Be With You forum

Please login or register.

Login with username, password and session length

Post reply

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.
Name:
Subject:
Message icon:
Bold Italicized Underline Strikethrough | Preformatted Text Left Align Centered Right Align
Insert Image Insert Hyperlink Insert Email Insert FTP Link | Superscript Subscript Teletype | Insert Table Insert Code Insert Quote | Insert Unordered List Insert Ordered List Horizontal Rule | Remove Formatting Toggle View
Verification:
What is the name of this group? (Hint: Starts with "be" ends with "scans"):

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Motoko-chan
« on: August 12, 2010, 01:39:44 PM »

Quote from: Kjøller on August 12, 2010, 09:12:48 AM
My anti virus said it was a trojan-horse at http://bwys.org/\{gzip} that was loading :what:

That very well could have been mostly accurate.

The long story is that there was unwanted PHP code added to index.php on the site root (only the main site page was affected) that was obscured and created obscured Javascript which was ran by the browser to load a malware-installing site in a hidden iframe.

I went through all PHP and HTML files on the site and did some automated searches for any further "infections" and found none. Later, possibly this weekend, I'll be auditing every file by hand or replacing it with a clean backup to be safe.
Posted by: Kjøller
« on: August 12, 2010, 09:12:48 AM »

My anti virus said it was a trojan-horse at http://bwys.org/\{gzip} that was loading :what:
Posted by: Motoko-chan
« on: August 11, 2010, 04:03:30 PM »

Google Chrome also listed the site, as did any links from the Google search engine. Other browers using the StopBadware list would have also shown warnings.
Posted by: Chara
« on: August 11, 2010, 02:05:46 PM »

Yesterday Firefox listed BWYS.ORG as a potential reported attack site, my understanding is a blog hosted by BWYS got hacked and some PHP files were rewritten, again. (Remember to update your Wordpresses!)

Site has been re-cleaned, all is good.

Thanks if you wrote in an email telling us about it, I appreciate any and all feedback regarding BWYS.