Virus in Login APP

HI, I have not been able to eliminate a virus that prevents me from working with the application, when entering and executing index.php/dashboard it redirects to SNIP!

Please help me


Hi @spttk could you clarify to me what does SNIP stand for?

I can’t login, too. But I don’t know if its infected.

Serious issue!

could you clarify to me what does SNIP stand for?

That was me, cutting out a link to a treaterous site.
Scissors, snip, snip

1 Like

UnderDog, maybe it is laughing matter to you but, for a user its not, even if an avarage user is scared of ghosts.

I have almost the same problem as the OP. Nothing changed on a server, and just this morning form fields flagged as dangerous and upon filling it server loops it back.

I made redirections to use https, not helping.

Assist please. Thanks

SNIP is the URL to which the virus redirects.
then index.php/dashboard takes me to another site

for me: I had to remove forcing https.

Ok, but with this , not redirect ?

You could try to compress your installation and send it to me and @UnderDog in PM here on the forum; it’s difficult to understand what happened without checking out the code. Do you have other services running on your server (i.e. Wordpress or similar)?

1 Like

InvoicePlane works also with HTTPS, which if you have a public accessible address is the best way to run InvoicePlane. If you experience loops with force HTTPS activated you should check if the ipconfig.php file has the right address set (which should start by https://).

1 Like

maybe it is laughing matter to you but, for a user its not

I’m not laughing, I was removing a link to the malware site, that the user posted.
I know it’s scary to have malware on your site.

Something is messed up on my provider side. It pulls years ago created domain that’s not in use for years and somehow connects forcing https of current domain to it.
Once I removed this redirection - its working.

I suspected its server’s fault after I tried to install new invoiceplane installation.
Your suggestion in different forum topic about mixed-content loading issue helped.

Yes, I have 3 wordpress site, all infected. I clean all, everthing work ok now, but invoiceplane have problems.

UFF , now another attack, in the header many ASCII character, I review all file is OK

Any idea?

Do the same as last time. I’ll take a look tomorrow.

(link to malware site removed,) that problem, but I can’t find where to insert this code

link to malware javascript removed

but I can’t find where to insert this code

Leave that up to me. I’ll take a look tomorrow

Finally, I changed hosting, I did a new installation and it copied the database, but after entering it, it shows an error that I have not been able to solve.

Check the .log files.
Turn on debug in your ipconfig.php
Regenerate the error

There might be multiple things:

  • ipconfig.php top line, comment that out
  • password, put quotes around it

Thank, I change ENABLE_DEBUG=True and work fine