Home / server / Questions / 728554
In Process
Radon8472
Asked: 2015-10-14 00:41:23 +0800 CST

How to filter JS:ScriptIP-INF (TRJ) in BBClone Webstatistic

  • 772

I`m using the webstatistic bbclone on my server. In the last month my virus scanner sometimes blocks the details page.

it displays the detection of

JS:ScriptIP-INF (TRJ)

on my bblone. But I compared all files bitwise with the original install files from the main page, they are identical.

I figured out, the the virus message disappaers if some more visits are listed in the statistic.

So I think somebody visits my website and sends a user-agent String with something virus like (e.g. javascript code).

I would to modify my bbclone to filter out these virus user-agent.

but I need to know how I can detect a visitor with this JS:ScriptIP-INF (TRJ) - user-agent.

I was searching in google and several forums for a answer, but I find no usefull information how to avoid this virus.

e.g. this: My website is infected with JS:ScriptIP-inf [Trj]

anti-virus

1 Answers

  1. I had the same issue. It's not the User Agent, it's the HTTP Referer.

    I thought malware bots were visiting my website with a HTTP Referer with some malicious JS code injected in it. So I changed BBClone's configuration not to display the HTTP Referer in the detailed stats, and it worked.

    Edit your conf/config.php and make sure $BBC_DETAILED_STAT_FIELDS does not contain the variable referer, e.g.

    $BBC_DETAILED_STAT_FIELDS = "id, time, ext, dns, ip, visits, os, browser, page, search";

    I still don't know what is the offending referer string, though. I'll dig into the raw logs and when I find something interesting I'll edit this answer. Then we can filter out the string and have the referer data shown back in the detailed stats.

    • 2