|
NAME: Exploit.HTML.Mht
ALIAS: MS04-025, CAN-2004-0549, HTML/MHT@EXPL, Mht Summary An exploit is a short code or script that uses a vulnerability to perform malicious actions. The HTML.Mht exploit is embedded to HTML web pages. It attempts to download and install a malicious program on your computer by using a security vulnerability in Internet Explorer. More information about this security vulnerability, including a fix, is available from Microsoft: http://www.microsoft.com/technet/sec.../MS04-025.mspx ================================================== === |
Quote:
Remember who else did something like this? ... |
Quote:
Hosts that wont help in this situation really piss me off, its obvious the guy doesnt know what the problem is , and he will just leave if he cant get it fixed so its hardly not worth it to the host to quicly tell them what the problem is , if the customer INSISTS on running something unsecure , thats a diff story but if they are just clueless it seems a no-brainer to help them out for the 10 minutes it might take to fix the problem for a tech |
do you have any counter on your page?
|
Quote:
no i dont? who the fuck is this guy? my fucking computer has this shit now! :mad: |
Quote:
|
Quote:
Again I would like to share that there is NOTHING ELSE aside from the most up to date verison of wordpress running. Thats it. My system has been scanned, re scanned, cleaned, anything to make sure nothing was on my end, I am clean. So where do I go now? Or.... Who takes the next step? |
well , a good idea is to have a new password setup .. huge one .. about 12+
with numbers and Letters + have your host put in a firewall for you.. so only your ip can ssh or ftp to your server and if this dosn't work .. have someone check all your scripts also .. have your own system at home or the office checkes for spyware.. just incase good luck |
Quote:
|
Quote:
|
For those in the know who might have some ideas since I have seen this shit on at least a half dozen sites that are all running diff configs and scripts, here is the coding that seems to get attached to parts of the page..
Quote:
|
Quote:
he said his page was getting hacked he didnt fucking say there is a virus on his page that will spread to other users that visit his page :disgust |
The script kiddies creating this shit should be hunted down and killed.
|
Quote:
|
Quote:
|
these virus things scare me.... :(
|
Quote:
|
this has happened to a couple customers of ours.
the first issue was that the customer had WordPress installed and was using some 3rd party template or counter which was inserting a javascript trojan downloader in to the page on the fly. once the customer removed the template/counter, the issue went away. the second issue was permissions. the customer had some script running with a file owned by apache.apache and 777. once we changed the permissions the javascript trojan went away, and the iframe insertion to uniqcontent went away as well. contact me if you have any other questions. |
Quote:
|
Quote:
from what you pasted above for the code, it definitely sounds like wrong permissions on some of your files. for wordpress i believe it should be: Folders => 755 Files => 644 |
get a decent host, if everything is tight on the server, your sites shouldn't get owned even with security bugs in any scripts you may use....
|
bump for this
|
Quote:
It doesn't really matter if that file is 777 (some scripts really need that) most php writes that are not run through cgi. The problem is with the script that allows an attacker to execute/upload on your server. |
try what we called antivirus
|
Quote:
|
Wow, that's nasty.
I cant believe webair wasent more helpfull. |
I'm having the same problem and have contacted Webair about it twice now. they are 'looking' into it.
|
Where is webair in this thread to try and help out their customer? They seem to manage to make it to every thread that is looking for hosting but not this one? :helpme
|
Quote:
|
keep us posted...
|
Not much you can do about it, looks like the virtual hosting box is compromised and this is likely happening to everyones pages on the box.
It probably searches for any web content and adds that into every file. :/ |
I have the same problem with my sites on webair, trojan javascript at the top of the page just pops out of nowhere...
WEBAIR SOLVE. |
oh, this is a virtual server.
That explains it. |
Quote:
Thank You. |
Ask your hosting.
|
did u get it fixed?
|
Quote:
|
redo your complete server setup (including OS install) and the problems will go away.
|
anyone on webair knows more about it?
i found some of my domains hosted on webair hacked too (only root index.php files although)...not sure if its coming from my computer or it was some hack of webair accounts. |
I started a new thread.
|
| All times are GMT -7. The time now is 06:36 PM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc