Beginning March 2nd, 2020 the Mailing Lists functionality on RootsWeb will be discontinued. Users will no longer be able to send outgoing emails or accept incoming emails. Additionally, administration tools will no longer be available to list administrators and mailing lists will be put into an archival state.
Administrators may save the emails in their list prior to March 2nd. After that, mailing list archives will remain available and searchable on RootsWeb
Strange..........I went there and nothing happened to me. I have Norton
and AVG running.
Vicki
Jan Cortez wrote:
> FYI - Sticking my nose in here, but want you to know. I don't know if Vivian is online or not to let you know.
>
> Contrary to what came thru from National last night, the National USGW page is still infected as well as those sites on IX Web Hosting. Anything that is hosted on theusgenweb.org. When I go to those websites - my computer is shutting those pages right down.
>
> Contrary to the rumors going around, it is my understanding and also that of RW that any pages there are *not* infected.
>
> If you come to a USGW site and a download for a flash player comes up, that is the current virus infecting the pages. Right now I do know that Montana GenWeb and some of their county sites are affected. I also have a website in NY and one in GA that are hosted there and they are infected. At this point we are locked out of the sites and can't even do a redirect to another server. <sigh> I've already moved mine in NY and the one in GA will be next.
>
> These pages BTW - hosted on theusgenweb.org are the free pages that Joy Fisher offered when we all started moving off from RW.
>
> When I say National pages, I mean the main National Website. This *does not* include the Archives or Special Projects which are hosted on another server and to the best of my knowledge after talking with David Crosby, they are safe and secure at this point.
>
> Please stay safe. Update your virus software, run scans and also run a couple spyware scans. I use Ad-Aware and Malwarebytes. We don't want any ruined computers out there.
>
> Jan
>
>
>
> Jan Cortez
> State Coordinator - MIGenWeb
> http://www.migenweb.net
> Co-National Coordinator - Tombstone Project
> http://www.usgwtombstones.org/index.html
>
> -------------------------------
> To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.686 / Virus Database: 270.14.23/2448 - Release Date: 10/20/09 05:43:00
>
>
I just went to the "theusgenweb.org" and my Norton popped up and said that it had protected my computer from an attack. Something is going on.
Deborah
________________________________
From: Vicki <wire(a)shaffer.com>
To: gagen(a)rootsweb.com
Sent: Tue, October 20, 2009 2:51:44 PM
Subject: Re: [GAGEN] IMPORTANT - Please Read
Strange..........I went there and nothing happened to me. I have Norton
and AVG running.
Vicki
Jan Cortez wrote:
> FYI - Sticking my nose in here, but want you to know. I don't know if Vivian is online or not to let you know.
>
> Contrary to what came thru from National last night, the National USGW page is still infected as well as those sites on IX Web Hosting. Anything that is hosted on theusgenweb.org. When I go to those websites - my computer is shutting those pages right down.
>
> Contrary to the rumors going around, it is my understanding and also that of RW that any pages there are *not* infected.
>
> If you come to a USGW site and a download for a flash player comes up, that is the current virus infecting the pages. Right now I do know that Montana GenWeb and some of their county sites are affected. I also have a website in NY and one in GA that are hosted there and they are infected. At this point we are locked out of the sites and can't even do a redirect to another server. <sigh> I've already moved mine in NY and the one in GA will be next.
>
> These pages BTW - hosted on theusgenweb.org are the free pages that Joy Fisher offered when we all started moving off from RW.
>
> When I say National pages, I mean the main National Website. This *does not* include the Archives or Special Projects which are hosted on another server and to the best of my knowledge after talking with David Crosby, they are safe and secure at this point.
>
> Please stay safe. Update your virus software, run scans and also run a couple spyware scans. I use Ad-Aware and Malwarebytes. We don't want any ruined computers out there.
>
> Jan
>
>
>
> Jan Cortez
> State Coordinator - MIGenWeb
> http://www.migenweb.net
> Co-National Coordinator - Tombstone Project
> http://www.usgwtombstones.org/index.html
>
> -------------------------------
> To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.686 / Virus Database: 270.14.23/2448 - Release Date: 10/20/09 05:43:00
>
>
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message
----- Original Message -----
From: "Sherri" <ldrbelties(a)earthlink.net>
To: <board(a)rootsweb.com>; <state-coord(a)rootsweb.com>;
<usgenweb-all(a)rootsweb.com>
Sent: Monday, October 19, 2009 7:46 PM
Subject: [STATE-COORD] USGenWeb Sites Clean
> *********************** Please Share with Project Mail Lists
> ***********************************
>
> The USGenWeb National site and sites hosted on theusgenweb.org have been
> checked and double checked and they are clean of the malware that was
> discovered a few days ago. The only file types that we found affected
> were
> ones that were .html, .htm or .shtml. The 'techies' at the hosting
> service
> ran a script to remove the code on all files that were affected. In
> checking through files, we've found no affected files still remaining.
