Best Blackhat Forum

Full Version: [SOLVED/FIXED] Malware on bestblackhatforum.com ??! Please READ everyone! Thanks!
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5
Hi Everyone.
It comes up to my attention that bestblackhatforum.com was been labeled as a "malware site".
About last week we're been attacked by hackers and injected malicious scripts.

[Image: 93251957.png]

That causes the popup to appear something like this, coming from this site.
[Image: 90359031.png]

All we thought its been fixed by Direct Download already.

But now as we see the site bestblackhatforum.com was already been labeled as a "malware site"
On the Google WebMaster Tools i saw this

[Image: malwar3.png]

Further more details of infection,
On redirector.php it shows this one:

[Image: 62631653.png]

while on the 2 threads detected it shows this one:
[Image: 24216913.png]

So what i did was on the redirector.php i had it removed this one
[Image: 61966456.png]
and i even DELETED the redirector.php just to be sure.

But on the 2 threads that was been detected i cannot find any malicious code inserted like this:
[Image: 21669806.png]

But as what i believe this one started on our private chatbox that was been detected as "HTML/Infected.WebPage.Gen3 HTML script virus" upon looking infected scripts i found out this was been injected on the js scripts:

[Image: 13624896.png]

I
already removed this code. And for the mean time i even DISABLE our private chatbox inside supervip room to avoid it from being injected by malicious code again.
Regarding the chatbox inside supervip room. Please allow me some time i will replace it with a new one right after we're done with the infection.

Further more investigation, i found out that even my mozilla was been embed by malicious code too.


C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ykmnqoc1.default\sessionstore.js (all sessionstore.js) <-- Please go to your MOZILLA directory and delete all sessionstore(s) .js script

It looks something like this.
[Image: 39207736.png]
I already did this.
Code:
http://www.stopbadware.org/home/security
And i gonna submit now our website for "Malware Review"

For now guys, i am really sorry for the inconvenience.
It seems like the more this forum become popular the more we become vulnerable to an attacks.
For now i am really asking sorry for the inconvenience.
On mozilla when you visit this site and prompt for virus warnings.
Just ignore the warning for now and click "proceed anyway"
The same thing it goes on other web browser like google chrome.
Just ignore the warning for now.
And on your Anti Virus software just add this site on the exclusion list/trusted list.
Anyway, this warning error will be going to be fixed soon. I am personally working with this.
Again my apology to everyone.
And thank you for trusting us and staying with us.

Thanks for reading.


-ADMIN
I just got the malware this morning. And I do not believe this forum will infect my pc.
I just proceed anyway and now I can visit this number 1 forum again.
I already bookmark this forum as my number 1 visit every day.
I will become supervip member in the near future.
Thanks.
Hi Admin It's a good thing you removed the code/scripts on this thread and added it as image screenshot as this was also been triggered or flagged as JS/Agent.NDV when i check the thread earlier.
Anyway Admin. Let me help you.
Double check also your css and js scripts.
Code:
bestblackhatforum.com/css.php?stylesheet=44    
bestblackhatforum.com/css.php?stylesheet=43    
bestblackhatforum.com/jscripts/thread.js?ver=1400    
bestblackhatforum.com/jscripts/fitonpage.js?ver=230    
bestblackhatforum.com/jscripts/thankyoulike.js?ver=120
[Image: exploit.png]

I love this forum so much so i just ignore the warnings.
I trust this site so not a big deal for me after all i was a member here for too long
If there is any thing i can help. Let me know.
Thank you Admin for your response. I was actually talking about users like hottab who made 6 threads all pointing to a phishing site. And I’ve been seeing these pop-up a lot more lately.
Try contacting that website so they will help get BBHF de-blacklisted :)

http://www.stopbadware.org/firefox?hl=en...forum.com/
Thanks for the info...
Thanks for the information..I trust this site.
Wow, I was shocked when Firefox stopped me entering this site: Reported Attack Page!
Got msg that this is an attack site!!!! Looks likes it's still not sorted but my pc seems to be ok, so no need for alam bells. Thanks Admin and the team - we know you're working your socks off to keep this forum alive and kicking. Not easy being number 1....... 42rock
admin thanks for this great forum
guys if u r seeing any malware in firefox just ignore and go to safire browser
u can easily login without any problem until this malware issue is solved
Pages: 1 2 3 4 5
Reference URL's