Topic: Toplist Hacked

[invisible]

Just an hour ago I logged into one of my sites and was prompted to do an update. None of my other sites (they're all running V1.0.2 13) asked for the update.

I clicked it and the file that was updated was footer.php

Ok, so i go to surf my site, just checking trades etc, and get "google-search.ro is an attack site ..." in fire fox.
I checked in maxthon and chrome same thing


I want to repeat. I had surfed the site before the "update" and it was perfect, no attack site warning.


After looking around the server, scanning my pc, I found this at the bottom of one of my toplist templates

--- CODE REMOVED -- may cause false positives from anti-virus software

Code: [Select]

I deleted it, copied footer.php from one of my other sites and now its back to normal.

This is really messed up guys. Please take a look at this

[invisible]

Now I'm getting this fake update on a lot more sites

Fake update:



Normal site

[ip0li]

before we can check anything I need ftp data, please send me open ftp access (no ip-blocking) to info@scriptpulse.com ASAP so we can check this early in the AM since it's 4am here.

Also gimme url to some of your TP admins and username/pwd...also over email...

Waiting for email, cheers

[invisible]

Thanks ip0li. email sent