Jump to content


Photo

back


  • Please log in to reply
10 replies to this topic

#1 bwolff

bwolff
  • Members
  • 120 posts
  • Gender:Male

Posted 22 February 2009 - 01:03 PM

Hi -

New improved features don't let me use back button on browers. Message in lower left say: trying to connect to ip xxx.xx.xx; no idea what that is. Look at record of recent pages and show ther last page as xxx.uders.iframecount. Because I cant just use back, I go to my bookmarks, main menu etc.

Changes are not necessarily an improvement for me.

BLW

#2 ExtraMSG

ExtraMSG
  • Admin
  • 18,350 posts
  • Gender:Male
  • Location:Felony Flats
  • Interests:Me like food.

Posted 22 February 2009 - 01:57 PM

Browser? Version? Operating system? When did you notice the change occur? On what pages do you have the problem?

The greatest service chemistry has rendered to alimentary science, is the discovery of osmazome, or rather the determination of what it was. ~Brillat-Savarin

Nick Zukin, Mi Mero Mole

Co-Author, Artisan Jewish Deli at Home

Formerly, Kenny & Zuke's


#3 ExtraMSG

ExtraMSG
  • Admin
  • 18,350 posts
  • Gender:Male
  • Location:Felony Flats
  • Interests:Me like food.

Posted 22 February 2009 - 02:11 PM

Okay, looks to be a hacker attack that did it. Trying to figure it out. The IP is Russian.

The greatest service chemistry has rendered to alimentary science, is the discovery of osmazome, or rather the determination of what it was. ~Brillat-Savarin

Nick Zukin, Mi Mero Mole

Co-Author, Artisan Jewish Deli at Home

Formerly, Kenny & Zuke's


#4 ExtraMSG

ExtraMSG
  • Admin
  • 18,350 posts
  • Gender:Male
  • Location:Felony Flats
  • Interests:Me like food.

Posted 22 February 2009 - 02:15 PM

btw, whatever exploit this is, it doesn't affect Safari as far as I can tell, only IE.

The greatest service chemistry has rendered to alimentary science, is the discovery of osmazome, or rather the determination of what it was. ~Brillat-Savarin

Nick Zukin, Mi Mero Mole

Co-Author, Artisan Jewish Deli at Home

Formerly, Kenny & Zuke's


#5 ExtraMSG

ExtraMSG
  • Admin
  • 18,350 posts
  • Gender:Male
  • Location:Felony Flats
  • Interests:Me like food.

Posted 22 February 2009 - 04:10 PM

So, I've spent the last two hours trying to fix this. Looks like on Jan 30th someone put in some malicious code that is seeding itself throughout my server. There may be some oddities until I get them all removed and figure out how to preven them in the future.

The greatest service chemistry has rendered to alimentary science, is the discovery of osmazome, or rather the determination of what it was. ~Brillat-Savarin

Nick Zukin, Mi Mero Mole

Co-Author, Artisan Jewish Deli at Home

Formerly, Kenny & Zuke's


#6 craig

craig
  • Moderator
  • 2,078 posts
  • Gender:Male
  • Location:Close In SW

Posted 22 February 2009 - 04:35 PM

So, I've spent the last two hours trying to fix this. Looks like on Jan 30th someone put in some malicious code that is seeding itself throughout my server. There may be some oddities until I get them all removed and figure out how to preven them in the future.

What a hassle.
"Part of the secret of success in life is to eat what you like and let the food fight it out inside." -- Mark Twain

#7 ExtraMSG

ExtraMSG
  • Admin
  • 18,350 posts
  • Gender:Male
  • Location:Felony Flats
  • Interests:Me like food.

Posted 22 February 2009 - 04:51 PM

Yeah, I really wish there was a good way to just prevent anyone from China or Russia from accessing the site. It would sure prevent a lot of problems. Looks like the hacker was able to install and run a zip file in the site cache that has been acting, essentially, like a virus. I think it was trying to both redirect users to spyware sites and also install hack/crack files that they could redirect people to download via warez sites.

