Techniques to remove malware from your domain!

Paul1 Reply

Starfleet Officer Image by Sam Howzit via Flickr

Websites and domains!

I recently had to help my favorite club remove some malware off their website.   My club, Starfleet-command Quadrant One website, was one of those sites that didn’t see this coming.   As a website owner, I’ve seen many of things come and go but experience has taught me that it will always come back.  I will be watching for this again in the near future but hopefully it won’t come back!

The back story was something that I have to at least talk about because this is how the site got infected.

One reason that this site got infected was by being hosted with the same hosting server.  They were both using the Goddady shared hosting account to display their webpages or forums on the internet.   Thus Godaddy, with their infinite wisdom tried to explain it away as that.    I don’t know if I buy that reason or if there was something else that might of been the culprit but I do know this website had urls redirects and such to malware sites.  I much rather keep with Hostgator, then have Godaddy anyways.

Another Reason is that it was probably some kind of key logger, or something that was sending back the important password information to a Command and control server and thus the website owner was infected or someone in the organization that had access to the account was unintentionally allowing a hacker to gain access to the website.

Removing the Malware off your Site!

Nothing in the world is ever going to be easy, but it is necessary to get into the guts of the website.   Your probably thinking, websites don’t have guts.   You’d be wrong, when I thought about having to go through each part of the code and remove the html malware redirects that is what I mean by guts.      Many people will come to understand that as a programming language but I like to think of it as a doctor who does surgery to remove an infectedc limb or something like that.

So I’m going to give you a few areas to look at if your having this problem with Malware being on your site or domain.   It won’t always be the same place for the same infection but it will at least help you find it and remove it.

.htaccess — This is one place where they will first make changes to redirect traffic to the domain that they want your visitor to. If you have had much experience with what it does.   It is a good time to learn what they do and how to use them.

 

index.php or index.html— This is something that the hackers have learned to use but most often is over looked.   This is something that I haven’t seen before until now.   Certain browser will display the virus or malware warnings and others will not even see it or have any problems!   See example for more information, because I couldn’t do a better job then them!

 

Check Subdomains and subdirectories —   This is something that is also needs to be looked at.   even if they aren’t showing the signs of being being infected it is always a good idea to at least make sure they stay uninfected.   Check them for the .htaccess and index code and remove what you need or change it to where it should be going to in the first place.   I found the .htaccess redirect code all in subdomains and sub directories on the one that I helped to remove the infection from.

 

Change ALL passwords — This is a MUST, if you’ve been infected then your passwords are at risk of being the source of the infections.   Change your FTP Password, your log in information password, and anything associated with the site in question and possibility the subdomains passwords.

 

Limit the number of people with the new passwords — if your like me, you don’t want to many people to have the ftp password and thus you should consider only allowing a select number of people having it.   Like the organization I have, they have people left and right who use it to upload files and stuff that is needed.   It also might be required to just have a server that is used for nothing else but to upload files for publications and other things like that.

 

Disclaimer

Nothing in the article is a must do or will get rid of your site being blocked by Google and other such search engines but it will at least give you a place to start looking to find culprit and maybe get your site running again quicker.   I will not make any guarantees that this will fix the problem or that it will solve your problem 100% but this is to be used as a tutorial on where to look and what you should do to prevent re-infections with malware.

 Paul Sylvester

SUPERAntiSpyware, with over 20 million users worldwide, is the most thorough scanner on the market. SUPERAntiSpyware

 

 

 

Related articles

 

 

Enhanced by Zemanta

Scareware sites being sent through email!

Paul

setup_security_defender_622.exe Chrome Scareware site on a Linux system!

Don’t try this home!

If you are not careful you could easily get infected with spyware, or worms. I on the other hand know how to fix the problem if it happens or how to prevent it in the first place. I was using a live Kubuntu CD to do my test with the link that was given to me, so I didn’t have to worry to much about infections.  The URL which was given to me was “[Website]/wp-content/plugins/(random letters and numbers)“.   You could easily tell that it was just spam because there was no subject or anything else but a link in the email.   I did this a number a times and I got some very interesting websites:

  • http://scan27.delfasd.co.in (scareware site, See picture above)

  • http://wikimedicinepatients.eu (Canadian Pharmacy) [WHOIS]

  • http://systemtestnow.com  (Scareware site I think) [WHOIS]

  • http://scan7.oggnot.co.in

  • http://update17.oggnot.co.in

Never Run an unexpected Program!

I knew this was scareware site because it automatically sent me a file “setup_security_defender_622.exe“.   I decided to check it out even more so I submitted to Jotti and you can see what they said by clicking the filename.   I also submitted it to the Virustotal to see what it said and I wasn’t surprised but again, you should never run programs that your not expecting.    This is a really old scareware tactic that is still being used today and your self be taken advantage of.

Antivirus is KEY!

To prevent viruses, if your on a computer you really should consider buying an Antivirus.  There is even Antivurs for Macintosh machines, and Linux if your interested.   I don’t know if you really need a Linux antivirus but I guess it wouldn’t hurt to have it.   I think they are far behind Mac/Windows Antivurus programs but yet they are getting better.   You never really know what is needed in the future but you should be ready when it comes.

