Announcement

Collapse
No announcement yet.

Dangerous Web Site Warning

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Dangerous Web Site Warning

    Just got back from a weeks holiday and when visiting the main page of my site my virus software is throwing up a warning:

    'You have attempted to open a dangerous Web Site'......then it gives a URL of the site....which is not mine by the way

    It has been suggested that I may have spyware on my server

    Anyone any suggestions on how can rid of this?

    Kind regards
    www.ecclestonanglingcentre.co.uk

    #2
    Go download some Spyware cleaning software

    Spybot, Lavasoft Adaware are 2 for starters, run these on your system

    Comment


      #3
      It looks like your site has been hacked and an iframe added to a virus/worm site. This happened to one of mine a few weeks ago as a result of the host not updating cpanel quickly enough after an exploit had been discovered.

      So, I would recommend:

      1. Delete the pages on your webserver. You can probably identify the changed one's just by looking at the date on the files, but to be safe I would remove them all.

      2. Run a decent scan on your PC to make sure it hasn't been infected with something nasty.

      3. talk to your host to find out how this happened and get them to fix it.

      4. Change the username and passwords on your server and make sure anonymous ftp hasn't been enabled.

      5. Refresh your website.

      Mike
      -----------------------------------------

      First Tackle - Fly Fishing and Game Angling

      -----------------------------------------

      Comment


        #4
        Im getting warnings from Norton about a downloader active on the site. I would get it shutdown before you infect your visitors/regulars and they dont come back.

        Comment


          #5
          It's not pleasant that one at all.

          The IP resolves to Honk Kong, and it's hosted by a company called HostFresh. Very nice of them too

          Same advice as above including:
          I would check the SiteHTML files on your local PC to ensure the iframe is not being embedded there, scan your PC for threats and then refresh the site one you are happy that it is not re-occurring.

          Firstly though, I'd FTP onto the site and remove the iFrame from the source HTML or shutdown the site whilst you remove it.
          Fergus Weir - teclan ltd
          Ecommerce Digital Marketing

          SellerDeck Responsive Web Design

          SellerDeck Hosting
          SellerDeck Digital Marketing

          Comment


            #6
            Okay - I'm going to run a virus checker on my PC to see if there's any trouble there.

            You say shut down the site.....how would this be done?
            www.ecclestonanglingcentre.co.uk

            Comment


              #7
              If anyone else is joining this thread I'd recommend that they do not attempt to view ecclestonanglingcentre as there is a very strong possibility that you'll damage your system.

              If I was Bun, I'd delete everything on that server (to stop poisoning your customers) and upload to an alternative clean server to check whether the brand new upload is infected or not. Only when the upload verifies OK on a clean server (showing that your back office system isn't compromised), would I consider restoring the live site.

              As it stands now, you know you have a server that's spewing out malware and if you delay fixing this you may have some very angry customers coming after you.
              Norman - www.drillpine.biz
              Edinburgh, U K / Bitez, Turkey

              Comment


                #8
                You say shut down the site.....how would this be done?
                ftp to it and remove all files

                Comment


                  #9
                  Okay - I think I've tracked this 'iframe' thing down to my affiliate login link on the site. I've sent an email to Lyle at AllAffiliatePro to see if he can help.

                  I've never come across anything like this before and I'm afraid I'm a bit out of my depth.....sorry

                  Kind regards
                  www.ecclestonanglingcentre.co.uk

                  Comment


                    #10
                    If you do nothing else, do a full refresh of your website now. There's a very good chance this will replace any altered files on your website. You have to sort this out fast as any visitors to your website are facing a severe attck on their PC and not only is it anti-social to leave it there but you are going to be seriously upsetting visitors and customers.

                    Think of it as having some muggers waiting inside your shop door and mugging all your customers. You cannot just ignore it.

                    The iframe on your site is not from your affiliate tracking. Your site has been hacked and all your visitors are being attacked.

                    Mike
                    -----------------------------------------

                    First Tackle - Fly Fishing and Game Angling

                    -----------------------------------------

                    Comment


                      #11
                      Did you get this fixed? Looking at the source code of your home page there appears to be no iframes!
                      Cheers

                      David
                      Located in Edinburgh UK

                      http://twitter.com/mcfinster

                      Comment


                        #12
                        Last-Modified: Mon, 16 Apr 2007 19:56:58 GMT
                        Looks like it was fixed last night. I wasn't going to look again as it was quite a nasty and persistent downloader.

                        Mike
                        -----------------------------------------

                        First Tackle - Fly Fishing and Game Angling

                        -----------------------------------------

                        Comment


                          #13
                          I know it is a bit late but, i had something similar once, i deleted the index file and refreshed my site. fixed it straight away.

                          worth rembering

                          Cheers
                          Darren

                          Comment


                            #14
                            i deleted the index file and refreshed my site. fixed it straight away.
                            this can work but it depends on whereabouts in your site the hacker/virus has placed itself

                            if its only compromised the index page then your solution is fine, but there are instances where other pages may have been affected.

                            There are 2 issues here, one is the website which must be removed/replaced to stop innocent shoppers being affected.

                            the other is to then cleanse any PC which has visited the compromised site.

                            Mike's analogy re the front door mugger hits the nail on the head.

                            It would be nice if Bun posted to say whether he has refreshed the website as I have no plans to visit it to check.

                            Comment


                              #15
                              It would be nice if Bun posted to say whether he has refreshed the website as I have no plans to visit it to check.
                              I would keep away - I visited today and got several warnings from Norton.__________________

                              Comment

                              Working...
                              X