>
> The reports through some mail lists of files from the Archives and/or
> Tombstone Project have not been able to be confirmed. The Archives and TP
> Projects are not hosted on the same servers or at the same hosting service
> as the National site and/or theusgenweb.org. It is unlikely that a text
> file would be affected by the problems that were discovered on the
> National
> site since most files in the Archives are text files, not .html, .htm
> and/or
> .shtml files. The servers that the Archives and TP Project are on have
> been
> checked and no problems found. At this point, unless a specific URL is
> provided, we can't reproduce the reported problem.
>
> A few have asked what the hosting service is going to do about the recent
> infections, and their lack of security on the servers. The first
> infection
> was NOT caused by a lack of security on the servers. The hacker gained
> access to the National site by hacking into a computer that was connected
> to
> an unsecured network, creating a back door for him/herself and then using
> that backdoor to get in and do his/her dirty work. Once the backdoor was
> opened, they had access to all site folders, which allowed them to infect
> multiple sites. There was an auto-replicating file loaded, among other
> things, so as fast as we were removing infected files, more infected files
> were appearing. Files of many different type were affected.
>
> That was not the case this time. The files that were hacked were only
> those
> that had .html, .htm or .shtml extensions. No elaborate file manipulation
> was involved. If you looked at the upload dates, the affected files all
> had
> the same date on them - the day that the issue was first recognized and
> reported. It was easy to tell what files were affected if you checked
> them
> carefully. The infections were the same type that were being reported all
> across the web, including Rootsweb/Ancestry. Malware was causing a fake
> notice of an update to Adobe that should be made - and not through the
> Adobe
> site. If you actually downloaded the file, it 'stole' your cookies,
> enabling them to have access to your info/passwords stored on your
> computer.
> Most anti-virus programs that I've heard were actually not allowing the
> page
> to open because they detected the Trojan. I know my Norton's refused to
> allow the page to open, and I know someone reported the same of AVG.
>
> IX Webhosting's servers can't all be painted with the same bad name. Some
> accounts hosted at IX were not affected - I know that a couple of my
> personal accounts had no problem at all. Likewise, not all of the reports
> were from IX's servers alone. As I mentioned, there were issues with
> Rootsweb and Ancestry's files also not behaving as expected. Several
> other
> hosting services also had problems with the same malware issues.
>
> If you should continue to have any problems accessing pages on the
> National
> site or those that are hosted on theusgenweb.org domain, please let us
> know.
> Please provide the specific URL of the file that you received the warnings
> about from your anti-virus/anti-spyware software or that you experience
> warning you of a needed update to Adobe.
>
> For those that host their sites on theusgenweb.org, new passwords are
> being
> set and you should receive yours in the next couple of days.
>
>
> Sherri Bradley
> National Coordinator
> USGenWeb Project
> Information about the USGenWeb Project at http://usgenweb.org
> Advisory Board Agenda http://usgenweb.org/agenda2.php
>
>
>
>
>
> -------------------------------
> To unsubscribe from the list, please send an email to
> STATE-COORD-request(a)rootsweb.com with the word 'unsubscribe' without the
> quotes in the subject and the body of the message
--------------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.422 / Virus Database: 270.14.21/2445 - Release Date: 10/19/09
06:40:00
I contacted the Help Desk at RootsWeb to make sure it was okay to upload
files as I haven't seen any problems on my sites housed there and this is
the response I received:
Linda,
We have not been hacked. It is fine to upload your pages either through an
FTP client or our online File Manager.
If you have any further questions, please let us know.
Daniel
RootsWeb Support
FYI.
Linda B.
I agree with Sylvia about some of them who do this for financial gain. I've tangled with
"Look To Me" twice, and the guy who produces the spyware bundles it with the anti-spyware
software he *sells*. As far as I know, the Attorney General in Minnesota has never shut
him down, but I keep hoping. The last time I got it was from a free graphics web site,
and it was a pink breast cancer awareness ribbon. Very sly!
