Possible hack of menu. Some one some how has gotten something added to the top of the code for the main page on our site at www.fwas.org.

It is a giant list of links to for instance here is a small part of it


<!--linksb-->
<b style="display:none">
<a href="http://caricomstats.org/statsphpbb/files/generic/buy-without-a-prescription-accutane.html">Buy Without a Prescription Accutane</a><br />
<a href="http://caricomstats.org/statsphpbb/files/generic/alternative-buying-clomid.html">Alternative Buying Clomid</a><br />
<a href="http://caricomstats.org/statsphpbb/files/generic/order-cheap-lasix.html">Order Cheap Lasix</a><br />
<a href="http://caricomstats.org/statsphpbb/files/generic/buying-without-prescription-baclofen.html">Buying Without Prescription Baclofen</a><br />
<a href="http://caricomstats.org/statsphpbb/files/generic/order-pills-strattera.html">Order Pills Strattera</a><br />


If you do a page source it comes up on the very top of the code but it does not show up on the webpage. You can view the page in Firefox but not IE or Chrome. All the other pages come up OK in all 3 it is the main page that has been effected.

Has anyone seen this yet or are we the first to be hit?
If it is only on the main page where is it coming from?

Please we need your help, can anyone figure this out?:eek:

This has nothing whatever to do with vB Advanced and should not be posted here.

You got an answer from Steve Jacobs at vB.com as to how you should proceed.

Take all the security steps they list and get help from your host if that does not cure the problem.

For that code to have been added to your site you must have either : bad security,a bad 3rd party mod,given someone access to your server/have poor security on your server,or if on shared hosting your host needs to look at thier system.

The code is likely to be in the Head or headinclude templates,look at your server access logs to see who has visited.


Posting those links here is NOT a good idea either,all you are doing is aiding the spammers.

The only thing we added to the site is the VBadvanced package.
No 3rd party mods!

We have followed all security suggestions.

I had hoped there would be someone here that had seen this guys attack and would had a clue to where to fix it.

I had hoped for someone somewhere to help because they had seen this before.

Sorry about the links but I thought it was a good clue as to who was doing it and how to stop them.

We are not real familure with this program or php but bought it because it is the most used one out there and thought it was very secure.
Since setting up the site we have had over 1800 attemps of people to join the forum just to post SPAM.

I thought it would be more appropriate here since it only occurs on the main page which is a VBAdvanced page downloaded from this site.

I thought this was a community forum where everyone helps everyone out and warns each other of new attacks. :(

Is there a forum where we should share attacks on forums developed with these programs?

Honestly there is not much new about about a bit of code added to a site.

I see you are on Hostgator shared hosting, the problem could possibly be through the server there. I would be asking them to help sort this for you,.you can remove the code but that is useless if they can just come back in and replace it.

Have you looked at the Head and Headinclude templates?

There are no known security problems with any of the current vBadvanced products. What other addons do you have installed?

There are no known security problems with any of the current vBadvanced products. What other addons do you have installed?

There are o other addons installed.

Honestly there is not much new about about a bit of code added to a site.

I see you are on Hostgator shared hosting, the problem could possibly be through the server there. I would be asking them to help sort this for you,.you can remove the code but that is useless if they can just come back in and replace it.

Have you looked at the Head and Headinclude templates?

Talked with Hostgator and they found the code added to the mini calendar code. They are checking to see how it got added. They know when but not how. I will update you later when I learn more so others who may have this occur will have a possible solution to look for.

you should first upgrade your vbulletin to latest version