The greatest service chemistry has rendered to alimentary science, is the discovery of osmazome, or rather the determination of what it was. ~Brillat-Savarin

Nick Zukin, Mi Mero Mole

Co-Author, Artisan Jewish Deli at Home

Formerly, Kenny & Zuke's


#8 ExtraMSG

ExtraMSG
  • Admin
  • 18,350 posts
  • Gender:Male
  • Location:Felony Flats
  • Interests:Me like food.

Posted 22 February 2009 - 04:55 PM

My fingers are cramping from all this frickin' command-line crap:

# cd cache
#vi .htaccess
#:q
#rm .htacess
#y
#vi index.html
#:q
#mv index.html index.html.hacked
#cp ../index.html index.html
#vi download.php
#:q
#mv download.php download.php.hacked

1000 times.

The greatest service chemistry has rendered to alimentary science, is the discovery of osmazome, or rather the determination of what it was. ~Brillat-Savarin

Nick Zukin, Mi Mero Mole

Co-Author, Artisan Jewish Deli at Home

Formerly, Kenny & Zuke's


#9 ExtraMSG

ExtraMSG
  • Admin
  • 18,350 posts
  • Gender:Male
  • Location:Felony Flats
  • Interests:Me like food.

Posted 22 February 2009 - 06:59 PM

Okay, so after another 3 hours of literally doing the above over and over and over and over, I realized that one of my directories as hundreds of directories underneath that are filled with these. If anyone knows how to recursively delete .htacess files in a directory and all its subdirectories, and then also how to rename, eg, all php files in a directory and all its subdirectories, I would love to hear how.

The greatest service chemistry has rendered to alimentary science, is the discovery of osmazome, or rather the determination of what it was. ~Brillat-Savarin

Nick Zukin, Mi Mero Mole

Co-Author, Artisan Jewish Deli at Home

Formerly, Kenny & Zuke's


#10 ExtraMSG

ExtraMSG
  • Admin
  • 18,350 posts
  • Gender:Male
  • Location:Felony Flats
  • Interests:Me like food.

Posted 23 February 2009 - 03:21 AM

So, I've been working on this 13 hours now (well, 12 if you count the hour I spent at Wong's for dinner) and I think I've got most of it cleaned up. Came up with a little line of code to do some of the work automatically, but I had to go through a huge amount of files and look for the malicious code manually. Unfortunately, I ran out of shows in TIVO and I've gone through all the seasons of Buffy, so I was stuck with watching Phoenix lose to Boston, old episodes of MASH post-MacIntire, and ShamWow.

Back button is definitely fixed, but there could be other funky things that show themselves if I didn't get rid of every bit of code and it re-seeds itself or if the hacker still has a backdoor into the site. So if you notice anything weird, like popups, redirections, requests to download files, error files with links to download software, buttons not working, etc, etc, please tell me immediately.

The greatest service chemistry has rendered to alimentary science, is the discovery of osmazome, or rather the determination of what it was. ~Brillat-Savarin

Nick Zukin, Mi Mero Mole

Co-Author, Artisan Jewish Deli at Home

Formerly, Kenny & Zuke's


#11 bwolff

bwolff
  • Members
  • 120 posts
  • Gender:Male

Posted 23 February 2009 - 05:42 PM

So, I've been working on this 13 hours now (well, 12 if you count the hour I spent at Wong's for dinner) and I think I've got most of it cleaned up. Came up with a little line of code to do some of the work automatically, but I had to go through a huge amount of files and look for the malicious code manually. Unfortunately, I ran out of shows in TIVO and I've gone through all the seasons of Buffy, so I was stuck with watching Phoenix lose to Boston, old episodes of MASH post-MacIntire, and ShamWow.

Back button is definitely fixed, but there could be other funky things that show themselves if I didn't get rid of every bit of code and it re-seeds itself or if the hacker still has a backdoor into the site. So if you notice anything weird, like popups, redirections, requests to download files, error files with links to download software, buttons not working, etc, etc, please tell me immediately.


Gosh -

1. Didn't mean to cause such a hassle
2. All your efforts are impressive and appreciated.

BLW