RC Slope Soaring in Hong Kong

A forum for rc sailplane pilots
It is currently Thu Mar 28, 2024 4:43 pm

All times are UTC + 8 hours




Post new topic Reply to topic  [ 15 posts ] 
Author Message
PostPosted: Mon Oct 07, 2013 11:24 pm 
User avatar

Joined: Thu Feb 26, 2004 5:08 pm
Posts: 3081
Location: Hong Kong
Dear all,

The HKRCSS home page seems to have trouble! Malwares were found on several pages of the web site. I will delete the whole web site and reload it. It may take about one day. So for the moment, the home page is downed. Sorry for the inconvenience caused.

Don't go to the HKRCSS web site now. I don't know what those javascripts are!

Cm Cheng


Top
 Profile  
 
PostPosted: Tue Oct 08, 2013 12:24 am 
User avatar

Joined: Thu Feb 26, 2004 3:51 pm
Posts: 3711
Location: Hong Kong
What happen? What JavaScript causes problem? I can help if needed!


Top
 Profile  
 
PostPosted: Tue Oct 08, 2013 4:06 am 
User avatar

Joined: Thu Feb 26, 2004 5:08 pm
Posts: 3081
Location: Hong Kong
Thanks Stanley!

Google webmaster reported that there are malware found in the pages of http://www.hkrcss.org. I checked and there are over 70 pages changed. A Javascript was added at the end of the changed pages. I am not sure what it's for, google search returned no result, but I don't think they are good! I attached a comparision of one of the infected page here. The left side is the changed one. The right side is the original one. You can see that the embedded youtube script was removed but an unknow javascript was added at the end. For safety, better remove all of them!

I have a full back up on my harddisk so everythings are still there. Just need some times to delete and upload.


Attachments:
Compare.png
Compare.png [ 179.49 KiB | Viewed 22808 times ]
Top
 Profile  
 
PostPosted: Tue Oct 08, 2013 11:07 am 
User avatar

Joined: Thu Feb 26, 2004 3:51 pm
Posts: 3711
Location: Hong Kong
Look like there is a break-in into the system.
There are two possibilities of break-in.

1. From your computer system that your editor used may be hacked and will insert java malware codes into the page, once the infected page was uploaded it may insert all malwares into all other pages if the host system security setting is not strong enough. Please check your computer in particular the editor to see if any malware has been inserted after editing the page.

2. There may be a security loop hole in the host system that allows hackers to sneak in and insert all these malwares. I will scan the host system rigorously and review all the security setting to see if there is any break-in and report back later.

Regards


Top
 Profile  
 
PostPosted: Tue Oct 08, 2013 11:45 am 
User avatar

Joined: Thu Feb 26, 2004 3:51 pm
Posts: 3711
Location: Hong Kong
There is certainly a break-in into the system. Someone has inserted a malware editor there! Some directories can not be removed or chmod because they were hijacted! There is no hope to reload the web pages there at the moment. I will contact the hosting company to get a complete reload or new install, just hold on! Again please check you computer system to see whether it was hacked.


Attachments:
stat.jpg
stat.jpg [ 114.52 KiB | Viewed 22789 times ]
Top
 Profile  
 
PostPosted: Tue Oct 08, 2013 12:42 pm 
User avatar

Joined: Thu Feb 26, 2004 5:08 pm
Posts: 3081
Location: Hong Kong
I have deleted all the files under hkrcss.org, including all the hidden files.

Thanks for the advise. I will check my computer and will change to use another ftp program.


Top
 Profile  
 
PostPosted: Tue Oct 08, 2013 10:12 pm 
User avatar

Joined: Thu Feb 26, 2004 3:51 pm
Posts: 3711
Location: Hong Kong
Hi CM,

The hosting company has looked at the system thoughtfully and realized the problem. I guess there may be weakness in their system. Anyway, they said they need another 6 hours to fully restore the system and re-install our backup there. I don't know the date of the lastest backup they have, but I guess may be only a few days before the infection. So please wait until they have re-installed the system, and then upload those recently modified files to the site will be ok, no need for full re-load from your harddisk.

Regards
Stanley


Top
 Profile  
 
PostPosted: Wed Oct 09, 2013 8:05 pm 
User avatar

Joined: Thu Feb 26, 2004 3:51 pm
Posts: 3711
Location: Hong Kong
After a whole day of working on it, the hosting company is still struggling to remove all infections permanently. I think the infection in their system is very extensive, not just in our own sites. They said they will update us as soon as it can, too bad!

A friend in computer security industry told me that recently, about a week ago, there is a major security outbreak through infections of Adobe product downloads and was spread to Google and other download sites. There is a major clean up effort on going in many sectors, so just be careful when downloading freewares from Google.

Regards


Top
 Profile  
 
PostPosted: Wed Oct 09, 2013 9:16 pm 
User avatar

Joined: Thu Feb 26, 2004 5:08 pm
Posts: 3081
Location: Hong Kong
Thanks for the update. Seems to be a big problem :?


Top
 Profile  
 
PostPosted: Thu Oct 10, 2013 11:45 pm 
User avatar

Joined: Thu Feb 26, 2004 3:51 pm
Posts: 3711
Location: Hong Kong
HKRCSS web site was restored from the last backup of 4 oct. 2013. Please check and upload the most recently modified files.

Regards


Top
 Profile  
 
PostPosted: Fri Oct 11, 2013 12:02 am 
User avatar

Joined: Thu Feb 26, 2004 5:08 pm
Posts: 3081
Location: Hong Kong
Hi Stanley,

Please check the index page. The weird script is still there. The infection should be before Oct 4. I think it is better to delete and reload the whole web site.


Top
 Profile  
 
PostPosted: Fri Oct 11, 2013 1:03 am 
User avatar

Joined: Thu Feb 26, 2004 3:51 pm
Posts: 3711
Location: Hong Kong
My god! look like the infection is every where and very serious.

Please check all the html, htm files in your side to make sure no infection first. I have sent a request to the hosting company to clean up the system again and restore an ealier version.

I have downloaded an infected file to check on it and hopefully derive way to eliminate them if we do not have an earler clean version.

Good luck!


Top
 Profile  
 
PostPosted: Fri Oct 11, 2013 9:30 am 
User avatar

Joined: Thu Feb 26, 2004 5:08 pm
Posts: 3081
Location: Hong Kong
My computer and the back up are clean.

Can you ask the ISP to just delete all the files and then I upload my clean back up to the web site? If the problem is still there, there could be security holes at the ISP side.


Top
 Profile  
 
PostPosted: Fri Oct 11, 2013 11:26 am 
User avatar

Joined: Thu Feb 26, 2004 3:51 pm
Posts: 3711
Location: Hong Kong
They keep the earliest backup version of 26/9/2013 and have restored back to the site. I did a prelim check and couldn't find any malware code there. Please check and put back the recent files there.

Regards


Top
 Profile  
 
PostPosted: Sat Oct 12, 2013 9:55 pm 
User avatar

Joined: Thu Feb 26, 2004 5:08 pm
Posts: 3081
Location: Hong Kong
Dear all,

The HKRCSS web site is restored.


:lol:


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 15 posts ] 

All times are UTC + 8 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron

RASAIL Home

WindGURU at Ma On Shan, Clearwater Bay and Fei Ngo Shan

Powered by phpBB® Forum Software © phpBB Group