Is your website hacked? Website with hidden iframe to .cn website  

Ok,

I recently had a couple of my websites hacked, I am not sure if they were hacked or was it some malicious program installed on my computer. Here is what I found. Most of those websites had the following iframe code in index files

iframe src="http:// superbetfair.cn/in.cgi?income43" width=1 height=1 style="visibility: hidden" iframe
(link intentionally broken, for your own safety don't click on it )

The website superbetfair.cn was often replaced by some other website. In almost all cases they were .cn website. e.g.

iframe src="http:// lotmachinesguide.cn/in.cgi?income56" width=1 height=1 style="visibility: hidden" iframe
(link intentionally broken, for your own safety don't click on it )

My first instinct was to simply clean the files. Research on net showed that the infection was almost always in index.php file which made it relatively easier. After having spent four hours cleaning some of deep structured website and wordpress blogs I thought I am over with it. But NO!

Next day or within few hours the infection was back. A few things changed though
In some of the websites the infection was again same iframe code. However, in some other websites the infection was encoded and scrambled with javascripting. In some rare cases it has gone further ahead by scrambling the javascripting with ascii codes. Yes its those weird !56!66 numbers that you see after script tag in your html code.

My first thought analysis was:



  1. My host is infected - but I had to disregard that possibility as the infection was on multiple sites across multiple hosts.
  2. My password is hacked - again a tough nut for someone to crack unless I was being targeted.
  3. My PC has been compromised - Well that kinda make sense, I had my antivirus disabled for last few days because it slows down my internet connection.
So I ran a scan of my PC but there was no infection detected. I knew I am up against something.

Luckily, my friend is a tech support for a renowned company. Gave him a call and he recommended me two softwares.

http://www.malwarebytes.org/

http://www.simplysup.com/tremover/download.html

I ran the first scan with malwarebytes and bingo - It detected over 20 malware and a few registry hacks. Clicked a button and they were gone. Ran a full system scan with malwarebytes.

Next step was to use trojan remover from simplysup - ran a quick scan and it detected a few files and quarantined them. The next step was to run a full system scan. It took around 7 hours to do, detected nothing. Oh btw, both of these softwares came with free trial so I had not spent anything.

The next step was to run up my antivirus (Kaspersky) again and perform a full system scan, this time Kaspersky came up with five possible threats and quarantined them.

The next step was to uninstall my ftp program coreftp till that point. So I installed filezilla client.

Meanwhile I had setup one of my staff members to change all passwords and login information. So by the time I had this done, all the login and password were changed. (If you are suffering from this infection, I highly recommend that you change your passwords etc from some other computer and don't login using your old ftp program)

Once all this was done, I started logging into my websites with new information without storing them in the client and started cleaning the index.php file. Its a gruelsome task but after few hours almost all sites were disinfected. 18 hours have passed and as of now I have not seen it return so I am keeping my fingers crossed.

SPECIAL NOTE TO WORDPRESS USERS

If you are a wordpress blog owner and have this infection, you will have to clean the following files


  1. Index.php in root folder
  2. index.php in wp-content folder
  3. index.php in wp-admin folder 
  4. index.php in all the themes (all folders in wp-content/theme folder )
  5. default-filters.php in the wp-include folder (this is only in some installations)
  6. Make sure you change your username and password for wordpress and ftp separately once you have cleaned your blog, also check for any plugin that has any file named index.
If your wordpress is infected then chances are you won't be able to login to your admin panel either.

SPECIAL NOTE TO DRUPAL USERS

If you are seeing a parsing error on opening your drupal based website, that might be because of this infection. Just log in to your ftp account and download the index.php file. Remove the malicious line of code and you should be good to go again.
Please note you will have to change all passwords.

So far all looks good.

Special Note:

I am posting this because a friend of mine called up and asked if I know about this, his website is apparently infected too. I might seem to go through a complex route to solve an easy problem but anyhow that is what worked for me. If you have an easier solution to this, let me know in comments. Also as usual I will suggest you to take backup wherever possible before going through these steps. I won't be liable for any damages, this is just a free advice :)



PS: If this posts helps you in anyway, let me know :)

Read More...
AddThis Social Bookmark Button

Fighting Spam With Spam  

I dont think I need to mention Spam to you, but recently it grew out of portion for my main email address.. courtesy to some really high profile internet marketers who even allowed their web designers to use the list. Looked like a business relation turned personal affair where even your uncle's friend is your uncle. Weird people!

Anyhow, this is not about what I suffered but how to get rid of it.
1) Gmail has some interesting features that you can use to fight spam. E.g. if your email address is xyz@gmail.com, you can use x.yz@gmail to manage all email subscriptions. This way you won't be exposing your primary email address to them and you can easily cut of this email address anytime. The other option is to create another gmail account and use the forwarding option from there on.