I think many of the others are just young computer nerds around the world who want to see
how much trouble they can cause without getting caught. The more havoc they wreak, the
more attention it gets. The next time, they'll take more risks and go for something
bigger. Its the high-tech version of bashing mailboxes. :-)
----- Original Message -----
From: "Jan Cortez" <janacortez(a)charter.net>
To: <gagen(a)rootsweb.com>
Sent: Sunday, October 18, 2009 10:13 PM
Subject: Re: [GAGEN] Hosting anywhere
> Well, I guess I can understand why the BAD guys might want to get into the
> Pentagon or the White House, but, why bother with my little old genie
> website, other than to destroy other peoples computers. <sigh> I totally
> cannot understand that mentality. Yep - I have people that I totally
> dislike, but, I wouldn't do something like that to my worst enemy. <sigh>
>
> Jan
>
> ----- Original Message -----
> From: "Sylvia C. Rankin" <scrankin(a)pickenscountyga.com>
>
>
>> ...is somewhat problematic these days.
>> We find that The Bad Guys are just sitting out there planning ways to hack
>> anything/everything. It's constant work to stay ahead of them. Remember
>> that the Pentagon sites and WhiteHouse.gov were also recently hacked.
>
>
> -------------------------------
> To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com with
> the word 'unsubscribe' without the quotes in the subject and the body of the message
>
Jan --
Hackers are interested in large, heavily trafficked sites. The code that is
(most times) embedded is meant to either drive folks to one of their
buy-viagra sites or otherwise boost the rankings of their own sites with
search engines. Our GenWeb sites get a LOT of traffic.
Sylvia
Laverne,
Unless you can be absolutely precise we can't help you.
The USGenWeb Archives Project and The USGenWeb Tombstone Project are clean
from what we have checked so far.
For all we know this could be on a dozen different servers. You have given us no web
address, no file names for all we know it could be some cross site scripting.
Debra Crosby
-----Original Message-----
From: gagen-bounces(a)rootsweb.com [mailto:gagen-bounces@rootsweb.com] On Behalf Of
Debra Crosby
Sent: Sunday, October 18, 2009 9:03 PM
To: gagen(a)rootsweb.com
Subject: Re: [GAGEN] USGW and Projects
Could you please tell us the web address you were on and the file name/cemetery name
-----Original Message-----
From: gagen-bounces(a)rootsweb.com [mailto:gagen-bounces@rootsweb.com] On Behalf Of
Laverne Tornow
Sent: Sunday, October 18, 2009 8:50 PM
To: gagen(a)rootsweb.com
Subject: Re: [GAGEN] USGW and Projects
Georgia and I accessed it through the Archives. Peach Co
Laverne
----- Original Message -----
From: Debra Crosby
To: gagen(a)rootsweb.com
Sent: Sunday, October 18, 2009 2:29 PM
Subject: Re: [GAGEN] USGW and Projects
LaVerne,
As the USGW Tombstone Project is on an entirely different server can you give us
a bit more detail about which page, site etc, gave you this problem??
Debra Crosby
-----Original Message-----
From: gagen-bounces(a)rootsweb.com [mailto:gagen-bounces@rootsweb.com] On Behalf Of
SouthernGenes
Sent: Sunday, October 18, 2009 6:21 PM
To: gagen(a)rootsweb.com
Cc: Denise Wells
Subject: [GAGEN] USGW and Projects
It isn't all clear yet.... DO NOT OPEN ANY file on USGW or projects with a .txt
extension. I visited the tombstone project yesterday to get updated links for
cemeteries for my county in GA and my county in NJ. Thank god I use Firefox with
the
NO SCRIPT add-on and WOT (web of trust) add-on. It prevented a trojan from being
downloaded to my computer from a cemetery file and told me the site was unsafe to
lee
it immediately. I had been making it a point NOT to visit any USGW site. in recent
weeks and I am now going to continue that policy, so I am appologizing in advance
for
ANY broken or dead links to any USGW component on my sites. When they can
guarantee
they are SAFE, then I will fix them! I surely do not want to link up any cemetery
or
other files that visitors to my counties might click on and subsequently have their
computer infected nor do i want to have to restore my computer yet again because I
visited a USGW site.
I am beginning to think the restore file on the server USGW is on is infected.
Laverne Tornow
Peach County
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com
with
the word 'unsubscribe' without the quotes in the subject and the body of the
message
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com
with the word 'unsubscribe' without the quotes in the subject and the body of the
message
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com with
the word 'unsubscribe' without the quotes in the subject and the body of the message
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com with
the word 'unsubscribe' without the quotes in the subject and the body of the message
I've been running AdAware on my computer for quite some time and just
recently added Malware bytes, so I can run both of them. I don't use Norton
any more, since I went in a couple of years ago and paid for my yearly
update and when I went to download the update it took out Windows on my
computer and I had to pay ninety bucks to have it fixed. <sigh> I use AVG
now and actually like it better.
