) has the following setting added:

Code:
;auto_append_file = “0ff”

This simple line in the php.ini makes all the php scripts append the output of the file 0ff (/tmp/0ff) to them. So even if your files look clean, the malware is still displayed to anyone visiting the site.

This is the code of the 0ff file:
[Image: iframei.png]

In my case i found the 0ff file from usr/share/pear/

Took me hard enough to clean the entire site.
But good thing we're back now. Finally site was been totally 100% clean and free from malware. Thank you everyone for the help.

lala

04-21-2012, 01:14 AM
Hi everyone!
The SuperVIP Chatbox was already been fixed too and enabled again for supervip. Enjoy! Smile


-Lala

StevieRay

04-21-2012, 01:37 AM
FOUND THIS ON GOOGLE GUESS YOU WANT TO KNOW......

BestBlackhatForum.com Sucks !!!: 21

wiki.nexus.edu.my/groups/pllc/revisions/.../21/ - Vertaal deze pagina

IF WE FIND BEST BLACKHAT FORUM DELETING ANY MORE POSTS, WE WILL. SHUT YOUR SITE DOWN WITH A DOS ATTACK AND MALWARE ATTACK!

BestBlackHatForum.com SUCKS !

wiki.nexus.edu.my/groups/pllc/weblog/bae77/ - Vertaal deze pagina22 Aug 2011 – Best Blackhat Forum Sucks !!! #######################################################. EVERYBODY WHO HAS HAD THEIR ...

WAR HAS BEEN DECLARED RIGHT?

bbhf wil ne#ve#r die!!

CopyMyCash Cool

StevieRay

04-21-2012, 01:42 AM
Found this on google! Guess you would like to know!

BestBlackHatForum.com SUCKS !

wiki.nexus.edu.my/groups/pllc/weblog/bae77/ - Vertaal deze pagina22 Aug 2011 – Best Blackhat Forum Sucks !!! #######################################################. EVERYBODY WHO HAS HAD THEIR ...



CopyMyCash Cool

BBHF WILL NEVER DIE!

TikTok_FB_Ad_Manager

04-21-2012, 02:41 AM
im just happy the forum is back online and ready to rock!

good job on fixing this baby up you guys! keep it up.

jello

04-21-2012, 03:53 AM
Thx for your great support!

The Thor Hammer

04-21-2012, 04:17 AM
Thanks Admin and Lala for the great effort in solving these issues....

Bestblackhatforum ROCKS !

Cheers !

maniboy

04-21-2012, 05:03 AM
wwwwwwooooooooo hhhhhhhhhhhhhooooooooooooooooo the victory is bestblackhatforum's admin. You guys ROCK!!!! Glad we're all back online.

azzizzy

04-21-2012, 06:14 AM
Thanks Admin and Lala for managing to get rid of this problem
I was blockt from vsiting the site once becuse firfox said MALWARE
was being downloade on my computer. So I am glad it as been sorted now.

Ynwaps

04-21-2012, 06:33 AM
How is this a victory?
Site got infected, no serp anymore, site for 72h+ not aviable.
Pages: 1 2 3 4 5
Best Blackhat Forum > General Discussion > Announcements And Updates > [SOLVED/FIXED] Malware on bestblackhatforum.com ??! Please READ everyone! Thanks!
Reference URL's