Be With You forum

Be With You animanga forum => Be With You Scans => News => Topic started by: Chara on August 11, 2010, 02:05:46 PM

Title: Reported Attack Site!
Post by: Chara on August 11, 2010, 02:05:46 PM

Yesterday Firefox listed BWYS.ORG as a potential reported attack site, my understanding is a blog hosted by BWYS got hacked and some PHP files were rewritten, again. (Remember to update your Wordpresses!)

Site has been re-cleaned, all is good.

Thanks if you wrote in an email telling us about it, I appreciate any and all feedback regarding BWYS.

Title: Re: Reported Attack Site!
Post by: Motoko-chan on August 11, 2010, 04:03:30 PM

Google Chrome also listed the site, as did any links from the Google search engine. Other browers using the StopBadware list would have also shown warnings.

Title: Re: Reported Attack Site!
Post by: Kjøller on August 12, 2010, 09:12:48 AM

My anti virus said it was a trojan-horse at http://bwys.org/\{gzip} (http://bwys.org/\{gzip}) that was loading :what:

Title: Re: Reported Attack Site!
Post by: Motoko-chan on August 12, 2010, 01:39:44 PM

Quote from: Kjøller on August 12, 2010, 09:12:48 AM

My anti virus said it was a trojan-horse at http://bwys.org/\{gzip} (http://bwys.org/\{gzip}) that was loading :what:

That very well could have been mostly accurate.

The long story is that there was unwanted PHP code added to index.php on the site root (only the main site page was affected) that was obscured and created obscured Javascript which was ran by the browser to load a malware-installing site in a hidden iframe.

I went through all PHP and HTML files on the site and did some automated searches for any further "infections" and found none. Later, possibly this weekend, I'll be auditing every file by hand or replacing it with a clean backup to be safe.