Lavasoft is Ad-Aware. I do believe that if Adobe or Java are updated and we
have the product on our computers that they automatically send an update
thru our computers to download. In other words they don't come from other
websites or email. They kind of operate like Windows updates, however,
Windows just comes sneaking in during the night, updates and restarts our
computer, which really annoys me. I always have stuff up at I am working
on, which I do save, but, it is just an annoyance to have to get all the
files out again. I hear you though on downloading anything anymore. It
really is scary, especially for computer challenged people like myself. LOL
Jan
----- Original Message -----
From: "Pat Sabin" <psabin(a)bellsouth.net>
>I just don't know how we can tell if we receive a genuine alert to update
>our software
> (Adobe, Java, or other), or if it's malicious. I had dropped my Ad-Aware
> when I upgraded
> my Norton to include spyware. With all of this discussion, I decided to
> try Ad-Aware
> again to see if it catches something that Norton missed. When I click on
> the free
> download button, it takes me to another site. I imagine that it's
> perfectly safe, since
> it's linked from Lavasoft, but how can we be sure? I think we've
> established that
> they're not just sneakier than we are, .they're smarter!
>
> ----- Original Message -----
> From: "Jan Cortez" <janacortez(a)charter.net>
>> I am also assuming that this code in itself was not malicious to my
>> computer. The code itself was not malicious until you went to the web
>> page
>> and downloaded the Adobe Flash Player and then you were struck with the
>> Trojan virus..... I spent four hours yesterday running a full virus
>> scan,
>> AdAware and malwarebytes. Everything seems fine on my end.
>
>
>
> -------------------------------
> To unsubscribe from the list, please send an email to
> GAGEN-request(a)rootsweb.com with the word 'unsubscribe' without the quotes
> in the subject and the body of the message
--------------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.5.421 / Virus Database: 270.14.20/2440 - Release Date: 10/16/09
06:32:00
Could you please tell us the web address you were on and the file name/cemetery name
-----Original Message-----
From: gagen-bounces(a)rootsweb.com [mailto:gagen-bounces@rootsweb.com] On Behalf Of
Laverne Tornow
Sent: Sunday, October 18, 2009 8:50 PM
To: gagen(a)rootsweb.com
Subject: Re: [GAGEN] USGW and Projects
Georgia and I accessed it through the Archives. Peach Co
Laverne
----- Original Message -----
From: Debra Crosby
To: gagen(a)rootsweb.com
Sent: Sunday, October 18, 2009 2:29 PM
Subject: Re: [GAGEN] USGW and Projects
LaVerne,
As the USGW Tombstone Project is on an entirely different server can you give us
a bit more detail about which page, site etc, gave you this problem??
Debra Crosby
-----Original Message-----
From: gagen-bounces(a)rootsweb.com [mailto:gagen-bounces@rootsweb.com] On Behalf Of
SouthernGenes
Sent: Sunday, October 18, 2009 6:21 PM
To: gagen(a)rootsweb.com
Cc: Denise Wells
Subject: [GAGEN] USGW and Projects
It isn't all clear yet.... DO NOT OPEN ANY file on USGW or projects with a .txt
extension. I visited the tombstone project yesterday to get updated links for
cemeteries for my county in GA and my county in NJ. Thank god I use Firefox with
the
NO SCRIPT add-on and WOT (web of trust) add-on. It prevented a trojan from being
downloaded to my computer from a cemetery file and told me the site was unsafe to
lee
it immediately. I had been making it a point NOT to visit any USGW site. in recent
weeks and I am now going to continue that policy, so I am appologizing in advance
for
ANY broken or dead links to any USGW component on my sites. When they can
guarantee
they are SAFE, then I will fix them! I surely do not want to link up any cemetery
or
other files that visitors to my counties might click on and subsequently have their
computer infected nor do i want to have to restore my computer yet again because I
visited a USGW site.
I am beginning to think the restore file on the server USGW is on is infected.
Laverne Tornow
Peach County
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com
with
the word 'unsubscribe' without the quotes in the subject and the body of the
message
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com
with the word 'unsubscribe' without the quotes in the subject and the body of the
message
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com with
the word 'unsubscribe' without the quotes in the subject and the body of the message
I went to the usgw main page, clicked on projects, then tombsone project then state projects, then either new jersey or georgia, not sure which I went to first. Cape May NJ and Peach GA. Having been caught by a similar situation a few years back and since it is only a few weeks away from my yearly December reformat and reload, even though my virus scan and malware scan for my computer came up negative I took the precaution of going ahead and doing yearly my reformat and reload last evening and today. The time frame was between 4 pm edt yesterday and 6 pm edt yesterday.I think Cape May was Union and Peach was Byron. I have only the bare minimum reloaded right now, will take me most of tonight and tomorrow to finish if I am not interupted for pesky things like eating and taking meds, cooking and cleaning!.
