07-13-2009, 08:02 PM | #1 | ||
Pro Starter
Join Date: Jul 2005
Location: Appleton, WI
|
Inquiry for all you crazy cool web designer folk
On one of the websites I designed and maintain, I am suddenly getting the following message from AVG when I go to it:
"Exploit MDAC ActiveX code execution (type 170)" It looks like a fairly common error from what I tell from Google, but it's all people who have come across it, not people like me who need to fix it. Odd thing is, when I checked at work on three browsers, I didn't get it. Only a handful of people have seen it (and I was actually surprised to see it here) I last went to the site probably a month ago and never got it - and I know I don't have anything ActiveX-related on the site. Any suggestions?
__________________
Commissioner of the RNFL |
||
07-13-2009, 08:15 PM | #2 |
Hall Of Famer
Join Date: Nov 2000
Location: The State of Insanity
|
Do you have outside ads on your site? One of your ad providers may be cracked...
__________________
Check out Foz's New Video Game Site, An 8-bit Mind in an 8GB world! http://an8bitmind.com |
07-13-2009, 08:22 PM | #5 |
Pro Rookie
Join Date: Jun 2012
Location: Bahston Mass
|
There's all this goofy hmtl at the bottom of that page.
Code:
PF, PM me if you want the code
__________________
There's no I in Teamocil, at least not where you'd think Last edited by Ronnie Dobbs2 : 07-13-2009 at 08:30 PM. |
07-13-2009, 08:26 PM | #8 |
Pro Rookie
Join Date: Jun 2012
Location: Bahston Mass
|
No alert, maybe because I'm running NoScript?
__________________
There's no I in Teamocil, at least not where you'd think |
07-13-2009, 08:29 PM | #10 |
Pro Rookie
Join Date: Jun 2012
Location: Bahston Mass
|
I should elaborate - I don't see that code when the page loads, but when I look at the source code. It's actually about halfway down.
__________________
There's no I in Teamocil, at least not where you'd think |
07-13-2009, 08:45 PM | #14 |
Pro Rookie
Join Date: Jun 2012
Location: Bahston Mass
|
Try to open it in a text editor rather than a browser.
__________________
There's no I in Teamocil, at least not where you'd think |
07-13-2009, 08:55 PM | #15 |
Pro Rookie
Join Date: Jun 2012
Location: Bahston Mass
|
Isolating it a bit further... those ads do appear on your "Message Board" tab, along with what NoScript sees as a PHP script that says
< IFRAME >httpd-php@http://www2.guestbooks4free.com/guestbook.php?username=leasterpool&ts=14439.077882407406 with the spaces removed. This seems to describe the problem as I'm seeing it, down to the obfuscated JavaScript. I tried to decode it but no luck. http://www.guardian.co.uk/technology...ecurity.google
__________________
There's no I in Teamocil, at least not where you'd think Last edited by Ronnie Dobbs2 : 07-13-2009 at 08:58 PM. |
07-13-2009, 08:59 PM | #17 |
Pro Starter
Join Date: Jul 2005
Location: Appleton, WI
|
You da man, Robbie. Glad you found that piece. The code you posted before was actually the ads on that page. Must have been something wonky with it. Took out that tab, and bam - works fine.
No worries all, thanks a lot to everyone that pitched in
__________________
Commissioner of the RNFL |
07-13-2009, 09:08 PM | #18 |
Hall Of Famer
Join Date: Jun 2006
Location: Chicago, IL
|
You may also want to throw some of the javascript into external files js files.
|
07-14-2009, 07:44 AM | #19 |
Pro Starter
Join Date: Jul 2005
Location: Appleton, WI
|
That might help actually narrow it down easier next time. But I think getting a guestbook/message board that isn't cheap would be a better route. I installed a full blown forum for them and they said it was just too much, heh. Oh well, thanks for the tip.
__________________
Commissioner of the RNFL |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
|
|