1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Forum Virus

Collapse
X
51 to 58 of 58 Previous 1 3 4 5 6 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
51 to 58 of 58 Previous 1 3 4 5 6 template Next
    #51
    Originally posted by TheFaQQer View Post
    If you are on Wordpress, make sure that you remove the readme file as well. Wonder if vBulletin has the same kind of thing.
    Good catch.

    The Wordpress readme.html is accessible to the outside world and mine was announcing 3.3 until I applied the latest update.

    3.3.1 came out in early January and did contain some security fixes.
    Behold the warranty -- the bold print giveth and the fine print taketh away.

    Comment

      #52
      Originally posted by Sysman View Post
      Good catch.

      The Wordpress readme.html is accessible to the outside world and mine was announcing 3.3 until I applied the latest update.

      3.3.1 came out in early January and did contain some security fixes.
      I finally found what was letting my blog be hacked repeatedly (I think!), and signed up to some security newsletters.

      I also installed Sucuri Scanner which was what warned me about the readme.html file.

      Of course, doing a Google search for *.php~ is a good one, which reveals some interesting ways to get into websites.
      Best Forum Advisor 2014
      Work in the public sector? You can read my FAQ here
      Click here to get 15% off your first year's IPSE membership

      Comment

        #53
        According to El Reg, there's a virus using iFrames to attack out of date Wordpress sites

        The link points to a page on compromised WordPress sites (the sites appear legitimate to spam filters) that includes a hidden iFrame, which loads the Phoenix exploit kit from a Russian-hosted server.

        Arriving at the page puts surfers in the firing line of a page that attempts exploit multiple vulnerabilities in Microsoft Internet Explorer, Adobe PDF, Flash and Oracle Java. The attack is ultimately designed to distribute a information-harvesting Trojan, dubbed Cridex-B.
        I think someone up-thread mentioned they'd seen Java load in response to the nasty that was briefly here on CUK. Maybe it's a variation on the same attack...

        From the comments on the El Reg article

        I'm totally down with you on the plug-ins and widgets, though. There's a number of blogs out there whose content I really enjoy -- some WordPress-powered, some on Blogger -- but which I hardly ever visit because they're so heavily infested with plug-ins and widgets that they take forever to load and often cause my browser to totally gag, crap its drawers and fall over.
        The moral of that is to keep the number of plugins you use down to the minimum you need, and that applies to all CMS products, not just Wordpress. I am subscribed to the Drupal Security alerts for example, and the regular reports of vulnerabilities in Drupal modules is a gentle reminder to keep the attack surface as low as I can.
        Behold the warranty -- the bold print giveth and the fine print taketh away.

        Comment

          #54
          Originally posted by NickFitz View Post
          Interesting article:
          "Cyber criminals have opened an online store offering website operators increased traffic by hijacking other websites.
          "The Russia-based web shop injects hidden iframes into pages of legitimate, unsuspecting websites to redirect visitors to a buyer's URL."
          Why on Earth would anyone hijacked and redirected to a site in that way have the faintest inclination to buy anything there? Surely that's the opposite of what any rational person would want.

          It's the e-equivalent of being grabbed in the street konked on the head and hustled half stunned into a crappy junk shop, where they then release you and expect you to start looking around and buying things.
          Work in the public sector? Read the IR35 FAQ here

          Comment

            #55
            Who got infected? I did. And when I ran the anti malware software admin recommended, that was the only malware found. So in all my years of browsing on this PC and all the dodgy sites that I must have accidentally strayed across, seemingly CUK was the only one to infect me. How odd.

            I'm a bit disappointed that it's still so easy to become infected, just by viewing a webpage.

            Comment

              #56
              shit:e, sorry TimberWolf Did mbam clean it OK? Hope you didn't have to reinstall or anything.

              Yes, this was the same iframe kind of hack that is being used on the Wordpress sites but it was calling a page from an Indian site and I am certain this was just a page that would trigger the Trojan payload that would check the browser etc on your machine to see if it could be hacked at all. Very easy to hit on a site that has been hacked and get infected. As others in this thread said - try Avast, it was the only AV that detected it.

              Comment

                #57
                Originally posted by administrator View Post
                tulipe, sorry TimberWolf Did mbam clean it OK? Hope you didn't have to reinstall or anything.

                Yes, this was the same iframe kind of hack that is being used on the Wordpress sites but it was calling a page from an Indian site and I am certain this was just a page that would trigger the Trojan payload that would check the browser etc on your machine to see if it could be hacked at all. Very easy to hit on a site that has been hacked and get infected. As others in this thread said - try Avast, it was the only AV that detected it.
                It was a symptomless infection on my machine as far as I know - I didn't know I'd been infected, but ran that antimalware software you mentioned anyway, and it detected and deleted it. I assume it's gone now.

                Comment

                  #58
                  Originally posted by OwlHoot View Post
                  Why on Earth would anyone hijacked and redirected to a site in that way have the faintest inclination to buy anything there? Surely that's the opposite of what any rational person would want.

                  It's the e-equivalent of being grabbed in the street konked on the head and hustled half stunned into a crappy junk shop, where they then release you and expect you to start looking around and buying things.
                  That happened to my mum in Singapore. She was booked on a sightseeing coach trip of the city. Ten minutes before departure she got a phone call saying “Croach tour cransseled, have car for you take you to sites. She was taken to a crap fashion shop for a hard sell and it was then she realised she had been taken for a ride. She left and went back to the hotel. So much for security a Raffles.
                  "A people that elect corrupt politicians, imposters, thieves and traitors are not victims, but accomplices," George Orwell

                  Comment

                  Reply to Thread
                  51 to 58 of 58 Previous 1 3 4 5 6 template Next

                  Advertisers

                  1. Contracting
                    1. General
                      1. Brexit
                    2. Business / Contracts
                      1. Coronavirus Assistance
                    3. Accounting / Legal
                      1. Umbrella Companies
                      2. HMRC Scheme Enquiries
                      3. The Future of Contracting
                      4. IR35 Reform
                    4. Technical
                    5. Welcome / FAQs
                  2. Social
                    1. Light Relief
                    2. Social / Events
                  Working...
                  X