vBSEO Broken: wreak'n havoc...
- Status
Re: Weirdness, maybe trojan virus?
I think our Web Hosting company might have a problem.
It appears to me that their DNS might be compromised.
vbSEO should be inserting a URL to google-analytics.com/ga.js at the bottom of most pages.
It appears that people are getting various urls, all at the domain servehttp.com. Many of those scripts are not valid.
These are being flagged as virus/trojan's by several members virus scanning tools.
I ran a Clam Virus scan on our server, nothing found.
If anyone has some experience with this, I could use some help.
For now, I've turned off VBSEO, which has removed the offending analytics code.
Turning it off has broken links and some parts of the site aren't working now.
Jim
I think our Web Hosting company might have a problem.
It appears to me that their DNS might be compromised.
vbSEO should be inserting a URL to google-analytics.com/ga.js at the bottom of most pages.
It appears that people are getting various urls, all at the domain servehttp.com. Many of those scripts are not valid.
These are being flagged as virus/trojan's by several members virus scanning tools.
I ran a Clam Virus scan on our server, nothing found.
If anyone has some experience with this, I could use some help.
For now, I've turned off VBSEO, which has removed the offending analytics code.
Turning it off has broken links and some parts of the site aren't working now.
Jim
Re: Weirdness, maybe trojan virus?
Sorry, should have replied sooner, been swamped with work. I've asked around about what's going on with this virus, as you described it tends to get pulled in from other sites, it doesn't appear to be hosted locally.
Will let you know if I hear anything.
Sorry, should have replied sooner, been swamped with work. I've asked around about what's going on with this virus, as you described it tends to get pulled in from other sites, it doesn't appear to be hosted locally.
Will let you know if I hear anything.
Re: Weirdness, maybe trojan virus?
See this on the VBSEO web site -> http://www.vbseo.com/f3/alert-huge-security-hole-vbseo-3-3x-41463/
Looks like we need to reinstall/ upgrade, or at the very least check the vBSEO xml product file. I can do that, but I won't be able to get to it until 7pm or so. If you have some cycles this afternoon, that'd be great.
We may also need to change our passwords on the systems.
See this on the VBSEO web site -> http://www.vbseo.com/f3/alert-huge-security-hole-vbseo-3-3x-41463/
Looks like we need to reinstall/ upgrade, or at the very least check the vBSEO xml product file. I can do that, but I won't be able to get to it until 7pm or so. If you have some cycles this afternoon, that'd be great.
We may also need to change our passwords on the systems.
Tracy, we staffers don't have access to vbSEO to download.
If you have Steve's old account, we need it to access the vbSEO Download Area.
http://www.vbseo.com/downloads/
We need version 3.3.2 and 3.3.0 if you can download both.
Thanks,
Jim
If you have Steve's old account, we need it to access the vbSEO Download Area.
http://www.vbseo.com/downloads/
We need version 3.3.2 and 3.3.0 if you can download both.
Thanks,
Jim
Thanks to Tracy, we have the new code.
I went ahead and tested re-installing 3.3.0. That fixed our problem. :banana:
But, that also implies our site was compromised. :kamahlitu
I've asked Tracy to change all our passwords.
I'm also going to upgrade our vbSEO to 3.3.2, the latest Gold version this evening.
Also, I've turned vbSEO OFF. If someone is exploiting that hold, I don't want them to get right back in.
I have a meeting tonight, so I won't be around till after 9pm. I left the install pages in a place Bas and Toolman can use them if need be.
Big thanks to Bas and Tracy for all the great support, go team! :notworthy:
Jim
I went ahead and tested re-installing 3.3.0. That fixed our problem. :banana:
But, that also implies our site was compromised. :kamahlitu
I've asked Tracy to change all our passwords.
I'm also going to upgrade our vbSEO to 3.3.2, the latest Gold version this evening.
Also, I've turned vbSEO OFF. If someone is exploiting that hold, I don't want them to get right back in.
I have a meeting tonight, so I won't be around till after 9pm. I left the install pages in a place Bas and Toolman can use them if need be.
Big thanks to Bas and Tracy for all the great support, go team! :notworthy:
Jim
Fingers crossed, we are now at 3.3.2 and I don't see the bad code.
As part of the install, I had to set a new vbseo password. I'll be sending that on to Tracy, Bas and Toolman.
I also talked to Steve, he suggested we turn off Google Analytics.
I've turned it off for now, but if anyone would like it enabled, just say the word.
It does add complexity to our site and slows things down a bit.
Thanks,
Jim
As part of the install, I had to set a new vbseo password. I'll be sending that on to Tracy, Bas and Toolman.
I also talked to Steve, he suggested we turn off Google Analytics.
I've turned it off for now, but if anyone would like it enabled, just say the word.
It does add complexity to our site and slows things down a bit.
Thanks,
Jim
Well done Jim, great job on the quick turnaround.
As for the analytics - do we do anything with that info? I suppose if we did aggressive marketing and looked to improve hits, references etc. it would be useful, but we're far more laid back than that I think. So turning it off wouldn't hurt us.
As for the analytics - do we do anything with that info? I suppose if we did aggressive marketing and looked to improve hits, references etc. it would be useful, but we're far more laid back than that I think. So turning it off wouldn't hurt us.
I didn't want to post this in the public forum, but apparently whatever was in our system was capturing the IP and port addresses for the various computers that logged into NCWW, and then forwarded that information on to a server in Bejing, China. The IP address of that server is 59.53.91.108, and 59.53.91.102. That server would then attempt to hack into the users PC and download a virus.
There were multple application path: One was /device/harddiskvolume2/program files/adobe/acrobat 7.0/reader/acrord32.exe.
Another was /device/harddiskvolume2/program files/internet explorer/iexplore.exe.
For the past 3 or 4 days, in hindsight I now realize that every time that I've logged into NCWW Norton has blocked an attempt to hack into my computer.
There were multple application path: One was /device/harddiskvolume2/program files/adobe/acrobat 7.0/reader/acrord32.exe.
Another was /device/harddiskvolume2/program files/internet explorer/iexplore.exe.
For the past 3 or 4 days, in hindsight I now realize that every time that I've logged into NCWW Norton has blocked an attempt to hack into my computer.
As a former detective I have a tendency to look at things with an analytical eye. Taking the above posts in conjunction with the recent news about the ongoing battle between China and Google it makes me wonder, are we the victims of "collateral damage" in this battle ? I am a strong supporter of the KISS principle so if we do not need the data from Google Analytics let's stay out of the fray. :gar-La;
- Status
Premier Sponsor
Our Sponsors
LATEST FOR SALE LISTINGS
-
-
Graco 395 FinishPro air assisted airless sprayer for sale
- Started by RobH
- Replies: 1
-
-
-