I hope this all gets cleaned up soon and I hope no visitor gets infected. I would rather see the whole hing shut down for a few days with a notice it willbe back offline for a week for upgrades than to have to explain why a visit to a usgenweb site infects people's computers. My assumption that the TPP was on the same server as the archies and usgenweb is based on an e-mail communication from Ms Hudson a couple of weeks ago about dead links on my Cape May site and my reply o her was when USGW can assure me that no one visiting its sites would get a virus I would go get the links and replace the old ones with the new ones. Since I received NO REPLY to the contrary tha the TPP was NOT on the same server I made the assumption that they were on the same server.
My suggestion to everyone who has a hosting package to find out if antiviral upload and download protection is available from the hosting company and then subscribe to it, if they don't provide it ask why not! I have this service on my hosting packages just to prevent this very issue. All files get scanned in either direction. Personally I think it is 24.00 per account per year well spent.
Laverne Tornow
----- Original Message -----
From: Debra Crosby
To: gagen(a)rootsweb.com
Sent: Sunday, October 18, 2009 4:01 PM
Subject: Re: [GAGEN] USGW and Projects
Can you be a bit more specific.
Tombstone Project and Archives are different sites. you said earlier you got it from
the
Tombstone Site.
Will you give us the cemetery name so we can check on this from both projects?
-----Original Message-----
From: gagen-bounces(a)rootsweb.com [mailto:gagen-bounces@rootsweb.com] On Behalf Of
Laverne Tornow
Sent: Sunday, October 18, 2009 8:50 PM
To: gagen(a)rootsweb.com
Subject: Re: [GAGEN] USGW and Projects
Georgia and I accessed it through the Archives. Peach Co
Laverne
----- Original Message -----
From: Debra Crosby
To: gagen(a)rootsweb.com
Sent: Sunday, October 18, 2009 2:29 PM
Subject: Re: [GAGEN] USGW and Projects
LaVerne,
As the USGW Tombstone Project is on an entirely different server can you give us
a bit more detail about which page, site etc, gave you this problem??
Debra Crosby
-----Original Message-----
From: gagen-bounces(a)rootsweb.com [mailto:gagen-bounces@rootsweb.com] On Behalf Of
SouthernGenes
Sent: Sunday, October 18, 2009 6:21 PM
To: gagen(a)rootsweb.com
Cc: Denise Wells
Subject: [GAGEN] USGW and Projects
It isn't all clear yet.... DO NOT OPEN ANY file on USGW or projects with a .txt
extension. I visited the tombstone project yesterday to get updated links for
cemeteries for my county in GA and my county in NJ. Thank god I use Firefox with
the
NO SCRIPT add-on and WOT (web of trust) add-on. It prevented a trojan from being
downloaded to my computer from a cemetery file and told me the site was unsafe to
lee
it immediately. I had been making it a point NOT to visit any USGW site. in recent
weeks and I am now going to continue that policy, so I am appologizing in advance
for
ANY broken or dead links to any USGW component on my sites. When they can
guarantee
they are SAFE, then I will fix them! I surely do not want to link up any cemetery
or
other files that visitors to my counties might click on and subsequently have their
computer infected nor do i want to have to restore my computer yet again because I
visited a USGW site.
I am beginning to think the restore file on the server USGW is on is infected.
Laverne Tornow
Peach County
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com
with
the word 'unsubscribe' without the quotes in the subject and the body of the
message
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com
with the word 'unsubscribe' without the quotes in the subject and the body of the
message
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com with
the word 'unsubscribe' without the quotes in the subject and the body of the message
-------------------------------
To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message
Thanks, Laverne.
Everyone, please take all precautions.
I know I requested yesterday that everyone update their Archives
links. We might want to hold off until we hear from national that the
sites are no longer infected.
Vivian
At 01:20 PM 10/18/2009, you wrote:
>It isn't all clear yet.... DO NOT OPEN ANY file on USGW or projects
>with a .txt extension. I visited the tombstone project yesterday to
>get updated links for cemeteries for my county in GA and my county
>in NJ. Thank god I use Firefox with the NO SCRIPT add-on and WOT
>(web of trust) add-on. It prevented a trojan from being downloaded
>to my computer from a cemetery file and told me the site was unsafe
>to lee it immediately. I had been making it a point NOT to visit any
>USGW site. in recent weeks and I am now going to continue that
>policy, so I am appologizing in advance for ANY broken or dead links
>to any USGW component on my sites. When they can guarantee they are
>SAFE, then I will fix them! I surely do not want to link up any
>cemetery or other files that visitors to my counties might click on
>and subsequently have their computer infected nor do i want to have
>to restore my computer yet again because I visited a USGW site.
