Comments on: Something Funny in the State of Maine http://blog.picadesign.com/2009/06/something-funny-in-the-state-of-maine/ A Graphic Discussion Tue, 13 Apr 2010 14:14:25 +0000 hourly 1 http://wordpress.org/?v=3.1.3 By: Tim Shackelford http://blog.picadesign.com/2009/06/something-funny-in-the-state-of-maine/comment-page-1/#comment-60 Tim Shackelford Tue, 16 Jun 2009 15:03:12 +0000 http://www.picadesign.com/blog/?p=313#comment-60 Several of the sites that I dealt with recently were just plain HTML sites with no dynamic content and no CMS of any sort. These were basic brochure sites. In this case it was just an infected PC running FTP software that was compromised. This could even happen if a client using Contribute or similar site management software had their PC infected. I haven't heard yet if Macs have also been infected by this malware, but for now FTP info stored on my Mac seems to be safe despite sharing a network with the infected PC. Several of the sites that I dealt with recently were just plain HTML sites with no dynamic content and no CMS of any sort. These were basic brochure sites.

In this case it was just an infected PC running FTP software that was compromised. This could even happen if a client using Contribute or similar site management software had their PC infected.

I haven’t heard yet if Macs have also been infected by this malware, but for now FTP info stored on my Mac seems to be safe despite sharing a network with the infected PC.

]]> By: Cait http://blog.picadesign.com/2009/06/something-funny-in-the-state-of-maine/comment-page-1/#comment-59 Cait Mon, 15 Jun 2009 14:21:59 +0000 http://www.picadesign.com/blog/?p=313#comment-59 Absolutely. It's essential to keep up to date with the software packages - open source ones particularly. But at least one of the ones I've seen has been just html, and on a well protected local host. Absolutely. It’s essential to keep up to date with the software packages – open source ones particularly. But at least one of the ones I’ve seen has been just html, and on a well protected local host.

]]> By: Justin http://blog.picadesign.com/2009/06/something-funny-in-the-state-of-maine/comment-page-1/#comment-57 Justin Sat, 13 Jun 2009 16:20:46 +0000 http://www.picadesign.com/blog/?p=313#comment-57 I've also found that sites that use older versions of software packages (WordPress, phpBB, etc.) tend to be very vulnerable to these kinds of attacks. It's important for someone - whether it's the site owner or a company that manages the site for a business - to keep that sort of software as up-to-date as possible! I’ve also found that sites that use older versions of software packages (WordPress, phpBB, etc.) tend to be very vulnerable to these kinds of attacks. It’s important for someone – whether it’s the site owner or a company that manages the site for a business – to keep that sort of software as up-to-date as possible!

]]> By: Cait http://blog.picadesign.com/2009/06/something-funny-in-the-state-of-maine/comment-page-1/#comment-56 Cait Fri, 12 Jun 2009 20:36:47 +0000 http://www.picadesign.com/blog/?p=313#comment-56 I'm so glad you were able to figure out the source and clear it up. We've seen the same issue on two other local sites that aren't ours, but are hosted locally. It would be interesting to know if the code on all is the same, and if they share hosting. I’m so glad you were able to figure out the source and clear it up. We’ve seen the same issue on two other local sites that aren’t ours, but are hosted locally. It would be interesting to know if the code on all is the same, and if they share hosting.

]]> By: Tim Shackelford http://blog.picadesign.com/2009/06/something-funny-in-the-state-of-maine/comment-page-1/#comment-55 Tim Shackelford Fri, 12 Jun 2009 14:44:25 +0000 http://www.picadesign.com/blog/?p=313#comment-55 I experienced 7 sites hacked with this same attack in the last couple of weeks. I believe I found the root. A malware infected Windows PC that I wasn't even using for anything but streaming Hulu to a TV. This used to be a development computer so I had Dreamweaver on it and was using Dreamweaver to manage FTP connections to the sites I worked on. Out of 9 FTP profiles in Dreamweaver, 7 were hacked, 1 did not have an index page, and 1 had switched hosting companies. I'm still not certain how the malware got on that machine in the first place, but I have a feeling it probably occurred when visiting an infected site prior to the site being flagged and the warning being displayed. The drastic but recommended solution, reformat the PC, clean the code from the website (I had great success by doing a site-wide find on the term "unescape"), then be sure to change the FTP password for the infected site. Hope this helps! I experienced 7 sites hacked with this same attack in the last couple of weeks. I believe I found the root. A malware infected Windows PC that I wasn’t even using for anything but streaming Hulu to a TV.

This used to be a development computer so I had Dreamweaver on it and was using Dreamweaver to manage FTP connections to the sites I worked on. Out of 9 FTP profiles in Dreamweaver, 7 were hacked, 1 did not have an index page, and 1 had switched hosting companies. I’m still not certain how the malware got on that machine in the first place, but I have a feeling it probably occurred when visiting an infected site prior to the site being flagged and the warning being displayed.

The drastic but recommended solution, reformat the PC, clean the code from the website (I had great success by doing a site-wide find on the term “unescape”), then be sure to change the FTP password for the infected site.

Hope this helps!

]]>