Update, my software is again warning me the site has code on it. Again it is a redirection code.
Update, my software is again warning me the site has code on it. Again it is a redirection code.
Using Designer 1.187, STL importer, Center line, conforming vectors, scanning probe/PE, and the ROCK chuck.
Eddie
We are obviously back online, but I do not know anything beyond that.
CarveWright CX Packaged System - starting at $2000
CarversClub 1 Year Subscription - $150.00/year
Adv. Support w/out CC membership - $25.00/issue
CarveWright Community Forum - PRICELESS!
Hi Everyone,
I can confirm that the CarveWright front page and the CarveWright forum were hacked several times starting on Friday morning. The hackers inserted an <iframe> element in the HTML code to include their malicious site when our pages loaded. The malicious sites all had web addresses ending in "cx.cc". In general, our website should only include HTML from other CarveWright pages or occasionally mainstream sites like google.com or facebook.com. Be wary if you see data loading from any sites with unfamiliar web addresses.
We have identified an IP address used by the attackers, and have blocked that address and taken other steps to prevent unauthorized access. While I am hopeful that we have resolved the problem for now, we have not definitively identified how the hackers gained access. So over the next several days, we will be reviewing our web security and security processes to prevent future attacks.
Chris Morlier
CarveWright
Thanks Chris, and good work. Check your .htaccess files for code inserted in those. Also best to change all FTP passwords. This is what I have done in the past for sites I host.
Oh it looked like the attacker was from Monbia India. Using an ISP ip address, it may help tp block that ISP's ip address range.
Last edited by eelamb; 09-18-2011 at 05:03 PM.
Using Designer 1.187, STL importer, Center line, conforming vectors, scanning probe/PE, and the ROCK chuck.
Eddie
Big Thank You. You guys are on the ball. Capt Barry
Hi Everyone,
I just wanted to update you on what we've found with the malware warnings.
As previously posted, we did find that someone had gained access to our site and inserted HTML <iframe> tags, linking to other malicious sites in both the Forum and main page headers. It is clear that the hacker(s) did gain access to the forum, but we have no indications that they gained access to our webserver.
What steps have we taken to remove the malware and prevent future hacks?
1) We have removed the malicious code from our site, and Google is no longer generating warnings about our site.
2) The vBulletin forum software was out of date, so we have updated to the latest version.
3) We have blocked the IP address range from which the hackers were accessing the site, purged dead administrative accounts, and required all administrative users to update there passwords. We have also changed passwords of users who had easy to hack passwords.
4) Even though there is no indication that our server itself was breached, we are taking precautions there as well. We are checking that software is up-to-date, disabling unused software, purging dead accounts, and updating passwords. We have also scanned our web pages (including the .htaccess files, thanks eelamb) and have not found anything else suspicious.
Having not had many problems in the past, we had become a little complacent about keeping everything up-to-date. However, moving forward we will strive to be more vigilant.
That said, please be proactive about your own safety. Make sure you keep your browser software up-to-date to ensure you have that latest and greatest security features and patches.
We appreciate your support and understanding as we have worked through this problem.
Chris Morlier
CarveWright
Chris, once again you have done a great job in securing this forum, and protecting the community members. THANK YOU
Using Designer 1.187, STL importer, Center line, conforming vectors, scanning probe/PE, and the ROCK chuck.
Eddie
I second Eddie's comments. It is always a struggle staying one step ahead of the bad guys...
Last edited by dbfletcher; 09-20-2011 at 03:55 PM. Reason: typo
Doug Fletcher
The 50-50-90 rule: Anytime you have a 50-50 chance of getting something right, there's a 90% probability you'll get it wrong.
Do it on a Mac.
Vietnam Vet '65-'66