Server Help

K'

Looked at http://www.shanky.com/server/staff.html and was requested to approve an activeX element, half a second later ZoneAlarm jumps up with report of:
Exploit.Win32.IMG-ANI.h and Trojan-Dropper.Win32.Agent.bfd
Allegedly involved is 'file[1].jpg' and some obscure random file string.
Could be a false positive or from other source by some fashion, but who knows, might want to do a little in-house sweeping.

Bak · Posted: Wed Apr 04, 2007 2:50 pm *Post maybe stupid* Post subject:

there is an image: http://86.39.128.144/download/167212/file.jpg on the page

and the ip address is registered to (http://www.ripe.net/whois?form_type=simple&full_query_string=&searchtext=86.39.128.144&do_search=Search)

person: Steven Vandewalle
address: Aardenburgse Heerweg 5
address: 9910 Knesselare
address: Belguim

and yields the webhosting service: http://belgon.be/
_________________
SubSpace Discretion: A Third Generation SubSpace Client

Solo Ace · Posted: Wed Apr 04, 2007 3:00 pm *Post maybe stupid* Post subject:

Yeah, I got it too, but now I don't anymore. I don't know, did I just infect my windows box?

Nah I didn't.

Why were you reading that page? Trying to bring old, forgotten times back?

Ã think it's weird how it pops up, and then it doesn't. Maybe someone's messing with Apache's memory or what?

Solo Ace · Posted: Wed Apr 04, 2007 3:05 pm *Post maybe stupid* Post subject:

I'll go to Knesselare and beat up whoever's responsible for the host.

I'm still not sure about the sex of this ware, but I guess I don't even want to know if you consider it male.

Mine GO BOOM · Posted: Wed Apr 04, 2007 3:13 pm *Post maybe stupid* Post subject:

Confess · Zone Hoster Joined: Feb 10 2004 Posts: 532 Offline

Ya, thats a lot better then having it mess up peoples comps.
_________________
I know that I myself cannot do anything, that I will fall, and that I am a sinful man, but I know that I can do ANYTHING through God Almighty, whom strengthens me.

Cerium · Posted: Wed Apr 04, 2007 7:05 pm *Post maybe stupid* Post subject:

Speaking of malware, I noticed something rather odd when checking the Hybrid forums. Every now and then on the main page (hybrid.shanky.com), at the very top there's a link that says "Nothing here" and an image placeholder.

I don't recall adding that and as far as I know, you don't bother editing other people's sites. Moreover, it doesn't appear anywhere in the page source. Any idea what that is?
_________________
There are 7 user(s) ignoring me right now.

Mine GO BOOM · Posted: Wed Apr 04, 2007 7:27 pm *Post maybe stupid* Post subject:

It is a javascript inserted into the output done by a virus on the machine that is infesting apache. Like I said, I've complained to the host numerous times. We even switched machines, which fixed the problem for a bit.

Shanky.com/server is now redirected to Minegoboom.com/server. You don't need to update any links anywhere, because at some point I'll just move shanky.com onto the mineplowers server, in which case it will just be shanky.com/server again.

Cyan~Fire · Posted: Thu Apr 05, 2007 2:20 pm *Post maybe stupid* Post subject:

Can you get your brother to post more girls while you're at it?

_________________
This help is informational only. No representation is made or warranty given as to its content. User assumes all risk of use. Cyan~Fire assumes no responsibility for any loss or delay resulting from such use.
Wise men STILL seek Him.