Subject: Sigh. Virus alert.

<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>
Date   : Sat, 30 Jan 2010 20:05:21 +0100
From   : rick@... (Rick Murray)
Subject: Sigh. Virus alert.

On 30/01/2010 11:16, Rob wrote:

> Every .html file and every index.php file

Ouch!


> software, but on the whole I prefer coding stuff server-side.
 > I've more control of what things end up doing!

Indeed. I tend to only use JavaScript for three things:

   1. Fluff. Like my old index that had a countdown to Y3K.

   2. Japanese. On my Anim? page (and some others), JavaScript is
      used for selecting whether to show macron vowels or circumflex.
      I've not yet found any method in JS to say "is this computer
      capable of displaying this?", so at the moment it just assumes
      RISC OS = no, anything else = yes. If your browser spoofs its
      identity, then get used to funny little boxes. :-)

   3. Link fluff. Like my b.log or Film4 reviews - stuff shows up in
      the status bar (if permitted, doesn't appear to work too well on
      FireFox?) plus it can toggle layer visibility on and off so I can
      embed extra stuff that might count as "spoilers". Under RISC OS,
      most browsers show this stuff as a matter of course. Too bad...

It has uses, but by and large anything "smart" is better done by the 
server with the browser acting as a "dumb terminal". I certainly have no 
need for the likes of Ajax which might make instant countdowns and bids 
vsible in eBay but on my site? What's the point.

Likewise, your teletext work. OMG, imagine getting THAT to work 
cross-browser and cross-OS. Your alternative? One script, one program, 
bang - it's visible on practically anything from a mobile phone to the 
iSlate, from Ubuntu to RISC OS, even MS-DOS! (Arachnia)


>> Your antivirus didn't catch it first?
> It seems not.  It was set to auto-update every day too.  AVG free ...
> I'm now on Avast, which seems better at blocking web based stuff.

Mmm... I run Avast too. Used to run AVG but they, from time to time 
"end" the free version support while upgrading to a new version, and 
they don't make it clear if the new one will be free. It seems it always 
it, but the first time this happened I was not used to it so I deleted 
AVG and installed Avast.

Seems to be slower, but I guess that's a price worth paying if it works 
better. Oh, and less false-positives too.


> Still had a lingering infection, though, and ended up running

:-(

Have you let Avast run a full check of EVERYTHING?


> I'm still going to fetch everything back local and grep for iframes,
 > though I think.

Yes, that's what my friend did to my site. He SCP'd all the HTML and PHP 
to his computer and deleted them _ALL_ from the server. He first run a 
virus check on the folder and after an output that looked like a failed 
C compile, decided it might be easier to get Windows Search to simply 
look for IFRAME as I never use it.

A few SMSs later, I had no choice but to tell him to wipe it all.


One thing I recall, and take note Rob, look CAREFULLY at your PHP 
scripts. There were some that were NOT "obviously" infected that I had 
not put there. I suspect some sort of Trojan was in play that would 
trigger a reinfection, or maybe it was an attempt at a back door? I 
don't know - I said those files should be wiped too.
Just make sure all the PHP you have are ones you actually put there.


> Sometimes I hate not being in control,

:-) This is where you click your fingers and flames appear.


 > but I've run my own hosting, and it became a pain in the neck,

I can imagine.


> just keeping on top of the security and version updates all the time.

I have an alternative solution for that. Set up a machine, set up a 
server. Squeeze it all into around 600Mb. Burn the lot to CD-R maybe 
once a month (with updates held elsewhere). If it is compromised, 
restore the image.

But since my setup of choice is _likely_ to be WebJames on some sort of 
RISC OS box... good luck hacking it. :-)
[i.e. WTF d'you mean there's no MySQL insecurity? WTF d'you mean there's 
no MySQL? WTF d'you mean it's a non-standard PHP a decade out of date? 
WTF d'you mean there's no HTML5 support? WTF d'you mean it's not Apache 
or <cough>IIS</>? WTF d'you mean there's no telnet or ftp or scp or 
anything else on that IP address? WTF is it, a ZX Spectrum?!?]


Best wishes,

Rick.

-- 
Rick Murray, eeePC901 & ADSL WiFI'd into it, all ETLAs!
BBC B: DNFS, 2 x 5.25" floppies, EPROM prog, Acorn TTX
E01S FileStore, A3000/A5000/RiscPC/various PCs/blahblah...
 >> TO PRIVATE MAIL ME, REMOVE [BBC-Micro] FROM SUBJECT <<
<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>