• Hello guest! Are you an Apistogramma enthusiast? If so we invite you to join our community and see what it has to offer. Our site is specifically designed for you and it's a great place for Apisto enthusiasts to meet online. Once you join you'll be able to post messages, upload pictures of your fish and tanks and have a great time with other Apisto enthusiasts. Sign up today!

potential site infection?

JasonC

Member
5 Year Member
Messages
166
Location
Laurel, MD
Hey Admins, so for the past week or so Avast! Web Shield has been throwing up warnings about this site being infected with a threat called "HTML:Iframe-inf"... some info re: this infection can be found at http://fieldsmarshall.com/htmliframe-inf-wordpress-infection/

Note at the bottom of the linked article that this may be an issue with Avast! shooting up false positives, but I figured that it would be worth passing on the message just in case.

Hope that we haven't been attacked after all!
 

tjudy

Moderator
Staff member
5 Year Member
Messages
2,822
Location
Stoughton, WI
We have thoroughly checked out the site databases and have been talking to the hosting company as well. We know what the virus is, can search for it and our scans are coming up clean. I do not get that warning with my spam protection. I do not know what to tell you, other than we will check the files again and see what we get. I do not use Avast, so I will download it and see if that program catches it for me too. Thanks for the heads up.
 

tjudy

Moderator
Staff member
5 Year Member
Messages
2,822
Location
Stoughton, WI
FYI... the link that Jason posted above has this message in it:

Update April 12 , 2011.

The free version of Avast has been generating false positives with this HTML-inf infection. I have just turned mine of for a few days and I hope they fix the problem. Traffic has spiked to this website for this term so its not just me !
On another note — if you do really have this infection – you will need to clean and secure your website — Maybe hire someone on scriptlance, rent a coder or elance might be your best bet as it can be technically intimidating.

Maybe you are getting a false positive? That Iframe-inf infection is listed as being WordPress-specific. Our forum is not on a WordPress site (though all my other sites are...).
 

apistobob

Member
5 Year Member
Messages
156
Location
N.W. USA
Ted,

FWIW, This is the line of code that is triggering my Avast

"text/javascript" src="http://www.apistogramma.com/forum/clientscript/?g=1">

When I try to just run this line in my browser it comes up infected. Is this script serving ads? If so the problem could be in the ads that are being served. According to several other sites, they discovered that this worm was carried by the ads and not by the site

Bob
 

JasonC

Member
5 Year Member
Messages
166
Location
Laurel, MD
Ted,

I was hoping that it was just the false positive as you quoted about above, but wanted to make sure that you all had the info just in case. Glad everything scanned as clean!
 

tjudy

Moderator
Staff member
5 Year Member
Messages
2,822
Location
Stoughton, WI
OK... we located that script and deleted it, but we are unsure if we have affected the site or not. Please let me know ASAP if any of you are still getting the Avast notification.
 

Members online

No members online now.

Forum statistics

Threads
17,623
Messages
113,624
Members
12,847
Latest member
MattByne

Latest profile posts

Partial updated Peruvian list have more than this. Please PM FOR ANY QUESTIONS so hard to post with all the ads poping up every 2 seconds….
我的英语很差,请原谅我!
Anyone looking for Ivanacara Adoketa, Zebra Acaras?
If you see any spam, please flag it so we can remove it ASAP
Top