Which Antivirus Software do you use?

I am quite curious as to which you use when it comes to having an antivirus software.   By all means leave a comment and tell me which one you use or if you found another website that you have found, and I’ll investigate it and tell others about it.

Paul Sylvester

Related articles

Enhanced by Zemanta

No SOPA for me thanks!

Paul2 Replies

SOPA = Less Liberty and more Robo-Justice For All Image by DonkeyHotey via Flickr

Stop Online Piracy Act!

If you’ve been living under a rock lately, then your probably haven’t heard about SOPA(Stop Online Piracy Act) and it just worries me.   It is like we would be living in China and that would mean less liberty for us bloggers and people who are the ones who may accidently infringe on copyrights.

SOPA(Stop Online Piracy Act) expands the ability of U.S. law enforcement and copyright holders to fight online trafficking in copyrighted intellectual property and counterfeit goods.

[Wikipedia]

I don’t like that you will not be “Innocent until proven guilty” but you will be “Guilty” with having a chance to fix the problem.

I will be Protesting January 18th!

On the 18th, I will be blacking out my website, and you will see a screen on how you can help.  This is an attempt to show Congress that I am not happy with this bill.   I will support any website that wants to join me in t his.  I believe this bill will not make piracy go away and thus this bill will do more damage then good.   Some of the websites that will be doing this are:

  • Reddit

  • Cheezburger sites

  • MLG(majorleaguegaming.com)

  • and more

What will you do on the 18th?

I am showing my support and would love to hear what you i will do on the eighteenth.   Will you do your site like others and black it out or will be talking about it all day?

Paul Sylvester

Related articles

 

Enhanced by Zemanta

Google doesn’t care about the small blogs!

Paul2 Replies

Google Does it again!

I don’t know why Google is so hard to understand.   I don’t know if they are good but Gail over at Growmap thinks they may be evil.   I don’t know if they are but I am quite concerned what happened to my blog over the last weekend!  It all started with a dramatic drop in people coming to my site.   I had a dramatic drop of people who were coming to my site.   This is always how it is, when a blog starts to get popular, Google drops them in popularity.

Google Plus World without me!

I don’t know what happened but after all this has happened, people around the blogosphere are recommending an FTC Probe over this.   I know I am not the only one but this was a real drastic drop of people coming to my blog through Google.   I have decide that I will switch to Bing and still use Google’s Chrome.  This is after all a means to tell Google that I am not happy with there search results.

Google No more!

I encourage everyone else that reads this to change to another default search engine in your Web Browser and show Google that we are unhappy with there choice.   The Bloggers are what made themnd we can who they are today a we can make some other search engine better or bigger than them.  Until they change their tune and goes back to “DO NO EVIL” then maybe I will encourage people to go back to them.   I’ve worked hard for this blog and I support Gail’s Attempt over at Growmap’s site and I encourage others to go visit them and tell them I sent you!

Paul Sylvester

Save 70% on Eyeglasses

Related articles

Enhanced by Zemanta

Progressive Commercials : How about giving me a new Car!

Paul1 Reply

Progressive Free Parking!

We’ve all seen those commercials where he is either paying to help people park or giving out free gas!  I’m not sure how I feel about these commercials.   What about people who might need a new car?  Have they not thought about that?   Are they not going to offer to help someone who might need a new car, with the amount of money they are supposedly saving they can afford a decent used car!

We are still in a recession some would say and I honestly think that we are still in that and that someone needs to help low income families with finding a car.   I know I am a low income family and the car I have isn’t very good.

Donating your Car!

I know most of you are wondering where you can donate your car.  I suggest organizations like American Red Cross , The Salvation Army or United Way .   You can actually write off that on your next years taxes.   It won’t be an instant money but then if your not looking for money as far as needing it for now.  This is a great alternative for people who might need a car who can’t afford to pay for one because of being low income.

I know I will probably never get a free car but It would be something cool if not very nice.    I am so tired of having really old cars and would love to have a new model car.

Single Family Dad!

I’m basically a single dad working anywhere I can, so I can support my family.  it isn’t something that is always going to be something that I will look back on and say that was a good year.  It is however something that makes me feel really good at the end of the day.  I don’t worry about tomorrow because tomorrow hasn’t come yet.   I try to only worry about what is today.   I however have become increasingly worried about the car that I am driving because of the way it acts each and every day.

Hey Progressive how about help me out!

That is basically what I wanted to say about I am constantly worried about the car breaking down and not having any way to get to my job or anything else that I might need.   Sometimes old cars may get more to repair than to the cost of the car.   You will however have to consider cost verses repairs.   I believe once the repairs are more than the car, you should consider buying another car and junking the car or selling it for parts.

How are you going to help someone today?

What are you going to do to help someone in need today?  I’d like to hear your comments on what you did today.

 

Paul Sylvester

Need Glasses? Try GlassesUSA!

Related articles