0
Welcome Guest! Login
0 items Join Now

Banging My Head Against The Wall (Help!)

  • Banging My Head Against The Wall (Help!)

    Posted 17 years 5 months ago
    • So this morning I got a couple of users who started reporting that their antivirus software was getting all excited over a trojan or exploit of some sort when they accessed my site (fantasyfootballwhiz.com)

      One did not give me a name, and the other said that he THINKS it was called bulldog (the only bulldog I could find on a quick search was a hijacker that looks like part of a bigger suite of crap, but nothing else was reported).

      I'm guessing that something got exploited on my site, but I am having a bear of a time trying to figure out what. Do we have any willing firewalkers who might be able to help me figure out a) if there is, indeed, something wrong, and b) where it might be located?

      I don't see anything in the root's index.php, for starters.

      The host is utterly useless - once again (going to be switching in the next few weeks)...

      Thanks!
    • They were forced to eat Robin's minstrels.... and there was much rejoicing.
    • Robert W's Avatar
    • Robert W
    • Elite Rocketeer
    • Posts: 815
    • Thanks: 0
    • IT

    Re: Banging My Head Against The Wall (Help!)

    Posted 17 years 5 months ago
    • everything seems ok to me. no AV alerts, etc.
  • Re: Banging My Head Against The Wall (Help!)

    Posted 17 years 5 months ago
    • Thanks, Robert. I'm paranoid about shooting myself in the foot before we even get started! ;D
    • They were forced to eat Robin's minstrels.... and there was much rejoicing.
    • GollumX's Avatar
    • GollumX
    • Elite Rocketeer
    • Posts: 2817
    • Thanks: 0

    Re: Banging My Head Against The Wall (Help!)

    Posted 17 years 5 months ago
    • what does gtqk.js do? it looks to be the only odd piece of script on there.

      hmmm.. it only loaded the first time, not on refresh.

      Try this attached file.

      Unzip and upload it to your site and access it via your browser. Use it to sort by "last modifed date". Check for any files that were modified recently and investigate if you didn't do the modifications yourself.

      DELETE THE FILE FROM YOUR SERVER AFTER USE.
    • Say no to Internet Explorer 6.
      twitter.com/mark_up
  • Re: Banging My Head Against The Wall (Help!)

    Posted 17 years 5 months ago
    • Thanks, Gollum... I don't know what that .js file is, and it doesn't show up when I run filist...

      I don't see anything in the filist that looks like a concern. That js is a little worrisome, though.
    • They were forced to eat Robin's minstrels.... and there was much rejoicing.
  • Re: Banging My Head Against The Wall (Help!)

    Posted 17 years 5 months ago
    • I'm still stuck on this... if anyone has any ideas, I'm all ears. ???

      Edit/Update: The big is being identified as Bloodhound.Exploit.109

      It appears to be transferred in a file called movie[1].qtl - which I do not believe exists on my account. I've been told to download the entire site to my local computer and run a virus scan, which I will try this evening...

      Curiously enough, the only other mentions I can find on the internet of sites having this particular bug are ALL using the same host.

      I really need to move...
    • Last Edit: 17 years 5 months ago by Adam Lasik.
    • They were forced to eat Robin's minstrels.... and there was much rejoicing.
    • Robert W's Avatar
    • Robert W
    • Elite Rocketeer
    • Posts: 815
    • Thanks: 0
    • IT

    Re: Banging My Head Against The Wall (Help!)

    Posted 17 years 5 months ago
    • www.webmasters.com

      this is my host and I would recommend them to anyone. The servers are located in Florida (not sure where you are located?) but they are great, very responsive and I usually get an answer w/n an hour, most of the time less. Hosting packages are also reasonable too.
    • Bob Ateah's Avatar
    • Bob Ateah
    • Elite Rocketeer
    • Posts: 4521
    • Thanks: 0

    Re: Banging My Head Against The Wall (Help!)

    Posted 17 years 5 months ago
  • Re: Banging My Head Against The Wall (Help!)

    Posted 17 years 5 months ago
    • No, I'm currently on Siteground.

      Out of curiosity... Does anyone know - could it be possible that a graphical google ad is infected - so when it loads instead of the text ads it fires through the trojan with it?

      It's strange that it seems intermittent, and the google ads are the only thing that would change on a refresh.
    • They were forced to eat Robin's minstrels.... and there was much rejoicing.
    • Bob Ateah's Avatar
    • Bob Ateah
    • Elite Rocketeer
    • Posts: 4521
    • Thanks: 0

    Re: Banging My Head Against The Wall (Help!)

    Posted 17 years 5 months ago
    • You might want to check this out, although I have never used it and cannot vouch for the usefullness og it:
      www.acunetix.com/security-audit/

      Cheers!
    • The member formerly known as Roland Deschain
      After your question is solved, please Edit your original post and choose the Solved message icon, thank you!

Time to create page: 0.067 seconds