Topic: Reported Attack Site! (Read 8658 times)

Chara · « **on:** August 11, 2010, 02:05:46 PM »

Yesterday Firefox listed BWYS.ORG as a potential reported attack site, my understanding is a blog hosted by BWYS got hacked and some PHP files were rewritten, again. (Remember to update your Wordpresses!)

Site has been re-cleaned, all is good.

Thanks if you wrote in an email telling us about it, I appreciate any and all feedback regarding BWYS.

Motoko-chan · « **Reply #1 on:** August 11, 2010, 04:03:30 PM »

Google Chrome also listed the site, as did any links from the Google search engine. Other browers using the StopBadware list would have also shown warnings.

KjÃ¸ller · « **Reply #2 on:** August 12, 2010, 09:12:48 AM »

My anti virus said it was a trojan-horse at http://bwys.org/\{gzip} that was loading

Motoko-chan · « **Reply #3 on:** August 12, 2010, 01:39:44 PM »

Quote from: KjÃ¸ller on August 12, 2010, 09:12:48 AM

My anti virus said it was a trojan-horse at http://bwys.org/\{gzip} that was loading

That very well could have been mostly accurate.

The long story is that there was unwanted PHP code added to index.php on the site root (only the main site page was affected) that was obscured and created obscured Javascript which was ran by the browser to load a malware-installing site in a hidden iframe.

I went through all PHP and HTML files on the site and did some automated searches for any further "infections" and found none. Later, possibly this weekend, I'll be auditing every file by hand or replacing it with a clean backup to be safe.

News:

Author Topic: Reported Attack Site! (Read 8658 times)

Chara

Reported Attack Site!

Motoko-chan

Re: Reported Attack Site!

KjÃ¸ller

Re: Reported Attack Site!

Motoko-chan

Re: Reported Attack Site!