Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2009-06-24 07:35:10

sullalidorate
New Member
Registered: 2009-06-24
Posts: 3

[resolved] unknown skyscraper ads on my site

Hello,

I have noticed a graphic skyscraper ads on my site, for a couple of times
now…I see this banner(url http://slimp.net/img/banner23.gif) and the ad’s address is http://slimp.net/members/sandronesta.com.html and it links to
http://fd-search.net/.

(If you can not see the add, try google “sandronesta” and clicks the link)

I’ve googled it and found some discussion of a similar issue on WordPress here

http://mu.wordpress.org/forums/topic/12348.

But I can not find anything specific on Textpattern. Could anyone help me solving this on my Textpattern? I use Textpattern 4.0.5, I’d very much appreciate the help!!!!!

Thanks a lot!

Offline

#2 2009-06-24 08:16:26

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: [resolved] unknown skyscraper ads on my site

Your site was probably been hacked.

Post diagnostics here

Back up
Change your ftp/txp/db passwords

You should update to 4.0.8 as soon as possible as there are a lot of security fixes.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#3 2009-06-24 17:41:12

sullalidorate
New Member
Registered: 2009-06-24
Posts: 3

Re: [resolved] unknown skyscraper ads on my site

thank you! i am going to do upgrade to 4.08 later today. in the mean time, here comes the diagnostics

Textpattern version: 4.0.5 (r2466)
Last Update: 2007-08-26 05:27:58/2007-07-02 05:03:44
Document root: /home/forzasandro/sandronesta.com (/home/.luka/forzasandro/sandronesta.com)
$path_to_site: /home/.luka/forzasandro/sandronesta.com
Textpattern path: /home/.luka/forzasandro/sandronesta.com/textpattern
Permanent link mode: section_id_title
Temporary directory path: /home/.luka/forzasandro/sandronesta.com/textpattern/tmp
Site URL: sandronesta.com
PHP version: 5.2.6
GD Image Library: bundled (2.0.34 compatible); supported formats: GIF, JPG, PNG.
Server Local Time: 2009-06-24 10:39:10
MySQL: 5.0.67-userstats-log
Locale: en_GB.UTF-8
Server: Apache
PHP Server API: cgi-fcgi
RFC 2616 headers: 0
Server OS: Linux 2.4.32-grsec+f6b+gr217+nfs+a32+fuse23+tg+++opt+c8+gr2b-v6.194
Active plugins: ako_nav-1.0, an7_mov-0.2, fpx_image_import-0.3, rss_auto_excerpt-0.5, rss_link_date-0.1, rss_live_archive-0.7, rss_live_search-0.7, rss_suparchive-0.18, rss_unlimited_categories-0.7.4, smd_lib-0.21d, smd_slimbox-0.28, the_video-0.7, zem_contact_lang-4.0.3.6, zem_contact_reborn-4.0.3.20

.htaccess file contents:
————————————
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(www\.)?sandronesta\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule \.(jpeg|JPEG|jpe|JPE|jpg|JPG|gif|GIF|png|PNG|flv)$ – [F]
#DirectoryIndex index.php index.html
#Options +FollowSymLinks
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/(stats|failed_auth\.html)/?(.*)$ [NC]
RewriteRule ^.*$ – [L]
#RewriteBase /relative/web/path/
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.+) – [PT,L]
RewriteRule ^(.*) index.php
</IfModule>
#options -Indexes
#RewriteEngine On
#RewriteCond %{HTTP_REFERER} !^http://(www\.)?sandronesta\.com/ [NC]
#RewriteCond %{HTTP_REFERER} !^$
#RewriteRule \.(jpeg|JPEG|jpe|JPE|jpg|JPG|gif|GIF|png|PNG|flv)$ – [F]
<Files .htaccess>
order allow,deny
deny from all
</Files>

————————————

Charset (default/config): latin1/utf8
character_set_client: utf8
character_set_connection: utf8
character_set_database: latin1
character_set_filesystem: binary
character_set_results: utf8
character_set_server: latin1
character_set_system: utf8
character_sets_dir: /data/mysql/mhoon/share/mysql/charsets/
17 Tables: -

PHP extensions: libxml, xsl/0.1, xmlwriter/0.1, dom/20031129, xmlreader/0.1, xml, tokenizer/0.1, session, pcre, SimpleXML/0.1, SPL/0.2, PDO/1.0.4dev, SQLite/2.0-dev, standard/5.2.6, Reflection/0.1, pspell, posix, pdo_sqlite/1.0.1, pdo_mysql/1.0.2, mysqli/0.1, mysql/1.0, mcrypt, mbstring, json/1.2.1, imap, iconv, hash/1.0, gettext, gd, ftp, filter/0.11.0, exif/1.4 $Id: exif.c,v 1.173.2.5.2.25 2008/03/12 17:33:14 iliaa Exp $, date/5.2.6, curl, ctype, calendar, zlib/1.1, openssl, cgi-fcgi, Zend Optimizer

pretext_data: array ( ‘id’ => ‘’, ‘s’ => ‘’, ‘c’ => ‘’, ‘q’ => ‘’, ‘pg’ => ‘’, ‘p’ => ‘’, ‘month’ => ‘’, ‘author’ => ‘’, ‘request_uri’ => ‘/67919cdb01690ac62a0f38ffb6ec5923/?txpcleantest=1’, ‘qs’ => ‘txpcleantest=1’, ‘subpath’ => ‘\\/’, ‘req’ => ‘/67919cdb01690ac62a0f38ffb6ec5923/?txpcleantest=1’,
)

