Author Topic: Website (Read 542 times)

Everlasting Death · « **on:** March 12, 2009, 08:07:19 PM »

So, I am the webmaster of my church's website, kinda neway...and I had put in a forum but never really implemented it into the actual website and one day I decide to do that and I visit the forum and Avast comes up with a Trojan, it says 'JS:Redirector-D [Trj]' and then the only option is the abort connection. I currently don't have access to the SQL database and from what I've read the malware is in the database, I don't really know. Any help would be appreciated.

the website is hxxp://life.firstintheheart.com/forum

Thanks

guestolo · « **Reply #1 on:** March 12, 2009, 09:28:45 PM »

It looks from the source of the page you have a "Yahoo counter" hack

Ensure your website software is up to date
Remove the code from your pages
Here's what you should be looking for

Code: [Select]

<script language=javascript><!-- Yahoo! Counter starts 
if(typeof(yahoo_counter)!=typeof(1))eval(unescape('#%2F`..........................

I didn't include the whole code, but that gives you an idea

I would scan the computer to ensure it has no infection
Change all passwords
Including online sites (change your FTP password from within your web hosting
control panel.)

Run a complete AntiVirus scan and I would also run a scan with Malwarebytes AntiMalware, ensure both are updated

There's a lot of info on google about it
"Yahoo counter" attack

It looks like the main site itself is OK, just the links to all the pages on the forums

Everlasting Death · « **Reply #2 on:** March 13, 2009, 09:28:40 AM »

So the yahoo counter is saved in the site description field on the database and I currently don't have access to the database but I will get rid of it ASAP. Also, when I first put up the forum some random jumble showed up in the header and when I viewed the source I noticed the yahoo counter in the same place but it didn't come up as a trojan on Avast, my guess was it was done incorrectly. I deleted the data from the database and didn't think anything of it, now it's back. I'm wondering if there is a way I can further protect myself from this. After googleing the yahoo counter thing I found that a couple people had this problem with IXHosting which is the host used by my church. Could it be the hosts security problem? Because I use the same forum script on my personal website, jaswin.net, and I use 1and1 and have never had this issue with that site.

EDIT: I deleted the data from the database but the script kept coming back. I then decided to delete the site description placeholder from the template and it seems to have fixed the issue.

guestolo · « **Reply #3 on:** March 13, 2009, 05:05:09 PM »

Avast doesn't alert me about your forum now

I found a very interesting blog about this hack and IX Web Hosting
Some good reading, also note the links she posts
http://miekiemoes.blogspot.com/2009/01/ix-...g-reliable.html

Everlasting Death · « **Reply #4 on:** March 13, 2009, 08:56:41 PM »

thanks again questolo, I still have no way of getting rid of the infection, I guess that's IX's issue...I'll have to speak with the church about switching hosts, but for now what I did should take care of it

TheTechGuide Forum

News:

Author Topic: Website (Read 542 times)

Everlasting Death

Website

guestolo

Website

Everlasting Death

Website

guestolo

Website

Everlasting Death

Website