Webzcas
Affiliate Guard Dog Member
- Joined
- Nov 13, 2008
- Messages
- 505
- Reaction score
- 363
Hi all,
As you know since the beginning of last week Affiliate Guard Dog was infected by malware, the purpose of which was to redirect visitors to the site to third party sites with download trojans.
As I host AGD on my server and after discussing with Andy, I felt it only right and proper I update you all as to the current state of play.
We have ascertained the site was exploited back on the 22nd October and several backdoor scripts were also left on the site at this time. With the malware payload being activated on the 24th October.
I can confirm though from analysing the ftp logs and other backend logs, that no actual breach as such of the site occured. The malware was inserted via an injection, exploiting some code on the site.
So what have we done to resolve this?
It became quickly apparent that whilst restoring from the clean monthly backup of 3rd October and patching all software on the site to the latest releases was not sufficient on it's own.
I have therefore employed the services of a third party company Sucuri.net who achieved fame for exposing weaknesses with Godaddy and Network Solutions own websites.
Sucuri, have in the past 48 hours, performed a rigorous scan of the entire AGD site and have removed all backdoors that were uploaded by the hacker. They are also constantly monitoring the site for potential vunerabilities and more importantly any malware infections going forward.
Click the badge above to verify.
However, this brings us to the issue of how this attack was performed in the first place. Sucuri, currently have the logs to AGD and it's subdomains, and Andy and I are hopeful they can assist us in identifying the ip address or addresses of those responsible.
It is possible it was a bot, but hopefully if the attacks were personal, that individual or individuals responsible have tripped up.
On another note. I can confirm unfortunately that the virus that infected Natalie's PC, was a result of the malware on this site. The exact same trojan, took out my own netbook.
Andy and I fully apologise for this happening. But rest assured, the site is and will continue to remain secure moving on.
Finally if any member of AGD is au fait with weblogs and would like to put their pair of eyes over the logs, to see if they can help identify the point of attack, please PM me or Andy.
Thanks
Dave
As you know since the beginning of last week Affiliate Guard Dog was infected by malware, the purpose of which was to redirect visitors to the site to third party sites with download trojans.
As I host AGD on my server and after discussing with Andy, I felt it only right and proper I update you all as to the current state of play.
We have ascertained the site was exploited back on the 22nd October and several backdoor scripts were also left on the site at this time. With the malware payload being activated on the 24th October.
I can confirm though from analysing the ftp logs and other backend logs, that no actual breach as such of the site occured. The malware was inserted via an injection, exploiting some code on the site.
So what have we done to resolve this?
It became quickly apparent that whilst restoring from the clean monthly backup of 3rd October and patching all software on the site to the latest releases was not sufficient on it's own.
I have therefore employed the services of a third party company Sucuri.net who achieved fame for exposing weaknesses with Godaddy and Network Solutions own websites.
Sucuri, have in the past 48 hours, performed a rigorous scan of the entire AGD site and have removed all backdoors that were uploaded by the hacker. They are also constantly monitoring the site for potential vunerabilities and more importantly any malware infections going forward.
Click the badge above to verify.
However, this brings us to the issue of how this attack was performed in the first place. Sucuri, currently have the logs to AGD and it's subdomains, and Andy and I are hopeful they can assist us in identifying the ip address or addresses of those responsible.
It is possible it was a bot, but hopefully if the attacks were personal, that individual or individuals responsible have tripped up.
On another note. I can confirm unfortunately that the virus that infected Natalie's PC, was a result of the malware on this site. The exact same trojan, took out my own netbook.
Andy and I fully apologise for this happening. But rest assured, the site is and will continue to remain secure moving on.
Finally if any member of AGD is au fait with weblogs and would like to put their pair of eyes over the logs, to see if they can help identify the point of attack, please PM me or Andy.
Thanks
Dave
Last edited:
