Surfing San Diego Website Status

---mentos here
I moved these posts to this thread..
---mentos out

I was on the site at 4:30 this morning, noticed that all posts were cut to 30 characters, then I viewed the page sources and found a script called after the 30th  character in every post. So I went to the site and viewed the script, it was designed to use cookies to set a Chinese site as your home page. (I also went to the Chinese site)There's good news and bad news...The good news is it had several errors that kept it from working (if it would have worked at all), the bad news is the way it was implemented (and those same errors) caused it to screw up every single post on the site.Even tho I followed links across 2 sites I didn't get any kind of virus or trojan, but as a precaution I deleted my Surfing San Diego cookie.





Edited by Mentos - 03 November 2007 at 1:18pm

All,
On Friday, the website was hacked by some douche in China.

If you were on the site and noticed all of the posts had the words cut off the end after about 30 characters and your antivirus software did not find a trojan and tell you about it, then you may have been infected.

Make sure you have the latest software updates to your anti virus software and run a full system scan now.

The last backup was from the 26th, so those are the posts we have...backups have been set to go every night now.

So did Esset's nod32

wave1173, if you use Firefox or if you are on a non-windows PC, you wouldn't have been exposed to the problem in the first place.

this may sound like a really stupid question but how does one go about getting Firefox?

mr daves got it





Edited by smokie - 05 November 2007 at 3:34pm

Besides Norton & Avast, can anyone suggest an anti-virus download to get rid of the blankity blank blank virus I caught from our own website!!?? It's full of blankity blank blank blank anti-spyware crap! Help please....

Hang 'em high

michelle,
I'm assuming you have XP, here is what I would do.
(paste this to notepad and print it).

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. (Turn it back on after this is repaired and you've rebooted.)

Start your computer in safe mode with network support:
Reboot while pressing the F8 key(or constantly tapping it) - use the arrow keys to highlight the Safe Mode with Networking option. Press Enter.
This will load only the basic files/drivers plus essential services and drivers for networking (internet) only.

Start Firefox in safe mode:
Select "Start -> Run" and enter: Firefox -safe-mode
All extensions will be disabled and default settings and controls will be used.

Run Housecall:
Type http://housecall.trendmicro.com/ into the address bar, when the site comes up press Scan Now. It's Free!, on the next page check "Yes, I accept the Terms of Use" and press Launch HouseCall. It will test your platform and browser - if it gives you a choice select "Use Java-based HouseCall kernel" (it always selects this for me when using Firefox). Press the Starting HouseCall button.
If a Security Warning(Trusted) window appears, click Yes. It should detect and remove all malware (viruses, worms, trojans, etc.) and restore any damage caused by them. You may want to write down the names of any viruses it claims are non-cleanable, but I've never seen any.

Once it is complete go ahead and reboot your computer.
(and then turn system restore back on)

A nice little add-on to run in Firefox is NoScript.

Those who were trying to post to the forum this past weekend found it very difficult. over the past 2 weeks we have been hacked twice. The database is backed up nightly so we restored the database to Friday Morning April 18th.