Support Forums

ATutor Bug Reports

Malware Infection


You must be signed-in to post.

AuthorSubject
  Page: 1
LAL

Avatar for LAL
Subject: Malware InfectionQuote this post in your reply
If you are asking for help, provide lots of detail so problems can be reproduced.

Things to describe:
Operating system ATutor is installed on -2.0.2 (build r10589 - 2010-12-21 16:47:09)
ATutor version -2.02
Patch #s applied -
ATutor theme name -Fluid
PHP version -5.2.17
MySQL version -
Webserver & version -Web Server: Apache/1.3.42 (Unix) mod_gzip/1.3.26.1a mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5 PHP-CGI/0.9
Copies of error messages -
Changes to default settings -
Web browser being used -
...and anything else relevant -

A malware has been injected into my atutor named besloqawe.com. I think the likely cause was a module that I installed named coverter module. Could this be the likely cause?
Posted: 2011-07-20 06:22:35
greg

Avatar for greg
Subject: Re: Malware InfectionQuote this post in your reply
We don't see any way to upload malware using the convert module.

Did you modify the module. Normally it would not work with ATutor 2.0.2.
Posted: 2011-07-20 10:31:54
harris

Avatar for harris
Subject: Re: Malware InfectionQuote this post in your reply
Can you describe a bit more on how it's injected? And where it is injected? What modules do you have installed?
Posted: 2011-07-20 11:01:26
LAL

Avatar for LAL
Subject: Re: Malware InfectionQuote this post in your reply
My atutor info is the same with the above thread.
Well, I had to delete all the files, and re-upload it again. I'm now faced with another problem: When i re-installed the atutor 2.0.2 with the database, this is the warning that I got.


Warning: fsockopen() [function.fsockopen]: php_network_getaddresses: getaddrinfo failed: Name or service not known in /home/ugasnetw/public_html/laspotech/install/include/step7.php on line 103

Warning: fsockopen() [function.fsockopen]: unable to connect to www.atutor.ca:80 (php_network_getaddresses: getaddrinfo failed: Name or service not known) in /home/ugasnetw/public_html/laspotech/install/include/step7.php on line 103
Posted: 2011-07-29 15:32:33
cindy

Avatar for cindy
Subject: Re: Malware InfectionQuote this post in your reply
At the bottom of the step 7, there's a checkbox of "Include this URL as well.", which is turned on by default I believe. Turning on this option would connect to atutor.ca to record your basic site info, like mysql or php version, for maintenance and statistics purpose.

The cause of the error is likely because your computer is not hooked onto internet. Turning this checkbox off will fix the problem.

Certainly, we should also improve at our side to provide a more elegant warning.

Thanks for the report.
Posted: 2011-07-29 16:09:09
LAL

Avatar for LAL
Subject: Re: Malware InfectionQuote this post in your reply
As above:
Now that the 2.0.2 has been installed, how do I go about unchecking the box 'include this url' in step 7 during the installation process? (I've deleted the install folder).
Posted: 2011-07-30 05:17:41
LAL

Avatar for LAL
Subject: Re: Malware InfectionQuote this post in your reply
Thanks cindy, its now working perfectly. I guess it's now connected to the update.atutor.ca. Thanks for oyur suggestion though.
Posted: 2011-07-30 11:54:19
guccihandbagsonsale
Subject: spammerQuote this post in your reply
guccihandbags42@yahoo.com
Posted: 2011-08-21 23:48:10
Candan
Subject: Re: spammerQuote this post in your reply
1256913900@qq.com
Posted: 2011-10-13 05:28:33
Missman
Subject: Re: spammerQuote this post in your reply
173541377@qq.com
Posted: 2011-11-12 03:24:39
 Page: 1

You must be signed-in to post.