| View previous topic :: View next topic |
| Author |
Message |
Neon_WA
Joined: 08 Nov 2008
Posts: 7146
Location: Margaret River, West Australia
|
 Posted: Sun Sep 19, 2010 8:56 pm Post subject: |
 |
|
the latest addition 
| Quote: | Warning: Visiting this site may harm your computer!
The website at www.cpu-galaxy.at appears to host malware – software that can hurt your computer or otherwise operate without your consent. Just visiting a site that hosts malware can infect your computer. |
Will send PM just in case your not aware
_________________
There are 10 types of people in this world:
those who understand binary and those who don't. ~Author Unknown
http://www.x86-guide.net/Neon-WA/en/collection.html |
|
| Back to top |
|
 |
naked1300
Joined: 26 Jul 2007
Posts: 837
Location: Austria,
|
| Posted: Mon Sep 20, 2010 1:53 am Post subject: |
|
|
 thanks for the Info. Where did you got this messege? I checked
the server and all seems to be ok. no attacs??
_________________
INTEL CPU´s, Peripheral,Ram,Eprom... & many Datasheets @ www.cpu-galaxy.at |
|
| Back to top |
|
|
Neon_WA
Joined: 08 Nov 2008
Posts: 7146
Location: Margaret River, West Australia
|
|
| Back to top |
|
|
CPUShack
Joined: 16 Jun 2003
Posts: 34259
Location: State of Jefferson, USA
|
| Posted: Mon Sep 20, 2010 2:09 am Post subject: |
|
|
naked, look near the top of your php files for base64encoded text
also check all js and html files for alienradar.ru (usually a script tag)
easiest way to do so is use TextPad (or similar) and do a find in files (all ASCII files in your web dir) for that domain
you'll see it, its a common hack
_________________
New for 2025! The CPU Shack has a co-processor!
Visit The CPU Shack of microprocessor history and information. |
|
| Back to top |
|
|
naked1300
Joined: 26 Jul 2007
Posts: 837
Location: Austria,
|
| Posted: Mon Sep 20, 2010 3:46 am Post subject: |
|
|
Thanks for the Info. I will check that.
_________________
INTEL CPU´s, Peripheral,Ram,Eprom... & many Datasheets @ www.cpu-galaxy.at |
|
| Back to top |
|
|
naked1300
Joined: 26 Jul 2007
Posts: 837
Location: Austria,
|
| Posted: Mon Sep 20, 2010 6:13 am Post subject: |
|
|
You were right John, thanks for your help!!
_________________
INTEL CPU´s, Peripheral,Ram,Eprom... & many Datasheets @ www.cpu-galaxy.at |
|
| Back to top |
|
|
CPUShack
Joined: 16 Jun 2003
Posts: 34259
Location: State of Jefferson, USA
|
|
| Back to top |
|
|
naked1300
Joined: 26 Jul 2007
Posts: 837
Location: Austria,
|
| Posted: Mon Sep 20, 2010 1:27 pm Post subject: |
|
|
| CPUShack wrote: | | oh and change your FTP password (thats generally how it happens (brute force FTP hack ) |
yes, the attac came over ftp. the hole server with 5 websites is infected!!
lot of work now.... 
thanks again for your great help.
_________________
INTEL CPU´s, Peripheral,Ram,Eprom... & many Datasheets @ www.cpu-galaxy.at |
|
| Back to top |
|
|
CPUShack
Joined: 16 Jun 2003
Posts: 34259
Location: State of Jefferson, USA
|
| Posted: Mon Sep 20, 2010 1:39 pm Post subject: |
|
|
| naked1300 wrote: | | CPUShack wrote: | | oh and change your FTP password (thats generally how it happens (brute force FTP hack ) |
yes, the attac came over ftp. the hole server with 5 websites is infected!!
lot of work now....
thanks again for your great help. |
TextPad find and replace will make it easier (I have dont this alot)
And dont feel to bad, 1 out of 100 active websites is currently hacked, 2 out of 3 have been or will be.
_________________
New for 2025! The CPU Shack has a co-processor!
Visit The CPU Shack of microprocessor history and information. |
|
| Back to top |
|
|
Chiefish
Joined: 23 Sep 2007
Posts: 2153
Location: Northwest N.J. U.S.A
|
| Posted: Mon Sep 20, 2010 2:47 pm Post subject: |
|
|
How did ya know the site was hacked? When I looked I didnt see anything out of the ordinary. I am curious because of my own site of course and would like to know what to keep an eye on.
_________________
"The only reason for time is so that everything doesn't happen at once." A.E. |
|
| Back to top |
|
|
gshv
Joined: 01 Feb 2003
Posts: 7898
Location: Fairfax, VA USA
|
| Posted: Mon Sep 20, 2010 4:12 pm Post subject: |
|
|
It looks to me that your site doesn't use scripting. You don't need to worry about these types of hacks if your site is HTML-based.
Gennadiy |
|
| Back to top |
|
|
CPUShack
Joined: 16 Jun 2003
Posts: 34259
Location: State of Jefferson, USA
|
| Posted: Mon Sep 20, 2010 4:47 pm Post subject: |
|
|
| gshv wrote: | It looks to me that your site doesn't use scripting. You don't need to worry about these types of hacks if your site is HTML-based.
Gennadiy |
they can still load remote content via js though
_________________
New for 2025! The CPU Shack has a co-processor!
Visit The CPU Shack of microprocessor history and information. |
|
| Back to top |
|
|
gshv
Joined: 01 Feb 2003
Posts: 7898
Location: Fairfax, VA USA
|
| Posted: Mon Sep 20, 2010 8:01 pm Post subject: |
|
|
javascript by itself cannot write to a file on your server. You need to have a script (PHP, perl, python, etc) to do it. If you don't have any scripts, then it's not possible to upload anything to your site via the web page. I didn't look hard enough, but I didn't find any non-HTML files on Chiefish's website.
Gennadiy |
|
| Back to top |
|
|
Chiefish
Joined: 23 Sep 2007
Posts: 2153
Location: Northwest N.J. U.S.A
|
| Posted: Mon Sep 20, 2010 9:14 pm Post subject: |
|
|
That sounds good to me  , thanks for the insight on this. I dont write anything for my site, just drag and drop, cut and paste stuff. It gets the job done tho. 
_________________
"The only reason for time is so that everything doesn't happen at once." A.E. |
|
| Back to top |
|
|
CPUShack
Joined: 16 Jun 2003
Posts: 34259
Location: State of Jefferson, USA
|
| Posted: Mon Sep 20, 2010 11:39 pm Post subject: |
|
|
| gshv wrote: | javascript by itself cannot write to a file on your server. You need to have a script (PHP, perl, python, etc) to do it. If you don't have any scripts, then it's not possible to upload anything to your site via the web page. I didn't look hard enough, but I didn't find any non-HTML files on Chiefish's website.
Gennadiy |
True but these hacks are via FTP, not by web interface.
_________________
New for 2025! The CPU Shack has a co-processor!
Visit The CPU Shack of microprocessor history and information. |
|
| Back to top |
|
|
|
![[ Hidden ]](https://cdn.cpu-world.com/forum/templates/CPUWorld/images/lang_english/icon_email.gif "[ Hidden ]"){kind=icon}
