|
|
EMRR HACKED?
10/31/08 - Back to Normal?
- Did a site update with the Sync program that I believe I'm
going to purchase... now we'll see.
10/30/08 - How?
- It was clearly an FTP Hack
- No further incident since password change
- To stay up-to-date you can follow
this thread.
- How could this happen? Here's some thoughts:
- PRIME SUSPECT: I have been testing/trying numerous FTP sync
software to make my updates easier. Well to test these you must enter your FTP address and PW
- RELATED: Used Windows XP Explorer for some FTP activity too
(perhaps this was negatively impacted)
10/29/08 - Second Attack?
- Around 2am it was reported again!
- We replaced the files again.
- We have "write protected" those index.*
files...note sure if that will help
- We have created a comparison program to check the Index file
against a standard.
10/28/08 - EMRR HACKED?
- Someone reported using PROBLEM REPORT at the bottom of each
page that my site was giving them a Bloodhound.Exploit.196 (click to see explanation).
- Bloodhound.Exploit.196 is a heuristic detection for files
attempting to exploit the Adobe Acrobat and Reader Multiple Arbitrary Code Execution and Security Vulnerabilities (BID
27641).
- Upon inspection all index.* files had some added hidden
iframe code that linked to a biztraff.eu and thefilmmusic.cn
(DON'T GO THERE).
- We replaced all index.* files with clean ones.
- Around 2am it was reported again!
- We replaced the files again.
- We have "write protected" those index.*
files...note sure if that will help
- NOTE: For those that love EMRR and still want to poke around
while we get this under control, you can come in through any other page link (here's one) and I have temporary removed all pointers to index.*
|
|
