Malware Warning on my Plusnet Space
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Malware Warning on my Plusnet Space
- « Previous
-
- 1
- 2
- Next »
Re: Malware Warning on my Plusnet Space
06-07-2010 9:20 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Malware Warning on my Plusnet Space
06-07-2010 10:32 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I'd tried that and seen nothing. Just asked Chris if the .htaccess contained a
RewriteCond %{HTTP_USER_AGENT} .*Windows.*
line. It did. That explains it.
The exploit looks very much like the recent hijacked-subdomains scareware thing. Is the OP's PC definitely trojan free?
Gabe
Re: Malware Warning on my Plusnet Space
06-07-2010 10:49 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I can confirm that my computer is clean.
Thanks again,
Pete.
Re: Malware Warning on my Plusnet Space
06-07-2010 10:50 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Matt I have to say I'm very sorry I missed that - lesson learned. It'd probably be worth changing the password on your account, that will also change the webspace password and should stop it from happening again.
Will do. Thanks.
Pete.
Re: Malware Warning on my Plusnet Space
06-07-2010 11:22 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Badders Any idea where it came from?
Ultimately, probably Russia >:(. The upload could have come from anywhere. The login details typically come from a compromised PC or local network. Have you logged into Plusnet away from home recently-ish?
Gabe
Re: Malware Warning on my Plusnet Space
06-07-2010 12:23 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Matt I have to say I'm very sorry I missed that - lesson learned. It'd probably be worth changing the password on your account, that will also change the webspace password and should stop it from happening again.
1 last question, Matt. I've done as you suggested and changed my account password. However, Email is still working on the old password. Should that not have changed automatically? If I try to log in using the new password, it fails.
Pete.
Re: Malware Warning on my Plusnet Space
06-07-2010 12:55 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Or did that change recently?
Re: Malware Warning on my Plusnet Space
06-07-2010 1:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Jojo:)
Re: Malware Warning on my Plusnet Space
06-07-2010 1:59 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I'll eventually wake up and the blindingly obvious will hit me right between the eyes
Pete.
Re: Malware Warning on my Plusnet Space
06-07-2010 2:07 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: avatastic If this is PN webspace then the htaccess file must have been uploaded from PN, as the FTP server doesn't allow non PN connections.
True for ccgi, but not for homepages (or PAYH). Wonder how they got the login.
Gabe
Re: Malware Warning on my Plusnet Space
06-07-2010 4:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Would have been interesting to grab the 'last modified' date off it, but I suspect it's now long gone.
B.
Re: Malware Warning on my Plusnet Space
06-07-2010 5:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Gabe
Re: Malware Warning on my Plusnet Space
06-07-2010 6:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Barry The rogue .htaccess could have been dropped by a drive-by attack on a script on the site.
On homepages?
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
- « Previous
-
- 1
- 2
- Next »
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Malware Warning on my Plusnet Space