Comments on: The Day the Blog Stood Still

By: Rauxis

Rauxis — Mon, 10 May 2010 16:37:04 +0000

have a look at

http://blog.sucuri.net/2010/05/new-attack-today-against-wordpress.html

hope it helps
Rauxis, chosen of CAT

By: Paona

Paona — Mon, 10 May 2010 02:22:19 +0000

All clear on this front. Fortunately, it was an attack site that I am oh-so-familiar with, having had to deal with the resultant installer and malware that it deploys on a number of computers that I have serviced in the past, so I did not pass go, did not collect $200, did not hit “OK”, went directly to CTRL + ALT + DELETE and terminated Firefox.exe, then updated Malwarebytes and did a full scan.

By: TJGypsy2

TJGypsy2 — Sun, 09 May 2010 10:15:09 +0000

I was kind of wondering. I got hit by the redirect, wondered what the hell was going on, didn’t click anything and shut down my machine. I came back to the site right after and had no further trouble. Glad you got it sorted out, and really glad you didn’t shut it down. I’d miss the 3b sense of humor.

to Cassie for all the hard work!

By: tao

tao — Sun, 09 May 2010 03:27:09 +0000

Change your FTP password asap. I clean up this sort of stuff nightly for work. The most common cause of these “every file in the website had code appended to it to load a trojan from a remote site” is a compromised FTP password. Once you change the FTP password, do not let anyone have it and use it for FTP until they have done a full virus check of their local machines. The way this compromise works is they compromise a work station. Because FTP is in clear text, they they data mine the user and pass when the user on the compromised work station logs into the server. Then they use that information to log in and modify the files.

That isn’t to say 100% that this was what happened here. It is just the #1 most common cause of it that I’ve seen over the last few months….so I wanted to mention it. You’d be best off using sftp/scp if you have ssh access to the server as that will encrypt ftp traffic and eliminate the problem as well.

By: Kattrinsaa

Kattrinsaa — Sun, 09 May 2010 02:41:04 +0000

i got the attempted redirect yesterday, but chrome blocked it and sent me back to your page.

miss having the comluv tool.
I wrote an innocuous bit of story on my site for Single Abstract Noun that I meant to plug..

By: Phelps

Phelps — Sun, 09 May 2010 02:14:07 +0000

If you are running WordPress, you might look at the WordPress Database Backup plugin. I run it, and it sends me a database backup (not the whole site, but what I would need to get up and running again relatively painlessly) every Sunday afternoon.

By: Sharvhan

Sharvhan — Sun, 09 May 2010 00:49:39 +0000

I too was redirected, but I clicked nothing and simply did a manual shutdown. Rebooted, ran virus scan and the old laptop is clean. Have had nothing out of the ordinary today, so I think you’re safe. Good job with finding that fix, Cassie and thanks BBB for not shutting down. :) You’re one of the few blogs I read these days and it always brings a smile to my face no matter what you choose to write about.

By: Shane

Shane — Sat, 08 May 2010 23:19:45 +0000

I was redirected yesterday. I was sent to some site that was trying to act like a virus scanning page for my computer with the helpful popup box asking whether I wanted to remove the virus and do a proper scan etc… Ive dealt with that type of thing before and sadly the first time I did click OK. No this time, closed down carefully and then ran a trojan program when I went out yesterday… no infections.

ps. DOnt close down your gear links are the only reasons I managed to gear up after my absence from the game for a year.

By: Rob Coulstock

Rob Coulstock — Sat, 08 May 2010 22:53:33 +0000

I had a trojan warning yesterday and today nothing. So it all looks sweet :) Good job Cassie!

By: neil

neil — Sat, 08 May 2010 22:09:07 +0000

Not getting a thing here and it would be a real loss to the community if this blog went down