It started earlier this evening when I got an email message from a friend, a meteorologist at a competing station.
My antivirus software says there is a Trojan on your website… perhaps something in an ad??
Just wanted to let you know!
Like all newly infected webmasters I was skeptical. I gave him some advice on checking his computer.
I went to the site again to double-check and I got the alert again. It seemed to be loading something (according to the bottom bar of IE). I couldn’t see what it said. You are much more savvy with web stuff than I am, so maybe you can diagnose it.
I just checked.. it did it again… here’s the most I got out of Symantec… I don’t think it tells you much though.. this was all I could find.
Scan type: Auto-Protect Scan
Event: Threat Found!
File: C:\Documents and Settings\argigha\Local Settings\Temporary Internet
Location: C:\Documents and Settings\argigha\Local Settings\Temporary Internet
Action taken: Delete succeeded : Access denied
Date found: Thursday, December 15, 2005 5:54:20 PM
I called up my webpage and took a look. Everything was as it should be. And then, another email from someone else.
Thought you may be interested as someone my be hacking you.
By the way my virus scan fixed the problem every time.
Uh oh. This isn’t good.
Recently I had installed some mapping capability. I removed that. Nope, that wasn’t it.
Oh no – I’m sunk.
The templates used to marry my blog entries to the format of the page were fine. Where was the code coming from?
As it turns out, I get little bits of content from a few other sites. For instance, on the right side of this page are little weather tidbits. The Trojan had snuck in with one of those. It was coming from a friend’s site.
I called him and he quickly got in to action. Actually, he tried to get into action – but to no avail. Whatever had ‘pranged’ his site had also changed his passwords and modified his Apache webserver.
At this hours everything seems to be back to normal. This attack on my friend’s server could have just as easily happened on mine! And, if you were surfing this site earlier today it’s possible you were touched too. I use Firefox, which I think gives me a little protection, and my home computers are totally up-to-date on Microsoft’s patches.
It’s always something.
2 thoughts on “A Trojan Invades The Website”
Yeah, that came up on my computer last night, and I was wondering what that was all about. Glad that you were able to find the problem!.
As always, great work on your site!
I use Firefox in safe-mode, no problems here when visiting your site.
As a professional web developer, I strongly suggest surfing the web with Firefox or Mozilla – they’re both free (mozilla.org), and not open to all the security vulnerabilities like Microsoft’s Internet Explorer. IE has so many security problems, it’s better to be safe than sorry.
FYI – AOL users are a little better off if they’re using the latest AOL browser, but only a little, because the AOL browser is based on Internet Explorer. Simply downloading security pathces from Microsoft won’t get you there either – unless you want to download a new patch every week or so – that’s how often Internet Explorer’s security is breached.