mneese
Friend
I installed the latest version of Sulfur, then within hours the site was broken because my servers mod_security reports serious malware issues. Please refer to two of several hundred log reports regarding this malware:
21/Jun/2009:10:25:41 –0600] [http://www.albphotonet.com/sid#552eec1ee0%5D[rid#55315a7108][/media/system/js/mootools.js][1] [file “/etc/httpd/modsecurity.d/10_asl_antimalware.conf”] [line “50”] [rev “2”] [msg “Suspicious Blacklist Malware Site in Referral”] Access denied with code 403 (phase 2). Matched phrase “net.com/” at REQUEST_HEADERS:Referer.
[21/Jun/2009:10:25:41 –0600] [http://www.albphotonet.com/sid#552eec1ee0%5D[rid#5531562f58][/modules/mod_jacatslwi/ja_catslwi/ja.catslwi.css][1] [file “/etc/httpd/modsecurity.d/10_asl_antimalware.conf”] [line “50”] [rev “2”] [msg “Suspicious Blacklist Malware Site in Referral”] Access denied with code 403 (phase 2). Matched phrase “net.com/” at REQUEST_HEADERS:Referer.
I don’t know if the site itself is causing this or possibly a subdomain which houses a newly installed forum – SMF latest version…
Please comment on this.
Anonymous
Moderator
Hi mneese
I have tried to view your website but could not view.
Maybe this domail is stopping.
Please kindly let me know this site works.
mneese
Friend
Site has been debugged, and the security issues came directly from an SMF theme that has been removed from their site for downloads.
I am sorry if I implied that JA Sulfur was the culprit because it was not!! I The site works fine now that I have removed the SMF forum.
By the way, I would have not discovered this issue if my server had not been running tight security software called ASL which has a complete system of security levels to stop the function of these dangerous PHP actions. Part of the system is a highly modified set of rules for the mod_security module which stopped this theme from infecting my site permanentlly or my server.
The site did go down, but only because the security software stoped the internal functions.
I have to make this final point…we are dealing with software that is open share and in most cases free…and there are sometimes rascals out there who are trying to take advantage of the open sharing (or destroy it) by developing destructive themes and add-ons. It is important to know who your sources are…JA ARTS is top of the line ethical and supportive of these open share environments.
This topic contains 3 replies, has 2 voices, and was last updated by 
We moved to new unified forum. Please post all new support queries in our New Forum
