Virus attack

[Mutt]

So all seems to be back to normal again aside from email notifications which I'm looking into now.

 

 

 

So those interested the "Virus" was a malicious IFRAME which was injected into our pages. After a bit of research it seems this can happen through vulnerabilities on the server or compromised FTP accounts which allow 3rd parties to inject malicious IFRAMES into the code of legitimate websites.

 

 

 

I've taken this up with our Web hosts and have changed all FTP access details using much stronger passwords.

 

 

 

Hopefully this won't happen again. But I suggest that everyone ensures that they have a good' date=' up to date, Anti virus installed. There are some good free ones available:

 

 

 

AVG - http://free.avg.com/

 

Avast - http://www.avast.com/

 

 

 

I'm sure some members can suggest others too.

 

 

 

If you still have trouble with menus disappearing or drop downs not working try pressing Ctrl + F5 to force a page refresh (thanks CVANC).[/quote']

 

 

 

www.comodo.com - Another free AV / Firewall

[MtBryda]

Sadly the problem continues. 

problem still o the site, trojan and malware issues!!!!

[wackwack]

I have cleaned temp internet files, deleted history, cookies, etc etc etc

 

I just got 45 attacks in under 1 minute.

 

Something is still ***'d!

 

[montyzuma]

OK, disabling avatars seems to have done the trick. No virus warnings & the "Home/Logout/Forums/etc mini navigation bar is visible again.

[AndreZA]

I get this problem if I open IE 6.0.2

 

 

 

[Schwynn]

JA, ek met my GROOT BEK! Virus warning as I logged off from the Hub! If you haven't got a virus program download AVAST for freeee...

[Schwynn]

Does anyone else pick up this frickin virus on Epic Prolog 2009?

[Jaco Steyn]

I must be extremely lucky, because I have not had a single problem since everybody else started reporting it. I am using IE ver 8.0.6001.18702, Nod 32 (definitions up to date), Firewall turned on, SuperAntispyware (definitions up to date). Just scanned my complete system again with no errors reported. And, most important of all, KEEP AWAY FROM DODGY WEBSITES!

[Schwynn]

It's not on my PC either, but the antivirus keeps on warning me whenever I go to the mentioned site.

[Matt]

Hi Everyone!

 

I got a response from our web hosting company and it looks like the problem crept in on their side.

"We had an issue where someone changed the default iisstart.htm file to

include the iframe tag and enable document footers to display.

 

There's an option in each web site in IIS to allow document footers to be displayed whenever someone visits the website.

 

The iframe and url that was included in the iisstart.htm file was malicious.

 

We corrected this and also implemented stricter security policies.

 

Thank you for letting us know.

 

We apologies for any inconvenience caused."

 

If you don't have an Antivirus installed please do install one (or use a Mac )! There are many good, free options available (look on page 3 and 4 of this thread for suggestions).

 

I have and will continue to make every effort to ensure that these things don't happen.

 

If you're still having issues with the menus and dropdown lists try pressing Ctrl + F5 simultaneously - this will force your webbrowser to reload a "fresh" version.

 

Apologies for any inconvenience and happy hubbing!

 

Admin

 

[Dibles]

Thanks Admin. I cannot see the "watch topic" email alert link after having done a forced reload. Is this still in progress?

[Johnno]

Hi Admin

Still getting the virus notification when I move to a different page on the hub. I have deleted cookies, temp internet history and performed the ctrl-alt F5 (this brought my drop down panel back. My virus definitions are up to date as well.

Just thought I would let you know.

 

 

 

 

[montyzuma]

Afraid it's not dead yet - smiley32 and smiley36 seem to be less friendly than they appear.......

[Rocket-Boy]

Johnno! how can you even use your pc anymore? sureley Norton sow-virus has bogged it down completely?

I think you should probably get rid of that and get something decent

 

[barrykm]

Admin - it's 21:45 on Tuesday evening and Trojan.Giframe is still lurking...!!

[Matt]

I've contacted our web hosts again to look into this. They assured me that the problem had been sorted out and their security improved.

 

It's proving difficult to get anywhere with this on my side as I can't recreate the problem. I did get the warning messages on Saturday but have had nothing since then.

 

I'm double checking everything on my side to make sure all is above board and our web hosts are currently doing the same. I am doing some (more) research into this virus and I have requested advice from a number of people.

 

I will pass on any information or feedback I receive.