Tech Issue: Norton Internet Security blocked an attack from my own website
Am I making too big a deal of this? Pulling my hair out, need some guidance. All week, when I try to view my website(s) on FF or IE browser on computers protected by Norton Internet Security, I receive a message saying 'a recent attempt to attack your computer was blocked. Further details say, "an intrusion from 'website url' was blocked.
More detail: HTTP Malicious Javascript Encoder 5,
attacking computer: www.gallagherschimney.com, www.mrschimneyguy.com, on a shared hosting server,
attacking url: mywebsite /preloadmenuimages.js or /milonic_src.js
I used XSitePro2 to set these sites up, update them on occasion, have never gotten this message before Tuesday. Since then, I did an FTP on www.gallagherschimney.com, thinking it could solve the issue. I did not update www.mrschimneyguy.com. Same thing happens when viewing both sites: no menu navigation, no info bar navigation, but footer navigation is ok, and body of page ok.
How serious is this, and how can I get this resolved? I am completely stumped and am spending all my energy on this since these are my main websites with my main hosting account. I have another site that I set up with XSitePro2 on a different hosting account, which is also viewing fine, www.gallagherschimney.biz.
So, there are some workarounds here, I just don't like getting a high risk message... What if customers are getting that message when they view the site(s)?
NIS Tech Support has been working with me daily all week with no solutions.
My hosting co. (GVO) says all is well with my site, they see no errors.
I can view these sites fine on computers where AVG is the virus software running and no messages about this 'attack'.
I just don't want to ignore this if it is a real issue. If it is not a real issue, what can I do locally,
Hi Mary, same here, I get a warning and YES! You must fix this. It is loading the malware it is a trojan so it must be fixed ASAP.
Here's the kicker though. Usually I am able to spot the problem code right away but I've looked at this a few times at this time it's escaping me. Still, I would say you need to do something.
One. Change your passwords on all sites. FYI I only went to your .com not the rest but think you are likely experiencing the same problem on all.
Two. Try re-uploading the whole site. Hoping this will overwrite all the offending code.
Then test again.
Edited to add: Look through your site in FTP mode check to see if there are any files that don't belong.
Last edited by lynette; April 17th, 2010 at 11:34 PM.
Reviewing your post again. It seems like these two files /preloadmenuimages.js or /milonic_src.js are the offenders according to your AV and while you may have removed the navbar through WYSIWYG it may not have been removed in the code as I see in your source. I do not know where you are in editing raw HTML but I would also try editing just one page and removing /preloadmenuimages.js or /milonic_src.js or any .js first, save/upload, then load only that page on the browser to see if that did the trick.
Thanks, Lynette, what you are saying is actually making sense to me, since I've been staring at those files for 3 days now. I have been going over files, hosting, NIS, GVO hosting, XSP tech support back and forth. It's boggling most everyone who looks at it, and the .js code is in way more files than it should be, that's the problem.
After changing passwords and uploading files without the 'js code' to overwrite it, the same errors occurred. So, what I've done, (in addition to changing all my passwords to none I can remember!!), is save a local back up of my files (which doesn't make sense if the errors are encoded within the files, but I'll have the text anyway) and delete the account completely.
Then I'll upload a completely new XsitePro website setup to a newly created hosting account. I have a tech support ticket open for XSP, to make sure I have a clear understanding of what happened and how I can avoid this since I'm invested in using xsitepro to create websites.
Whew, this is what I live for! Putting fires out, would you say??? finally able to smile a little about it...
Best,
Mary
I just went through a similar problem and the host those sites were on refused to get involved or even look at my stuff. Guess who is moving their sites to a different account? (They were in my old GoDaddy hosting account btw, which I had been avoiding moving just because moving is a pain LOL)
I had a lot of help getting everything cleaned up over about 6 different websites, it was a nightmare. Traci Knoppe was a huge help in helping me identify where the problems were happening, and then from there I went and had a tech remove the icky crud.
On my craft blog they threw all that trojan junk into my wp-plugins folder so I was able to just rename that folder, create a new one, and reupload fresh copies of the plugins I was using to fix the problem. Thank goodness for that.
I hope you get it all cleaned up soon, I know how frustrated you must be right now. I still have one site that I have to finish reinstalling everything on. It really made a mess of things, but it also made me look at what I have, what I wasn't paying attention to, and of course reminded me to back everything up.
"Whew, this is what I live for! Putting fires out, would you say??? finally able to smile a little about it... "
Good for you Mary...V. funny!!
One of the joys of wordpress is that is that you can just delete the whole blog. Install a new one in a few seconds and just hit "Import" to upload a copy of your posts etc.
Of course one of the pains of wordpress is the continual (that's how it seems anyway) updating of versions and plugins!
Oh, I didn't check wordpress, but didn't get this error message on any of my wordpress blogs, just the XsitePro sites. I didn't even have wordpress on my main site, but xsitepro makes it almost as easy. The poisonous code doesn't seem to be in any of my wordpress files, but as you say, the security issue will be my main focus for the coming week.
And, Loretta, I know exactly what re-evaluation steps you mean. I suddenly realize what is absolutely most important, which isn't anything new, but it shakes out the peripheral stuff from the "absolutely have to get to it" stuff.
Security and backup I am way better at than I was a year ago, and now, will be more vigilant. Gallagher's Chimney Service website had mediocre copy and content. Now Barney wants to "pose" for pictures and video, so I can do a better job of relevant current content. I know more about SEO that comes naturally than I did a year ago, so that piece will be better too. All in all, good things can come of this...
It gives me a better framework of what pieces to make sure are in place, from start to profit... and continuing profit!
Well, an update on this: It looks like all is well, and a little better, if I consider that I wanted to tweak our site, and make some changes for consistency in our branding and seo.
Thanks to GVO Hosting support people and to XSP2, I was able to create the account with much better security and upload the files easily to solve this.
I even got a call from someone who found us online before I fixed the site, so something's working in my backup local seo strategy, lol... Downtime on the main site, www.gallagherschimney.com panicked me, but realizing that Gallagher's Chimney Service is in many other places too and can be found online as well as offline, is a little eye-opening.
Now, I have an optin on each page of our site, so my next step will be in following up a little late with the March Elite challenge, schedule out autoresponder messages and the ezine, which has been on and off the burner for quite a while. So, it's on...
Tech Issue: Norton Internet Security blocked an attack from my own website
Reply With Quote
Whew!
Bookmarks