>
>I am beginning to think the restore file on the server USGW is on is
>infected.
>
>Laverne Tornow
>Peach County
>
>-------------------------------
>To unsubscribe from the list, please send an email to
>GAGEN-request(a)rootsweb.com with the word 'unsubscribe' without the
>quotes in the subject and the body of the message
It isn't all clear yet.... DO NOT OPEN ANY file on USGW or projects with a .txt extension. I visited the tombstone project yesterday to get updated links for cemeteries for my county in GA and my county in NJ. Thank god I use Firefox with the NO SCRIPT add-on and WOT (web of trust) add-on. It prevented a trojan from being downloaded to my computer from a cemetery file and told me the site was unsafe to lee it immediately. I had been making it a point NOT to visit any USGW site. in recent weeks and I am now going to continue that policy, so I am appologizing in advance for ANY broken or dead links to any USGW component on my sites. When they can guarantee they are SAFE, then I will fix them! I surely do not want to link up any cemetery or other files that visitors to my counties might click on and subsequently have their computer infected nor do i want to have to restore my computer yet again because I visited a USGW site.
I am beginning to think the restore file on the server USGW is on is infected.
Laverne Tornow
Peach County
Is it alright to go in now and update?
Clarissa
On Sat, Oct 17, 2009 at 2:40 PM, Dan Clark <crispcountyga(a)yahoo.com> wrote:
> Vivian,
>
> Lanier ( http://www.rootsweb.ancestry.com/~galanier/<http://www.rootsweb.ancestry.com/%7Egalanier/>) is listed as adoptable and the archives link there has not been updated.
> Do you have the password and if so do you want me to go in and update the
> links?
>
> I could also email the coordinators of the neighboring counties and ask for
> a volunteer to update the links.
>
> Dan
>
>
> Dan Clark
> County Coordinator, GAGenWeb, NCGenWeb
> Regional Assistant, South Central Georgia
> Crisp, Dooly, and Wilcox Counties, Georgia
> Edgecombe County, North Carolina
> http://theusgenweb.org/ga/crisp
> http://theusgenweb.org/ga/dooly
> http://theusgenweb.org/ga/wilcox
> http://theusgenweb.org/nc/edgecombe
>
>
> --- On Sat, 10/17/09, Michael and Vivian Saffold <msaffold(a)bellsouth.net>
> wrote:
>
> > From: Michael and Vivian Saffold <msaffold(a)bellsouth.net>
> > Subject: [GAGEN] IMPORTANT
> > To: GAGEN(a)rootsweb.com
> > Date: Saturday, October 17, 2009, 6:02 AM
> > Hello, everyone,
> >
> > Ed and I both have posted requests before, but we really
> > need to
> > address this issue immediately. I am getting complaints
> > daily from
> > researchers about GAGenWeb sites with broken links.
> >
> > THE USGENWEB ARCHIVES IS NO LONGER ON THE ROOTSWEB SERVER.
> >
> > ALL ARCHIVES URLS HAVE CHANGED.
> >
> > The USGenWeb Archives for Georgia is now here:
> >
> > http://usgwarchives.net/ga/gafiles.htm
> >
> > **PLEASE UPDATE YOUR LINKS NOW.**
> >
> > If you have questions or concerns, please let me know.
> >
> > Thanks,
> >
> > Vivian
> >
> >
> >
> > -------------------------------
> > To unsubscribe from the list, please send an email to
> GAGEN-request(a)rootsweb.com
> > with the word 'unsubscribe' without the quotes in the
> > subject and the body of the message
> >
>
>
>
>
> -------------------------------
> To unsubscribe from the list, please send an email to
> GAGEN-request(a)rootsweb.com with the word 'unsubscribe' without the quotes
> in the subject and the body of the message
>
--
"Being president is like being a jackass in a hailstorm. There's nothing to
do but to stand there and take it".
~Lyndon B. Johnson
Hello, everyone,
Ed and I both have posted requests before, but we really need to
address this issue immediately. I am getting complaints daily from
researchers about GAGenWeb sites with broken links.
THE USGENWEB ARCHIVES IS NO LONGER ON THE ROOTSWEB SERVER.
ALL ARCHIVES URLS HAVE CHANGED.
The USGenWeb Archives for Georgia is now here:
http://usgwarchives.net/ga/gafiles.htm
**PLEASE UPDATE YOUR LINKS NOW.**
If you have questions or concerns, please let me know.
