BC keeps triggering my AntiVirus

[obbm]

Every time I refresh BC my antivirus warns and denys access to http://secfbicheker.com/?1 .

It is apparently listed in the database of suspicious URLs.

Google says it's a malicious link.

Where has this link come from?

[Hamster]

Hi Dave. Someone hacked the front page of the site a few days ago but it's all been cleaned up. I expect the 'delete cache & cookies' routine should help as this is the only report of an anti-virus being triggered that we have.

[Tankdave]

My Kapersky is warning of the same thing today, it was NOT doing so yesterday, suggesting the problem is newer than a few days ago?

[obbm]

[quote name='Hamster' timestamp='1353395257' post='1874506']
Hi Dave. Someone hacked the front page of the site a few days ago but it's all been cleaned up. I expect the 'delete cache & cookies' routine should help as this is the only report of an anti-virus being triggered that we have.
[/quote]

Doesn't seem to have any effect Colin. Still there.

[99ster]

I'm getting it as well - on every page...

And, to be frank, that casual throw away response of "[i]Someone hacked the front page of the site a few days ago but it's all been cleaned up.[/i]" is a little worrying as that means someone has gained access to either the FTP login details for the entire site or the CMS control panel. WTF?

[paulpirie8]

Yeah I've been getting this on my computer at work as well.

[KiOgon]

This morning only - Google Chrome won't let me run Basschat - Malware warning, I'm here on ie8, very slow.

Haven't had much trouble with the last few days, this seems like something new.

[Kiwi]

I've emailed Ben to let him know. I'm not getting anything flagged though and I use Chrome constantly. My history deletes after a day though.

[ped]

Last time this happened it was because the site was effectively added to a list when it was hacked, but once it was fixed the name remained on the list until we requested it to be cleared.

I also remember it being the case that it's very unlikely that any data on users or accounts was accessed as they are behind a lot of security. The 'hack' merely accesses some basic front end software.

ped

[obbm]

So is the link [url="http://secfbicheker.com/?1"]http://secfbicheker.com/?1[/url] supposed to be there?

[ped]

Not sure but that could be the thing we have now cleared, but awaiting news.

[supabock]

This is happening to me also...... has started today

[LukeFRC]

[quote name='99ster' timestamp='1353400712' post='1874526']
I'm getting it as well - on every page...

And, to be frank, that casual throw away response of "[i]Someone hacked the front page of the site a few days ago but it's all been cleaned up.[/i]" is a little worrying as that means someone has gained access to either the FTP login details for the entire site or the CMS control panel. WTF?
[/quote] just got the same thing as other folk - for every page - that link OBBM posted (not going to click it) and additionally Safari doesn't like it and wants we to leave.
It was ok at 12:00 last night.

[eddiehoffmann]

Same as above.

[GreeneKing]

Me too

[ShergoldSnickers]

The offending link is in the page code in a hidden iframe of dimensions 0px by 0px - I've highlighted the link in green. This is from the home page:

Edited November 20, 2012 by ShergoldSnickers

[Silvia Bluejay]

I'm not getting the alert but others are still reporting it as we speak.

[Le Chat Noir]

I'm getting this too, only started today for me.

[vsmith1]

I get this also this morning in Safari but not in Camino on OSX.

[fealey]

Hi Guys,

Someone will have taken advantage of a vulnerability in IP.Board and injected some code into the site. This is how to fix if you're running a flavour of Linux as the host:

[CODE]
find . -name "*.php" -type f -exec sed -i '/eval(base64_decode(/d' {} \;
[/CODE]

Make sure you perform a backup first!

What's happened is that an encrypted string of code will probably be added to the header of each PHP file that runs the site. e.g.

base64_decode([i]then a load of [/i][i]nonsense[/i]);

This is then read by the client which puts that iframe mentioned above into the site and tries to infect visiting computers.

My code above goes through the files and strips it out - but please don't hold me responsible if it breaks something!!!!

[Telebass]

I'm having Firefox report BC as an attack site...

[Captain Rumble]

my anti virus has just warned me of malware associated with the BC site wasnt doing that a couple of hours ago

[Silvia Bluejay]

MESSAGE FROM PED ON FACEBOOK:

[quote]You might still see the warning for a bit until google take us off their blacklist. Please help by sharing this message on the forum. [/quote]