/include/txp_category.php: r2243 (3706fea923cd77f7053f7803de169df4)
/include/txp_plugin.php: r1917 (c63f72f33986c08367672fc9fe7b42dd)
/include/txp_auth.php: r2356 (33255ec1ea1a825163c78272496d8783)
/include/txp_form.php: r1913 (ecea3fecf9d7d1f8088cda67f097eceb)
/include/txp_section.php: r1891 (1f0121b3e2969d94bc8a7fb98bfdfbd5)
/include/txp_tag.php: r2260 (1bd67bdb9dcfb72e34ea967e39406216)
/include/txp_list.php: r2450 (997a3b1bec7115bf49b76f62b28da146)
/include/txp_page.php: r2099 (56bde34b6c7bcb9123ac91e73065e894)
/include/txp_discuss.php: r2451 (91e0b29ef39a9471ae5c78d0b1bba086)
/include/txp_prefs.php: r2405 (a4b76476930b2376199f23fbfd5f1ac9)
/include/txp_log.php: r2439 (16730c34e2a437dd88b8f5cc7eff8218)
/include/txp_preview.php: r1238 (696728f35f3557b648c011bb4d6496c3)
/include/txp_image.php: r2439 (9fac6ed0d9d4c3d8196492051f38dc9a)
/include/txp_article.php: r2453 (bdac8fcac5df2f93f10afa7e50c3fb6f)
/include/txp_css.php: r2403 (4e8c52bb1cf5bfe2e2f0640892f9b92e)
/include/txp_admin.php: r2403 (f8700a3d453ece08e7f137b47c967eda)
/include/txp_link.php: r2463 (0a0171bf606296106332d3fdcb83a678)
/include/txp_diag.php: r2361 (dccf3269049dd25e59afdd7ad8d235cd)
/include/txp_file.php: r2403 (e62abd5fcadabe629322ed17135d89eb)
/include/txp_import.php: r1238 (70a6207c0f3604ecfc4b20369986c4d7)
/lib/admin_config.php: r1747 (a2eb09f94d7902a6e95750fc4abcea17)
/lib/txplib_misc.php: r2464 (615afd44a10311f1c0b7852d9bc15d24)
/lib/taglib.php: r1535 (9b519f9dc88791e5ee8eacc029dd6975)
/lib/txplib_head.php: r2404 (2e067b25997cf67cddbdd365570e69d5)
/lib/classTextile.php: r2462 (a031e2ea894e339711c601f230c5ee71)
/lib/txplib_html.php: r2403 (97e173da3058b438513df67fd7d1ceca)
/lib/txplib_db.php: r2406 (5ed67642f805639b54e381fb22efd208)
/lib/IXRClass.php: r765 (137b91497628f0058a2fca9eba5c3b7f)
/lib/txplib_forms.php: r2403 (438a734b52acef40b36d8a3ba23987e8)
/lib/class.thumb.php: r2329 (b2a2fda54371dbd6c40ba553941f090e)
/lib/constants.php: r2361 (ab6d51668fab1e3c98e7d520b1a59f0f)
/lib/txplib_update.php: r1239 (10f28a986d23187b436369dc29ab552f)
/lib/txplib_wrapper.php: r2286 (419125ec74a17a70bf1e86ebfcd45253)
/publish/taghandlers.php: r2444 (cc9de8f2018b01398a2ba542c5f5bdc6)
/publish/atom.php: r2402 (46c4402717f695fde0d49d806adfa4c4)
/publish/log.php: r1637 (5254d0f3942086bc55723923307a51db)
/publish/comment.php: r2460 (2d1ae1dec0784f044e7005fa5ed50930)
/publish/search.php: r1748 (8c86ebcb5be08e214d81ca15a32164ca)
/publish/rss.php: r2393 (09aac29bf22ffa71c1e118e851cff3c3)
/publish.php: r2436 (7087864f1e7c6efe096d3b8e07c350b1)
/index.php: r2466 (30ecf35de5c1edc6ef68e780c8c79daa)
/css.php: r944 (8beba8f83a091068723435cdcdc02f2f)

Offline

#4 2009-06-24 22:37:40

sullalidorate
New Member
Registered: 2009-06-24
Posts: 3

Re: [resolved] unknown skyscraper ads on my site

just a quick update. i upgraded to 4.0.8 but the skyscraper ad is still there…would really appreciate the help!

Offline

#5 2009-06-25 05:40:25

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,007
Website GitHub Mastodon Twitter

Re: [resolved] unknown skyscraper ads on my site

hi sullalidorate

a couple of questions

  1. what url in your site does the skyscraper add appear on? (I cannot see it)
  2. Do you have any other php programmes installed in your site?

Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

Board footer

Powered by FluxBB