Author Topic: Again that marvelous avast! Webshield!  (Read 2133 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Again that marvelous avast! Webshield!
« on: January 09, 2014, 04:35:51 PM »
See: http://app.webinspector.com/public/reports/19352697
Missed here: http://scanurl.net/?u=http%3A%2F%2Fwww.bohomoth.com&uesb=Check+This+URL#results
Iframe check: Suspicious    htxp://yagerass.org' |{gzip} and thay is being detected by avast! Web Shield as HTML:Iframe-inf
Injection check: Suspicious Text after HTML  <? eval(base64_decode(zxzhbchiyxnlnjrfzgvjb2rlkfpywmhiq...... etc.
JavaScript check: Siupicious dy> </html> <? eval(base64_decode(zxzhbchiyxnlnjrfzgvjb2rlkfpywmhiq2hpwvhobe5qumzar1zqyjjsbetgcflxbwhpu
404 error check: Suspicious  Suspicious 404 Page:
   eval(base64_decode(zxzhbchiyxnlnjrfzgvjb2rlkfpywmhiq2hpwvhobe5qumzar1zqyjjsbetgcflxbwhputjocfdwae9
See: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fwww.bohomoth.com
254 suspicious files flagged here: http://www.quttera.com/detailed_report/www.bohomoth.com
 -> <iframe width="1" height="1" src="htxp://yagerass.org"> does not resolve: http://jsunpack.jeek.org/?
Somethin' missed here? -> http://urlquery.net/report.php?id=8767626
External link to
www2.glam dot com questionable web rep site!
HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 193
Expires: Thu, 09 Jan 2014 15:35:14 GMT
Date: Thu, 09 Jan 2014 15:35:14 GMT
Connection: close

pol
« Last Edit: January 10, 2014, 02:20:01 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37581
  • Not a avast user

bohomoth

  • Guest
Re: Again that marvelous avast! Webshield!
« Reply #2 on: January 10, 2014, 11:11:04 AM »
 8) I see you boys.

Site was down yesterday temporarily because the Huffington Post hotlinked to bohomoth which used up a tonne of bandwith and cause the server to overload and crash constantly. So we took it down temporarily to have a look at what was going on and do some emergency maintenance. It didn't take long luckily.

The above yagerass thing relates to http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/

Our ad server is Glam and we use Google ads via Glam as secondary ad units. It looks like the yahoo exploit's moved on to Google.

So if any of you websperts have google ads on your sites follow the advice in the above link. We did that and luckily nothing there was ever a real threat.

We had a couple of other tech issues too which are all sorted.

Thank goodness for my experts.

bohomoth

  • Guest
Re: Again that marvelous avast! Webshield!
« Reply #3 on: January 10, 2014, 11:22:33 AM »
@ Polonus are you Polish? I love a bit of Latin  ;) - cool username. Was that you who came posted in our comments as well? That was sweet of you if it was. thanks but we've got a top flight tech team luckily. I know lots of people cut costs with that sort of thing so appreciate the input if it was you. There's so many horrendous eyesore sites in our field of expertise that I felt we had to get decent techies. I'm glad we did now :-*
« Last Edit: January 10, 2014, 11:28:13 AM by bohomoth »

bohomoth

  • Guest
Re: Again that marvelous avast! Webshield!
« Reply #4 on: January 10, 2014, 11:39:13 AM »
One more thing. Why are you looking at our site with such interest in the first place Pol? Closet celebrity gossip fan ? Lovesit. You've definitely come to the best place.  ;D :P ;)

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33925
  • malware fighter
Re: Again that marvelous avast! Webshield!
« Reply #5 on: January 10, 2014, 02:19:03 PM »
Hi bohomoth,

Good you found your way here. I am into website security just for the "good of my soul" and also because it is a darned interesting security specialty "third party cold reconnaissance" scanning. Your site issues came up with a recent  VirusWatch report, so I felt the urge more or less to take a closer look and report here in the virus and worms. Good you reacted to all of this and showed an interest in enhancing your site's security.
Your visitors will be grateful for that  ;D .

For your information I am Dutch and I "married into" Polish culture and language so-to-say  ;) .
My advice is to further cleanse the site from questionable or less secure code. Ask your server guy(s) that host the website to send an X-Frames option header along to remove any clickjacking vulnerabilities. 

groetjes/pozdrawiam, kind regards

Damian aka polonus
« Last Edit: January 10, 2014, 02:21:48 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

bohomoth

  • Guest
Re: Again that marvelous avast! Webshield!
« Reply #6 on: January 11, 2014, 11:22:44 AM »
Morning Polonus,

Dutch people with an interest in all things Polish and third party cold reconnaissance scanning are my favourite ;)

The problems with any potential threat are all sorted. It could take a while for various scanners to update but it's all ok and we're adding a Git repository (via github.com ) out of the site which'll make it much easier to track.

Thanks so much for your help and interest and please let us know if you spot anything harmful in future. Like all website owners we're trying to grow and sometimes I feel like Sigourney Weaver in Alien battling monsters in unchartered territory ;)

Jen @ bohomoth.com