Movies Download
arrowHome arrow Articles arrow Announcements arrow I stoped a Site attacked Monday, 06 September 2010  

tech-spirits.com
technology + humanity + community


Main Menu
 Home
 Welcome
 Articles
 Blog
 Downloads
 Forum
 FAQs
 WebNotes
 Contact Us
 Links
 Administrator

Login Form
Username

Password

Remember me
Forgotten your password?

Web tech-spirits
My Websites:
I stoped a Site attacked   Print 
Written by Wei-Jing Zhu  
Friday, 05 September 2008
How to navigate this and other websites safely!The use of Google Chrome alert us that our primary sites Tech-Spirits.com and Teen-Ventures.com have been attacked, attaching URL forwarders to sites named google-analytlcs or google-analitics, which are obviously fake sites.

Google Chrome analyzed the two fake google sites, and show that while they are potentially malicious, they currently do not do anything dangerous, but only forward to ad networks.

To browse safely, use Firefox, and use the add-on "NoScript". This allows you full control of which scripts (associated with various websites) you allow. The default setting is all that you need.
We also use the add-on "FireBug" to analyze the javascripts associated with the attack.

Online search shows that while many website owners face this problem, there are not too many people who knows how it is done.

The fact that only the primary sites, and not the subordinated sites (like ccc or hln) are affected, suggests that the attack is toward the web hosting services.
I look through the php codes of both the mambo and joomla cms, to find no obvious changes, suggest that the attack is highly skilled. Googling for the two sites show that the style of attack has been changing over time. I did notice that the php file permissions have been changed, suggesting that the attack took place sometime in the last 6 months.

I will need to write this problem to Slashdot, and have the social power to combat these cyber criminals by raising general awareness.

The solution:
After using Chrome view source, which preserves spaces, it showed that the attack hides the javascript code inside my site's index.php file, by adding 1000 empty lines after my file, and then start the script line with 1000 spaces, thus putting it in a corner that most people will not notice even if they know something is wrong.  It got me wondering for 2 evenings!
Removing the bad lines clear everything up!


Comments

Only registered users can write comments.
Please login or register.

Powered by AkoComment 1.0 beta 2!
Last Updated ( Friday, 05 September 2008 )

Hit Counter
328681 Visitors

Most Read
Welcome to Tech-Spirits.Com
e-sword.net
Building my entertainment center
My various websites
My Favorites
Trans-Pacific Supersonic planes
Topics today, 3/17/06
Building my multimedia computer
Anonymity online, email tricks
Automatic hyperlink of plain text
By all Means
Article on RenTech
Designful patterns found in everyday life
History of building my personal site - 1
Tricks for Gmail (a communication revolution?)
Group tools not yet in existence
Setting up OpenCommentary.Com - 1
FireFox configuration
Beware of email phishing scams (identity thiefs)
Modified Keyboards
Article on welfare system
Furl tricks
email clients
Furl and related competitors
Visual Settings: enlarge everything

Newsfeeds
My info-tech furls
Mon, 06 Sep 2010 23:53
My other articles
Mon, 06 Sep 2010 23:53

Latest non-frontpaged
Asterix, etc
perl list ranking
Pop psychology in marketing
Conscious thoughts and unconscious beliefs
Duncan Watts criticizes Tipping Point

Forum latest
1: How to add image in Mambo/Joomla by wjzhu
2: How to modify Front page configuration in Joomla by wjzhu
3: How to edit php html by wjzhu
4: how to add Amazon links by wjzhu
5: Mambo requested URL not found error by wjzhu

show last 4hrs - 24hrs

 
top

All rights reserved by Tech-Spirits.Com, a Wei-Jing Zhu production.