2) The other option are services like
- temporaryinbox.com
- spamavert.com

Both of these services have their own firefox addon available. If you install the addon then with one right click you can generate an temporary email address that will last only for 6-12 hours. So if you got to download a report or get access to a webpage that requires your email address, this looks to be a really good option. You can generate this kind of email address with a right click, use it to get access or whatever report you want and forget about it. You won't be receiving any email ever after from that website. The good thing is you won't have to worry about your email address being sold further or receiving email from friends of friends either.

While I have tried temporaryinbox.com at first go and found it great, I don't know if there is some problem with their server as it often fails to generate email address. I think its because of server load. Spamavert has some good feature like it immediately opens up the concerned email inbox also, so you don't have to login anywhere.

Oh btw here is the link to firefox addon for both:

Spamavert Addon
TemporaryInbox Addon

Hope this helps!

Read More...
AddThis Social Bookmark Button

Busy With IndianPetDogs.com  

My aff marketing and internet marketing work has been keeping me pretty busy for quite some time now but at same time there are a hell lot of other things that I have been trying to do. One of them is launch of IndianPetDogs.com - a site dedicated to dog breeders and kennel owners in India. I have been feeling that there was plenty of space for such a site in Indian scenario.

The dog market is booming, almost as good as it would be in any other part of world. However people are still trading offline, most of them don't even have their own website to showcase their dog. So I thought why not, lets take a shot at it. Till now most of the publicity is word of mouth publicity. Most dog owners that we have talked to have been very enthusiastic about the website and feel there is a lot to come in this area.

Dog owners, kennel owners can place their own classified ads, create their profiles, create forums and communities. We plan to rope in a lot of dog shows sponsorship as the site gains momentum.

There is a lot to be done in this area and I hope this site for dogs in India hits the #1 spot.

Read More...
AddThis Social Bookmark Button

XoftSpy Spyware Adware Review: My Expert Opinion (IMHO)  

Being into software and web development has its own advantages and disadvantages. Like its easier to hook up with girls since they often mess their PC and don't know how to get out, which means you get free invites to their place :). At same time, you often have to download things that might be potentially dangerous and often harm your computer.

Last time I was hit, it took me a few days to get out of it. It was not a virus, but rather an innoccous adware, well that is what it looked like. Started with just giving me a pop-up window if I used Internet explorer. Remember that I user Opera so Internet Explorer is not a big deal for me. But it soon spread like a virus, and before I could realize my system was taken over. I was no longer the administrator and all the system process users were showing blank names.

If you don't understand what I am talking about but can feel that you are going through it then I recommend XoftSpy.

Anyhow, I won't go into technical details here. Rather I will present the Xoftspy review and what it can do for you.  Find and remove infected files immediately whether they reside in running processes, files, folders, or registry entries. It scans almost everything.

One of the things I liked the most is XoftSpy has one of the largest spyware databases of any spyware removal tool and includes automatic feature updates for protection against new spyware and adware. Once Xoft Spy find the infection, it labels it for you and indicates its threat level. Delete all the threats, or only specific ones.

The software was able to clearly get rid of all the issues. Few noticeable things were

1) The system was noticeably faster

2) There was no adware or spyware problem thereafter.

3) It was available for immediate download which was a big plus.

4) There were no side effects. Yes, there are adware and spyware that manipulate your system to their advantage.

The only drawback. Not too many options for the user. There is a scheduler available though but I am sure advanced user like me (IMHO), will definitely prefer more options like selecting the files to remove.

If I am asked to rate it on a scale 1 to 10. I will give XoftSpy a rating of 9/10.

Here is the direct download link to the software.

Click Here To Download XoftSyp For Free Now

Read More...
AddThis Social Bookmark Button

Minimizing Firefox To System Tray  

Let me reiterate - OPERA IS THE BEST BROWSER YOU CAN FIND!

but when you are into web development you have to resort to firefox often for the add-on. Funny though that since addon have started appearing I have stopped seeing progress in firefox, its memory heavy, cpu heavy, slowest browser that is now just for Google promotion - The very reason for its existence.

 

Anyhow I am quite used to opera where pressing ctrl+H send it to system tray, freeing the task bar space. So I thought may be someone at firefox is trying to copy that too. But no, finally had to get an add-on (an unsigned addon that carries as much security risk as anything else) to minimize firefox to the system tray.

Here is the link to it -

https://addons.mozilla.org/en-US/firefox/addon/2110

To customize this add-on, go to Tools menu of Firefox and the n click Add-ons.

Now select Minimize to Tray Add-on and click options.

This will open the options window. Check the options you like.

Click ok and you are done. 

Works could have been inbuilt in firefox!

Till the time firefox itself becomes anything worth competing with Opera or Even Flock you'll have to rely on addons.

Read More...
AddThis Social Bookmark Button