Showing posts with label hacker. Show all posts
Showing posts with label hacker. Show all posts

Friday, September 13, 2013

Friday the 13th, a bad-luck message JS/redir.BS for a wordpress website

JS/redir.BS is a malaware that silently is stored in your website and will cause something ugly to happen: lose access to it.

There is no simple way to know when it got there, but several places can give you a clue on how to get rid of it. Important advice: take care of your website security, create backups and change passwords every now and then! Wordpress is a strong tool, but not invensible.

As I know how to control my computer and get rid of malaware, I decided to create a simluation in my computer, that was risky, but the fastest way to do it instead of waiting for the hosting company to help me.
I did a clean installation of Wordpress last version, the one I use in my website.
As I was suspicious of the theme, that was the first thing I copied from the server to my laptop. When I tried to move the theme folder to my local Wordpress installation, there it was. My Antivirus poped-up and blocked the virus, luckily it was just in the header file.
If you still can access to wp-admin on your website, go to the infected file, and get rid of it or of the infected code. It is Javascript code.
Change your passwords, all of them. Do the same for the keys using the Wordpress generator and overwrite them at the wp-config file.

If your case was not that simple:
First, confirm if your website is infected with malaware: http://sitecheck.sucuri.net/scanner/
Second, make some good reading http://codex.wordpress.org/FAQ_My_site_was_hacked
And learn how to Completely clean your hacked wordpress: http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

Either way, make sure your website is not infected http://sitecheck.sucuri.net/scanner/

Friday, July 22, 2011

When a smart guy make something big....but in the wrong place....

This story just amazed me....again the security system in the world is under review because someone threatened it...without knowing it!.

A smart UK guy is to be condemned to US prision (considered a terrorist threat) by hacking and US security department wants him to be extradited. He was obsessed of UFOs since he was a child, and loved virtual games, spent most of his time "hacking" but hacking is not bad, until you go happily into the US NASA Space Center, Navy and even the Department of Defense, after creating a "simple" perl script that discover thousands of passwords, letting the security under risk....but he was only searching for UFOs signs and best of all, he is autist.

After reading the story, I was guessing about how is this to be considered a bad moral action, at the end he was only searching for evidence of UFOs, and as per his declaration, he did not mean to threat the security, but only spent his time and search something that he really enjouys with.

What is open here is that probably security is not secure enough, and should be improved when applies. Because what would happen if someone that really knows what is doing and really wants to cause damage starts surfing the systems that theorically protects us all? how this improve would be funded?

In addition, would someone that has a beheavioural disease to be condemned for prision instead of being trated? and in which cases or for which disease? and were should the trial take place? at the original of the threatener or at the affected country? For this case, McKinnon did not cause more than technical damage (more than US $ 700 000) but none was phisically damaged, and his family is beggin for a fair trial at the UK instead of extradition to the US.

I checked the whole story at the spectrum-IEEE july magazine (paper copy).

FreeGary website