Thanks,
Vivian
Here is some good information from the State Coordinators' list...
forwarded with permission.
Vivian
>What I have been finding - use your browser, go to your main web page
>and View Source. Scroll to the bottom of the code. If you see:
><script function - followed by some gibberish letters
>the page has been hacked.
>However, please note - we have found some subpages that have been
>hacked also, so please continue to monitor your webpages.
>
>My recommendation is for everyone to stop all FTP'ing and change your
>email passwords to brand new secure passwords. Do NOT use your
>mother's maiden name, your birth date, your social security number,
>your children's names or your dog's. Include letters - both upper
>and lower case - and numbers. If you need help designing a password
>that is still memorable while still being more secure, contact me privately.
>
>And if anyone got the message to "Update Adobe" and clicked on it,
>please immediately scan your computer and once you are sure it is
>clean, change your passwords.
>
>Lastly, take this time to take a break. Visit a cemetery, transcribe
>some records, or even just turn around and visit with your
>family. They may be surprised to know what your face looks
>like!! (Yes, my kids took a picture of the back of my head one time
>and labelled it "Mom." Aren't they funny???)
>
>Betsy
>
>
>
> >From: Joan Asche
> >Date: 10/16/2009 6:10:29 AM
> >To: state-coord(a)rootsweb.com
> >Subject: Re: [STATE-COORD] Hacker Attack (Again)
> >
> >How can we tell if our sites are infected. Will it set off antivirus
> >programs?
> >
> >J. Asche
> >
>
>-------------------------------
>To unsubscribe from the list, please send an email to
>STATE-COORD-request(a)rootsweb.com with the word 'unsubscribe' without
>the quotes in the subject and the body of the message
Looks like IX Web Hosting has managed to clean up the websites. I just
checked Banks Co. online and it doesn't appear that the code is there any
longer and I'm not getting a drop down for Adobe Flash Player. Now we wait
to get new pw access to the sites again. <sigh>
I know that this can happen to any server, but, am not so sure that I trust
this one any more as this is the second time in the last month. I want to
move my two sites that I have on there, but, at this point, I'm not so sure
I want to move them to my own domain server, just in case they aren't clean.
Was thinking of moving them back to RW, temporarily, and then on to my own
domain. So was RW hit with this same malicious code? Does anyone know for
sure?
I am also assuming that this code in itself was not malicious to my
computer. The code itself was not malicious until you went to the web page
and downloaded the Adobe Flash Player and then you were struck with the
Trojan virus..... I spent four hours yesterday running a full virus scan,
AdAware and malwarebytes. Everything seems fine on my end.
Jan
----- Original Message -----
From: "Dan Clark" <crispcountyga(a)yahoo.com>
> Every html page at my four sites had a script added just before the
> closing body tag. I erased each page and reloaded them from backup.
>
> Everything is OK so far.
>
>Additional Information:
>
>This hacker attack is not confined to USGenWeb sites, nor to IXWebhosting,
>where the National site and theusgenweb.org domains are hosted. Nor does it
>affect all sites hosted at IXWebhosting. It's on at least two other hosting
>services that I found, just taking a quick peek.
>
>
>Sherri Bradley
>National Coordinator
>USGenWeb Project
>Information about the USGenWeb Project at http://usgenweb.org
>Advisory Board Agenda http://usgenweb.org/agenda2.php
>
>
>-----Original Message-----
>From: board-bounces(a)rootsweb.com [mailto:board-bounces@rootsweb.com] On
>Behalf Of Sherri
>Sent: Thursday, October 15, 2009 7:30 PM
>To: board(a)rootsweb.com; usgenweb-all(a)rootsweb.com;
>usgenweb-discuss(a)rootsweb.com; state-coord(a)rootsweb.com
>Subject: [BOARD] Hacker Attack (Again)
>Importance: High
>
>********************* Please forward to all Project Lists
>**********************************
>
>The National USGenWeb Project site and all sites hosted on theusgenweb.org
>domain, as well as a few other Project sites have been hit again by a
>hacker that has included some malware code at the end of the majority of the
>pages on each site. We are working with the hosting service right now to
>get the sites cleaned and the code removed. Please ask ALL Project
>Coordinators that have their sites hosted on theusgenweb.org or anyone that
>specifically gets notices that they're sites are infected to not connect by
>ftp to the sites until at least the 16th as we work to try to ensure that we
>have the sites cleaned once again.
