Date : Sat, 30 Jan 2010 00:18:53 +0100
From : rick@... (Rick Murray)
Subject: Sigh. Virus alert.
On 29/01/2010 01:02, Rob wrote:
> something on the server itself is injecting iframe links to a fake
> anti-virus site onto every index page of *every* domain that they
> host, not just mine.
Sounds an awful like what hit my site. I don't think it was for fake
antivirus (?), but the IFRAME thingy sounds similar.
I hope it is just the index pages, on mine it seemed - eventually - to
be around 90% of ALL of the HTML. I think I managed to rebuild the site
(though not yet 100% certain, I had no idea there was that much crap
around!).
As for infection, I hadn't visited your site today - but if I had,
Firefox's NoScript would have blocked the IFRAME anyway. I don't tend to
"trust" sites unless they don't work without some degree of "trust". I
had no reason to "trust" your site as you aren't horribly abusing
JavaScript (in other words, it works as it is).
> If you get a "Windows Malware" message pop up, that's a symptom you've
> been infected - I spent most of the day sorting out my laptop before
Your antivirus didn't catch it first?
> going to find out where it had got to me from, and it turned out to
> have come from my own website. argh.
I know THAT feeling! Like when I visited my site from the library and
Google helpfully painted the screen red while I painted the air blue...
> But since it's affecting every site from every customer of theirs,
> it wasn't *my* fault. Small comfort though.
That's the downside of virtual hosting. Somebody runs a badly written
PHP script, or a wide open MySQL setup... or the host itself isn't
applying the updates in a timely manner ... wham.
Anyway, sorry to hear your woes. Here's to a speedy recovery.
Sympathy.
Best wishes,
Rick.
--
Rick Murray, eeePC901 & ADSL WiFI'd into it, all ETLAs!
BBC B: DNFS, 2 x 5.25" floppies, EPROM prog, Acorn TTX
E01S FileStore, A3000/A5000/RiscPC/various PCs/blahblah...
>> TO PRIVATE MAIL ME, REMOVE [BBC-Micro] FROM SUBJECT <<