[Tobes]

Hi Guys,

Im on a mac and not got a PC to hand, one of my members reckons my site is down, but its fine on Safari, Firefox, Chrome and Opera on mac.

I would appreciate it if any PC users could have a quick look

[link removed due to security threat]

Cheers

Tobes

This post has been edited by MikeChipshop: 07 February 2012 - 02:10 PM

[MikeChipshop]

This error...

Quote

Unable to add cookies, header already sent.
File: /home/tobes/public_html/itstooloud/V3/forums/index.php(1) : eval()'d code
Line: 7

and it triggered Windows Defender so link removed.

[Tobes]

MikeChipshop, on 07 February 2012 - 02:10 PM, said:

This error...



and it triggered Windows Defender so link removed.

Thanks for that, weird, its working fine on mac, I better go see what on line 7

Cheers

T

[MikeChipshop]

Yeah i'd say you've been compromised by something or another.
Quite weird to see MSE kicking in about something malicious on a site.

[Tobes]

Can I be a pain and ask you to check again, Ive replaced the old index.php with a backup

itstooloud .com

sorry to be a pain, wasnt even an issue for me :S

T

[MikeChipshop]

now getting...

Quote

Unable to add cookies, header already sent.
File: /home/tobes/public_html/itstooloud/V3/forums/index.php(2) : eval()'d code
Line: 7

[Tobes]

what a pain, ok thanks man, I better go dig out a PC not sure whats doing this.

Thanks for your help though mike.

+1

T

[MikeChipshop]

Headers already sent is normally an indicator of un-intended white space in the code.
Not sure why the virus warning though. Maybe a false positive but i'm un-able to track down the name of whatever it was that caused the issue.

[MikeChipshop]

Tracked it down as this http://www.microsoft...tID=-2147314153

I'd do a complete replace of all the files as one has obviously been compromised and this is also what is causing the error.

[nfc212]

A Google search on JS/BLAcole.AR returns a lot of results for known rogue PC clean up sites offering to remove it for you.

Probably install a lot more, nastier things in the process. Often a sprat to catch a mackerel these things.

[Tobes]

Hi massive thanks for this guys, because I didnt even see the error being on a mac, how bloody annoying as it seems this has been an issue for a few days.

Ive got Hostgator to look into it, as I reckon they can trace which of my (outdated joomla sites) a little tike has injected the code into, and also they should be able to remove the code, I was digging through the index.php of Vbulletin and saw nothing, hopefully now that some one on here has just pointed out my other site is down, I can find more info on the malicious code, will also check those links you posted.

Many thanks

[Tobes]

I see why i missed it now, i checked an older index.php file stored on my server and saw the same base64 code which meant nothing to me, like an idiot I thought it must be some Vbulletin header, im not sure what the code is doing though, looks like its another poxy wordpress hack and I updated it like 4 days ago, funnily enough the same day this must have happened