>
>For folks that have only visited the USGenWeb National site or any of the
>other affected sites using their browser, the risk is very minor that your
>computer has been infected. If you've connected by ftp and downloaded files
>from any of the infected sites, I'd suggest running a full virus scan on
>your computer and I'd also recommend running at least a couple of spyware
>scans to add an additional level of confidence that your system is clean.
>
>All sites that are hosted on theusgenweb.org server will have the passwords
>changed before you can log in again. I'll be starting on this immediately
>so that the downtime will be minimized as much as possible.
>
>If anyone has any specific questions or problems, please let me know.
>
>Sherri Bradley
>National Coordinator
>USGenWeb Project
>Information about the USGenWeb Project at http://usgenweb.org
>Advisory Board Agenda http://usgenweb.org/agenda2.php
>
>
>
>
>USGenWeb Advisory Board Agenda: http://usgenweb.org/agenda2.shtml
>-------------------------------
>To unsubscribe from the list, please send an email to
>BOARD-request(a)rootsweb.com with the word 'unsubscribe' without the quotes in
>the subject and the body of the message
>
>
>
>-------------------------------
>To unsubscribe from the list, please send an email to
>STATE-COORD-request(a)rootsweb.com with the word 'unsubscribe' without
>the quotes in the subject and the body of the message
>
>
>********************* Please forward to all Project Lists
>**********************************
>
>The National USGenWeb Project site and all sites hosted on theusgenweb.org
>domain, as well as a few other Project sites have been hit again by a
>hacker that has included some malware code at the end of the majority of the
>pages on each site. We are working with the hosting service right now to
>get the sites cleaned and the code removed. Please ask ALL Project
>Coordinators that have their sites hosted on theusgenweb.org or anyone that
>specifically gets notices that they're sites are infected to not connect by
>ftp to the sites until at least the 16th as we work to try to ensure that we
>have the sites cleaned once again.
>
>For folks that have only visited the USGenWeb National site or any of the
>other affected sites using their browser, the risk is very minor that your
>computer has been infected. If you've connected by ftp and downloaded files
>from any of the infected sites, I'd suggest running a full virus scan on
>your computer and I'd also recommend running at least a couple of spyware
>scans to add an additional level of confidence that your system is clean.
>
>All sites that are hosted on theusgenweb.org server will have the passwords
>changed before you can log in again. I'll be starting on this immediately
>so that the downtime will be minimized as much as possible.
>
>If anyone has any specific questions or problems, please let me know.
>
>Sherri Bradley
>National Coordinator
>USGenWeb Project
>Information about the USGenWeb Project at http://usgenweb.org
>Advisory Board Agenda http://usgenweb.org/agenda2.php
>
>
>
>
>
>-------------------------------
>To unsubscribe from the list, please send an email to
>STATE-COORD-request(a)rootsweb.com with the word 'unsubscribe' without
>the quotes in the subject and the body of the message
Every html page at my four sites had a script added just before the closing body tag. I erased each page and reloaded them from backup.
Everything is OK so far.
Dan
Crisp, Dooly, and Wilcox
----- Original Message -----
From: Michael and Vivian Saffold <msaffold(a)bellsouth.net>
To: gagen(a)rootsweb.com
Date: Thu, 15 Oct 2009 14:59:04 -0400
Subject: Re: [GAGEN] theusgenweb.org
> Just tried to pull up Banks. Norton was not happy. Says it blocked a
> threat. Also, a window popped up, asking me to download a Flash player.
>
> Looks like the Malware bad guys might be back.
>
> Vivian
>
> At 02:54 PM 10/15/2009, you wrote:
> >Has anyone else who has websites on theusgenweb.org website found
> >that all their sites were updated today with some sort of code added
> >to the bottom of the pages? Not sure if this is another attack of
> >the Malware from back a month or so or not.
> >
> >My Banks Co. website is affected and also the one I have in Broome Co., NY.
> >
> >Jan
> >Banks Co.
> >
> >
> > Jan Cortez
> >State Coordinator - MIGenWeb
> >http://www.migenweb.net
> >Co-National Coordinator - Tombstone Project
> >http://www.usgwtombstones.org/index.html
> >
> >-------------------------------
> >To unsubscribe from the list, please send an email to
> >GAGEN-request(a)rootsweb.com with the word 'unsubscribe' without the
> >quotes in the subject and the body of the message
>
>
> -------------------------------
> To unsubscribe from the list, please send an email to GAGEN-request(a)rootsweb.com with the word 'unsubscribe' without the quotes in the subject and the body of the message
>
...is somewhat problematic these days.
We find that The Bad Guys are just sitting out there planning ways to hack
anything/everything. It's constant work to stay ahead of them. Remember
that the Pentagon sites and WhiteHouse.gov were also recently hacked.
Sylvia