RocketTheme - TOPIC: Banging My Head Against The Wall (Help!) (1/2)

Welcome Guest! Login

0 items Join Now

- Adam Lasik
- Rocketeer
- Posts: 91
- Thanks: 0
Banging My Head Against The Wall (Help!)

Posted 17 years 5 months ago
- So this morning I got a couple of users who started reporting that their antivirus software was getting all excited over a trojan or exploit of some sort when they accessed my site (fantasyfootballwhiz.com)
  
  One did not give me a name, and the other said that he THINKS it was called bulldog (the only bulldog I could find on a quick search was a hijacker that looks like part of a bigger suite of crap, but nothing else was reported).
  
  I'm guessing that something got exploited on my site, but I am having a bear of a time trying to figure out what. Do we have any willing firewalkers who might be able to help me figure out a) if there is, indeed, something wrong, and b) where it might be located?
  
  I don't see anything in the root's index.php, for starters.
  
  The host is utterly useless - once again (going to be switching in the next few weeks)...
  
  Thanks!
- They were forced to eat Robin's minstrels.... and there was much rejoicing.
#68682
- Robert W
- Elite Rocketeer
- Posts: 815
- Thanks: 0
- IT
Re: Banging My Head Against The Wall (Help!)

Posted 17 years 5 months ago
- everything seems ok to me. no AV alerts, etc.
#68690
- Adam Lasik
- Rocketeer
- Posts: 91
- Thanks: 0
Re: Banging My Head Against The Wall (Help!)

Posted 17 years 5 months ago
- Thanks, Robert. I'm paranoid about shooting myself in the foot before we even get started! ;D
- They were forced to eat Robin's minstrels.... and there was much rejoicing.
#68692
- GollumX
- Elite Rocketeer
- Posts: 2817
- Thanks: 0
Re: Banging My Head Against The Wall (Help!)

Posted 17 years 5 months ago
- what does gtqk.js do? it looks to be the only odd piece of script on there.
  
  hmmm.. it only loaded the first time, not on refresh.
  
  Try this attached file.
  
  Unzip and upload it to your site and access it via your browser. Use it to sort by "last modifed date". Check for any files that were modified recently and investigate if you didn't do the modifications yourself.
  
  DELETE THE FILE FROM YOUR SERVER AFTER USE.
- Say no to Internet Explorer 6.
  twitter.com/mark_up
#68698
- Adam Lasik
- Rocketeer
- Posts: 91
- Thanks: 0
Re: Banging My Head Against The Wall (Help!)

Posted 17 years 5 months ago
- Thanks, Gollum... I don't know what that .js file is, and it doesn't show up when I run filist...
  
  I don't see anything in the filist that looks like a concern. That js is a little worrisome, though.
- They were forced to eat Robin's minstrels.... and there was much rejoicing.
#68712
- Adam Lasik
- Rocketeer
- Posts: 91
- Thanks: 0
Re: Banging My Head Against The Wall (Help!)

Posted 17 years 5 months ago
- I'm still stuck on this... if anyone has any ideas, I'm all ears. ???
  
  Edit/Update: The big is being identified as Bloodhound.Exploit.109
  
  It appears to be transferred in a file called movie[1].qtl - which I do not believe exists on my account. I've been told to download the entire site to my local computer and run a virus scan, which I will try this evening...
  
  Curiously enough, the only other mentions I can find on the internet of sites having this particular bug are ALL using the same host.
  
  I really need to move...
- Last Edit: 17 years 5 months ago by Adam Lasik.
- They were forced to eat Robin's minstrels.... and there was much rejoicing.
#68903
- Robert W
- Elite Rocketeer
- Posts: 815
- Thanks: 0
- IT
Re: Banging My Head Against The Wall (Help!)

Posted 17 years 5 months ago
- www.webmasters.com
  
  this is my host and I would recommend them to anyone. The servers are located in Florida (not sure where you are located?) but they are great, very responsive and I usually get an answer w/n an hour, most of the time less. Hosting packages are also reasonable too.
#69060
- Bob Ateah
- Elite Rocketeer
- Posts: 4521
- Thanks: 0
Re: Banging My Head Against The Wall (Help!)

Posted 17 years 5 months ago
- You using Dreamhost?
  "Hackers have been able to load malware onto the official Mercury music awards site, as well as hundreds of other sites, after breaking into the systems of US-based hosting firm DreamHost."
- The member formerly known as Roland Deschain
  After your question is solved, please Edit your original post and choose the Solved message icon, thank you!
#69074
- Adam Lasik
- Rocketeer
- Posts: 91
- Thanks: 0
Re: Banging My Head Against The Wall (Help!)

Posted 17 years 5 months ago
- No, I'm currently on Siteground.
  
  Out of curiosity... Does anyone know - could it be possible that a graphical google ad is infected - so when it loads instead of the text ads it fires through the trojan with it?
  
  It's strange that it seems intermittent, and the google ads are the only thing that would change on a refresh.
- They were forced to eat Robin's minstrels.... and there was much rejoicing.
#69117
- Bob Ateah
- Elite Rocketeer
- Posts: 4521
- Thanks: 0
Re: Banging My Head Against The Wall (Help!)

Posted 17 years 5 months ago
- You might want to check this out, although I have never used it and cannot vouch for the usefullness og it:
  www.acunetix.com/security-audit/
  
  Cheers!
- The member formerly known as Roland Deschain
  After your question is solved, please Edit your original post and choose the Solved message icon, thank you!
#69227