Hong Kong RC Sailplane Forum 香港滑翔機發燒友論壇
http://www.rcsail.com/forum/

HKRCSS web site will be shut off for one day (I hope!)
http://www.rcsail.com/forum/viewtopic.php?f=3&t=2445
Page 1 of 1

Author:  CM Cheng [ 07 Oct 2013 11:24 pm ]
Post subject:  HKRCSS web site will be shut off for one day (I hope!)

Dear all,

The HKRCSS home page seems to have trouble! Malwares were found on several pages of the web site. I will delete the whole web site and reload it. It may take about one day. So for the moment, the home page is downed. Sorry for the inconvenience caused.

Don't go to the HKRCSS web site now. I don't know what those javascripts are!

Cm Cheng

Author:  Stanley [ 08 Oct 2013 12:24 am ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

What happen? What JavaScript causes problem? I can help if needed!

Author:  CM Cheng [ 08 Oct 2013 04:06 am ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

Thanks Stanley!

Google webmaster reported that there are malware found in the pages of http://www.hkrcss.org. I checked and there are over 70 pages changed. A Javascript was added at the end of the changed pages. I am not sure what it's for, google search returned no result, but I don't think they are good! I attached a comparision of one of the infected page here. The left side is the changed one. The right side is the original one. You can see that the embedded youtube script was removed but an unknow javascript was added at the end. For safety, better remove all of them!

I have a full back up on my harddisk so everythings are still there. Just need some times to delete and upload.

Attachments:
Compare.png
Compare.png [ 179.49 KiB | Viewed 4321 times ]

Author:  Stanley [ 08 Oct 2013 11:07 am ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

Look like there is a break-in into the system.
There are two possibilities of break-in.

1. From your computer system that your editor used may be hacked and will insert java malware codes into the page, once the infected page was uploaded it may insert all malwares into all other pages if the host system security setting is not strong enough. Please check your computer in particular the editor to see if any malware has been inserted after editing the page.

2. There may be a security loop hole in the host system that allows hackers to sneak in and insert all these malwares. I will scan the host system rigorously and review all the security setting to see if there is any break-in and report back later.

Regards

Author:  Stanley [ 08 Oct 2013 11:45 am ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

There is certainly a break-in into the system. Someone has inserted a malware editor there! Some directories can not be removed or chmod because they were hijacted! There is no hope to reload the web pages there at the moment. I will contact the hosting company to get a complete reload or new install, just hold on! Again please check you computer system to see whether it was hacked.

Attachments:
stat.jpg
stat.jpg [ 114.52 KiB | Viewed 4302 times ]

Author:  CM Cheng [ 08 Oct 2013 12:42 pm ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

I have deleted all the files under hkrcss.org, including all the hidden files.

Thanks for the advise. I will check my computer and will change to use another ftp program.

Author:  Stanley [ 08 Oct 2013 10:12 pm ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

Hi CM,

The hosting company has looked at the system thoughtfully and realized the problem. I guess there may be weakness in their system. Anyway, they said they need another 6 hours to fully restore the system and re-install our backup there. I don't know the date of the lastest backup they have, but I guess may be only a few days before the infection. So please wait until they have re-installed the system, and then upload those recently modified files to the site will be ok, no need for full re-load from your harddisk.

Regards
Stanley

Author:  Stanley [ 09 Oct 2013 08:05 pm ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

After a whole day of working on it, the hosting company is still struggling to remove all infections permanently. I think the infection in their system is very extensive, not just in our own sites. They said they will update us as soon as it can, too bad!

A friend in computer security industry told me that recently, about a week ago, there is a major security outbreak through infections of Adobe product downloads and was spread to Google and other download sites. There is a major clean up effort on going in many sectors, so just be careful when downloading freewares from Google.

Regards

Author:  CM Cheng [ 09 Oct 2013 09:16 pm ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

Thanks for the update. Seems to be a big problem :?

Author:  Stanley [ 10 Oct 2013 11:45 pm ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

HKRCSS web site was restored from the last backup of 4 oct. 2013. Please check and upload the most recently modified files.

Regards

Author:  CM Cheng [ 11 Oct 2013 12:02 am ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

Hi Stanley,

Please check the index page. The weird script is still there. The infection should be before Oct 4. I think it is better to delete and reload the whole web site.

Author:  Stanley [ 11 Oct 2013 01:03 am ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

My god! look like the infection is every where and very serious.

Please check all the html, htm files in your side to make sure no infection first. I have sent a request to the hosting company to clean up the system again and restore an ealier version.

I have downloaded an infected file to check on it and hopefully derive way to eliminate them if we do not have an earler clean version.

Good luck!

Author:  CM Cheng [ 11 Oct 2013 09:30 am ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

My computer and the back up are clean.

Can you ask the ISP to just delete all the files and then I upload my clean back up to the web site? If the problem is still there, there could be security holes at the ISP side.

Author:  Stanley [ 11 Oct 2013 11:26 am ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

They keep the earliest backup version of 26/9/2013 and have restored back to the site. I did a prelim check and couldn't find any malware code there. Please check and put back the recent files there.

Regards

Author:  CM Cheng [ 12 Oct 2013 09:55 pm ]
Post subject:  Re: HKRCSS web site will be shut off for one day (I hope!)

Dear all,

The HKRCSS web site is restored.


:lol:

Page 1 of 1 All times are UTC + 8 hours
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/