From: Sherri
Date: 10/19/2009 7:47:14 PM
To: board(a)rootsweb.com; state-coord(a)rootsweb.com; usgenweb-all(a)rootsweb.com
Subject: [STATE-COORD] USGenWeb Sites Clean
*********************** Please Share with Project Mail Lists
***********************************
The USGenWeb National site and sites hosted on
theusgenweb.org have been
Checked and double checked and they are clean of the malware that was
Discovered a few days ago. The only file types that we found affected were
Ones that were .HTML, .htm or .shtml. The 'techies' at the hosting service
Ran a script to remove the code on all files that were affected. In
Checking through files, we've found no affected files still remaining.
The reports through some mail lists of files from the Archives and/or
Tombstone Project have not been able to be confirmed. The Archives and TP
Projects are not hosted on the same servers or at the same hosting service
As the National site and/or
theusgenweb.org. It is unlikely that a text
File would be affected by the problems that were discovered on the National
Site since most files in the Archives are text files, not .HTML, .htm and/or
..shtml files. The servers that the Archives and TP Project are on have been
Checked and no problems found. At this point, unless a specific URL is
Provided, we can't reproduce the reported problem.
A few have asked what the hosting service is going to do about the recent
Infections, and their lack of security on the servers. The first infection
Was NOT caused by a lack of security on the servers. The hacker gained
Access to the National site by hacking into a computer that was connected to
An unsecured network, creating a back door for him/herself and then using
That backdoor to get in and do his/her dirty work. Once the backdoor was
Opened, they had access to all site folders, which allowed them to infect
Multiple sites. There was an auto-replicating file loaded, among other
Things, so as fast as we were removing infected files, more infected files
Were appearing. Files of many different type were affected.
That was not the case this time. The files that were hacked were only those
That had .HTML, .htm or .shtml extensions. No elaborate file manipulation
Was involved. If you looked at the upload dates, the affected files all had
The same date on them - the day that the issue was first recognized and
Reported. It was easy to tell what files were affected if you checked them
Carefully. The infections were the same type that were being reported all
Across the web, including Rootsweb/Ancestry. Malware was causing a fake
Notice of an update to Adobe that should be made - and not through the Adobe
Site. If you actually downloaded the file, it 'stole' your cookies,
Enabling them to have access to your info/passwords stored on your computer.
Most anti-virus programs that I've heard were actually not allowing the page
To open because they detected the Trojan. I know my Norton's refused to
Allow the page to open, and I know someone reported the same of AVG.
IX Webhosting's servers can't all be painted with the same bad name. Some
Accounts hosted at IX were not affected - I know that a couple of my
Personal accounts had no problem at all. Likewise, not all of the reports
Were from IX's servers alone. As I mentioned, there were issues with
Rootsweb and Ancestry's files also not behaving as expected. Several other
Hosting services also had problems with the same malware issues.
If you should continue to have any problems accessing pages on the National
Site or those that are hosted on
theusgenweb.org domain, please let us know.
Please provide the specific URL of the file that you received the warnings
About from your anti-virus/anti-spyware software or that you experience
Warning you of a needed update to Adobe.
For those that host their sites on
theusgenweb.org, new passwords are being
Set and you should receive yours in the next couple of days.
Sherri Bradley
National Coordinator
USGenWeb Project
Information about the USGenWeb Project at
http://usgenweb.org
Advisory Board Agenda
http://usgenweb.org/agenda2.php
===
Chahta Ohoyo Holahta,
Honorary