Author Topic: Bizarre malware warning on Chris' site for one user only (Read 4893 times)

Paddy · « **Reply #15 on:** January 31, 2009, 03:35:52 PM »

Thanks, tacit - and yes, I did finally get an explanation of that Pureftpd file from ASO - it was exactly as you explain. I was quite unnerved at the time and wondered if it was part of the exploit, though I hadn't heard of any hackers running FTP servers off hacked web sites!

Our new password is also a combination of upper and lower case letters and numbers. I typically do that now with most sites I administer.

Xairbusdriver · « **Reply #16 on:** January 31, 2009, 07:10:50 PM »

I wonder if the lack of quick and detailed responses from ASO are from the desire to keep the sight of egg on their face from being seen by too many.

I'm no expert but it would seem their security measures should have help keep this kind of thing from happening. Or did I misunderstand that other sites on the same server were affected by the malware placed on one of the first site?

Paddy · « **Reply #17 on:** January 31, 2009, 08:37:14 PM »

No, Jim, there were no other sites on ASO's server that were affected. The javascript which was injected on the home page of Chris' site and into the guard page for Contribute was the only exploit, and as Tacit suggests, it was most likely a brute force attack, since we weren't running any blog or forum software or any other software that was out of date/had security holes. The former password was not as secure as the one we have now. The site that the javascript was actually redirecting to DID have out of date blog software, which had allowed it to be exploited. It no doubt had something far nastier on it than the javascript on Chris' site.

So, just to recap in case anyone is muddled: the hackers broke into Chris' site and placed some javascript on Chris' home page which appeared to do nothing more than redirect to a site called sciencepunk.com which is hosted by a Hong Kong ISP who are notorious for turning a blind eye to scammers and having lousy security. The sciencepunk.com web site was compromised by the hackers as well; it was running out of date blog software with security holes. Whatever the hackers did to the sciencepunk.com web site caused the Malware warning in Google to pop up whenever you attempted to go to Chris' site - because of course, you were immediately redirected to the malware-infested site on the server in Hong Kong. The owner of sciencepunk.com has now revamped his site (no mention of being hacked, however) and the javascript has been removed from Chris' site. ASO don't know how the hackers got into Chris' site, but I think the best guess is via a brute force attack (the password wouldn't have been found in any dictionary).

Interesting stats on passwords and how long it takes to crack them:

http://lastbit.com/rm_bruteforce.asp

Kinda makes you think, doesn't it?

chriskleeman · « **Reply #18 on:** February 01, 2009, 02:05:03 AM »

Paddy, Tacit,

Chris K

Xairbusdriver · « **Reply #19 on:** February 01, 2009, 01:59:07 PM »

Speaking of passwords (and as a 'muddled' reader!), I highly recommend <1Password from Agile Software>. I know it's been mentioned here before but a reminder can't hurt. It is the easiest way I've seen to create secure passwords and store them for only your eyes. Of course, you certainly need to remember your "one password" that allows you to open the app and see all of the others! Passwords can be up to 50 characters long, include zero or all ten digits, and up to 10 symbols. You can also ask for the characters to repeat. There are three different 'styles' of passwords from random to 'pronounceable,' I stick with random. Of course, some sites will limit the number of characters and even what can be included, some don't allow any 'symbols,' for example. 1Password can handle all that. The best part is that if you use it when you register at a site, all the info needed to log in is saved and you'll never need to type anything in again! And it will even 'hit' the 'enter' key for you! The access is through an icon that sits in the browsers tool bar area, mine is right next to the URL entry box. It does cost around $40 (and I've yet to pay for any upgrades in two years) but if you get it, you'll have absolutely no excuse for using an easy to hack password or the same one over and over. Plus, it will speed up your access to any site that requires you to log/sign in.

Mayo · « **Reply #20 on:** February 01, 2009, 02:24:27 PM »

Paddy, I tried the Brute Force Attack calculator link that is accessible on the Web page that you provided. I entered the following specs for my primary "high security" password:

Password length: 12 characters
Speed: 500,00 passwords/second
One computer undertaking the brute force attack
My password contains: Characters in lower case, characters in upper case, digits and common punctuation.
Estimated time required to crack my password: 1,733,781,599 years

Hmmm... That seems secure enough to me!

Xairbusdriver · « **Reply #21 on:** February 01, 2009, 02:49:11 PM »

You should live so long!

And besides, are those human or 'computer' years?!

Mayo · « **Reply #22 on:** February 01, 2009, 03:07:07 PM »

XABD, thanks for reminding me about 1Password...

I received a free license months ago via MacWorld Mac Gems. I can't say that I understand the upgrade info window that appeared when I started up 1Password, but all seems to be working well after importing my Keychain and Web Confidential data...

I never bothered to configure 1Password because it seemed like too much trouble. But now that I am using DEVONagent, NetNewsWire and sometimes Firefox, being able to utilize 1Password's cross-browser functions is a real plus. I often find myself opening Web sites in Safari that I originally navigated to in NetNewsWire simply because the auto-fill functions were tied to Safari. 1Password will save me from performing multiple steps and I may even stop using Web Confidential once I figure out how 1Password works.

QUOTE

are those human or 'computer' years?

I believe that they are "dog" years...

Paddy · « **Reply #23 on:** February 01, 2009, 04:38:54 PM »

Chris' new password has the same criteria as yours, Mayo. Think we should be reasonably safe from the brute force guys now, though of course, that length of time is the longest possible time it would take to crack the PW, not the shortest!

I use 1password too - very handy.

I should probably change some of my other passwords, though. Sigh.

Mayo · « **Reply #24 on:** February 01, 2009, 05:36:21 PM »

I think that I figured out the 1Password upgrade system...

The MacGems license was for 2.4x versions but it was extended to 2.5x. Since 1Password is now at 2.9x an upgrade is required to use a later version than 2.5.13.

So I have the current version (2.9.

running on my iMac and 2.5.5 on my MBP...

So 1Password users: is it worth it to spend $39.95-15% to upgrade?

Paddy, on most Web sites I use the same common word because I do not perceive there to be a reason anyone would want to post comments under my name, etc. I allow the auto-fill function to work on those Web sites. Financial Web sites, encrypted files, etc. get more secure passwords.

I don't allow auto-fill on those Web sites because I let the Apple Keychain open automatically upon start-up; I need to figure out how this works in 1Password. (I must admit that my understanding of how Keychains work is lacking...)

News:

Author Topic: Bizarre malware warning on Chris' site for one user only (Read 4893 times)