«

UPDATE:

* I found also a My hosting services told me that an infection on my
personal computer is probably where the injection of suspect codes
have started. He says the virus on my computer used the ftp link I
have to the web hosting site.

* In addition to the script I gave earlier, I found on some pages
another piece of code that had an "iframe" html command. The iframe
was referring to a chinese site "betwager". I am not able to write the
full code and the site. Google won't let me post it.

On Apr 23, 4:03*pm, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "Kompu Kid" <deg...@hotmail.com>
>
> | UPDATE:
>
> | * I found also a My hosting services told me that an infection on my
> | personal computer is probably where the injection of suspect codes
> | have started. He says the virus on my computer used the ftp link I
> | have to the web hosting site.
>
> | * In addition to the script I gave earlier, I found on some pages
> | another piece of code that had an "iframe" html command. The iframe
> | was referring to a chinese site "betwager". I am not able to write the
> | full code and the site. Google won't let me post it.
>
> Don't use Google !
>
> news://nntp.aioe.org/alt.computer.security
> Crosss-Posted to the other groups.
>
> As for your hosting company, they could be wrong are just passing the blame to you.
> Chances are MORE likely that you use an application on the server with vulnerabilities and
> malicious actors have exploited them to add malicious code to your site.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

It seems like I need to install a newsreader on my computer to use the
"news://nntp.aioe.org/alt.computer.security ".

Outlooked volunteered when I put that in my Chrome's address area, but
I do not want to use it.

Any recommendations for a news reader for the XP environment? If it
matters, I use Firefox in addition to chrome.

Deguza

"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:

> From: "Kompu Kid" <>
>
>
>
> | UPDATE:
>
> | * I found also a My hosting services told me that an infection on my
> | personal computer is probably where the injection of suspect codes
> | have started. He says the virus on my computer used the ftp link I
> | have to the web hosting site.
>
> | * In addition to the script I gave earlier, I found on some pages
> | another piece of code that had an "iframe" html command. The iframe
> | was referring to a chinese site "betwager". I am not able to write the
> | full code and the site. Google won't let me post it.
> Crosss-Posted to the other groups.
>
> As for your hosting company, they could be wrong are just passing the blame to you.
> Chances are MORE likely that you use an application on the server with vulnerabilities and
> malicious actors have exploited them to add malicious code to your site.

Much agreed. PHP is so pourous that it's much more likely to be a
direct attack on your site rather than some convoluted "trojan on your
computer that modifies local html and then magically knows what FTP
client you're using, reuses its cached password for the site and loads
the modified html onto the remote site."

The target audience for such a client side sploit is so small it
wouldn't be worthwhile.

visit http://www.securityfocus.com/vulnerabilities

and for each of the following, chase down what vulns there are for it
for the version of each your site is running

Web server version (apache whatever likely)
php version on the server
what php forum script you're using / version


And see what vulns are in each for the versions you have, and that'll
wittle down the "how" in what happened perhaps.


--
Todd H.
http://www.toddh.net/

On Thu, 23 Apr 2009 15:11:49 -0700 (PDT), Kompu Kid wrote:

> * I found also a My hosting services told me that an infection on my
> personal computer is probably where the injection of suspect codes
> have started. He says the virus on my computer used the ftp link I
> have to the web hosting site.

LOL
--
A fireside chat not with Ari!
http://tr.im/holj
Motto: Live To Spooge It!

©Ari® wrote:
> On Thu, 23 Apr 2009 15:11:49 -0700 (PDT), Kompu Kid wrote:
>
>> * I found also a My hosting services told me that an infection on my
>> personal computer is probably where the injection of suspect codes
>> have started. He says the virus on my computer used the ftp link I
>> have to the web hosting site.
>
> LOL

Can you/will you expand on your comment, ©Ari® ?

Thanks

Kompu Kid <> wrote in news:da2c3ba5-46fc-4b8d-a28f-
:

> On Apr 22, 9:22*am, John Holmes <nospam.13i...@gmail.com> wrote:
>> Kompu Kid "contributed" in alt.hacker:
>>
>> > (I am not giving the actual URL)
>>
>> Don't expect any help then.
>>
>> --
>> <snip>
>
> I did not want anybody getting infected, that's why I did not give it
> out.

If you're posting a message in a hacker forum with a warning that you
think the site might be compromised, then the people who look at it are
forewarned.

Not posting the URL is stupid. People who can do low-tech stuff like
telnet to the server and download the page for analysis can't do that if
they don't know where it is.

It's like telling someone you think you have an STD, but not going to the
doctor to really find out.



Doc.

--
The bigger the humbug, the better people will like it.
- Phineas Taylor Barnum.

Kompu Kid <> wrote in
news:239c28cf-07a7-4dab-b02c-:

<snip>

> Any recommendations for a news reader for the XP environment? If it
> matters, I use Firefox in addition to chrome.

I still like X-News.

http://download.cnet.com/Xnews/3000-...-10026377.html

Really should download and try the latest version, but the one I have just
works - no attempts to execute code or render pages, so very safe.


Doc.

--
The bigger the humbug, the better people will like it.
- Phineas Taylor Barnum.

Kompu Kid "contributed" in alt.hacker:

> On Apr 22, 9:22*am, John Holmes <nospam.13i...@gmail.com> wrote:
>> Kompu Kid "contributed" in alt.hacker:
>>
>> > (I am not giving the actual URL)
>>
>> Don't expect any help then.
>>
>> --
>> <snip>
>
> I did not want anybody getting infected, that's why I did not give it
> out.
>
> Deguza

I'll second Doc.

Most of the regulars here know what they're doing. FYI, my system will
not get infected by just browsing to a compromised website.

--
<snip>

John Holmes wrote:

> I'll second Doc.
>
> Most of the regulars here know what they're doing. FYI, my system will
> not get infected by just browsing to a compromised website.
>

Hello John

Please will you explain how/why *your* system will not be so infected
yet other folk may be?

Might it simply be because you aren't using Microsoft Windows?

--
Dave

~BD~ "contributed" in alt.hacker:

> John Holmes wrote:
>
>> I'll second Doc.
>>
>> Most of the regulars here know what they're doing. FYI, my system will
>> not get infected by just browsing to a compromised website.
>>
>
> Hello John
>
> Please will you explain how/why *your* system will not be so infected
> yet other folk may be?
>
> Might it simply be because you aren't using Microsoft Windows?
>
> --
> Dave
>

As a matter of fact, I'm using WinXP for my daily use. My 5 workstations
and 4 wireless laptops (some XP, some Slackware) are all behind 2 Windows
2008 DC's running ISA server and Forefront. That setup keeps my local
network free of mal/spy-ware, viruses and other nasties. The servers are
really in use as servers, i.e. nobody touches them but me and no websites
are ever visited on them.

I hope my answer satisfied you.

--
<snip>