-------- Original Message --------
Subject: USGenWeb Sites Clean
Date: Mon, 19 Oct 2009 19:46:38 -0400
From: Sherri <_ldrbelties(a)earthlink.net_ (mailto:ldrbelties@earthlink.net) >
****************** Please Share with Project Mail
Lists***************************
The USGenWeb National site and sites hosted on _theusgenweb.org_
(
http://theusgenweb.org/) have
been checked and double checked and they are clean of the malware that
was discovered a few days ago. The only file types that we found
affected were ones that were .html, .htm or .shtml. The 'techies' at
the hosting service ran a script to remove the code on all files that
were affected. In checking through files, we've found no affected
files still remaining.
The reports through some mail lists of files from the Archives and/or
Tombstone Project have not been able to be confirmed. The Archives
and TP Projects are not hosted on the same servers or at the same
hosting service as the National site and/or _theusgenweb.org_
(
http://theusgenweb.org/) . It is
unlikely that a text file would be affected by the problems that were
discovered on the National site since most files in the Archives are
text files, not .html, .htm and/or .shtml files. The servers that the
Archives and TP Project are on have been checked and no problems
found. At this point, unless a specific URL is provided, we can't
reproduce the reported problem.
A few have asked what the hosting service is going to do about the
recent infections, and their lack of security on the servers. The
first infection was NOT caused by a lack of security on the servers.
The hacker gained access to the National site by hacking into a
computer that was connected to an unsecured network, creating a back
door for him/herself and then using that backdoor to get in and do
his/her dirty work. Once the backdoor was opened, they had access to
all site folders, which allowed them to infect multiple sites. There
was an auto-replicating file loaded, among other things, so as fast as
we were removing infected files, more infected files were appearing.
Files of many different type were affected.
That was not the case this time. The files that were hacked were only
those that had .html, .htm or .shtml extensions. No elaborate file
manipulation was involved. If you looked at the upload dates, the
affected files all had the same date on them - the day that the issue
was first recognized and reported. It was easy to tell what files
were affected if you checked them carefully. The infections were the
same type that were being reported all across the web, including
Rootsweb/Ancestry. Malware was causing a fake notice of an update to
Adobe that should be made - and not through the Adobe site. If you
actually downloaded the file, it 'stole' your cookies, enabling them
to have access to your info/passwords stored on your computer. Most
anti-virus programs that I've heard were actually not allowing the
page to open because they detected the Trojan. I know my Norton's
refused to allow the page to open, and I know someone reported the
same of AVG.
IX Webhosting's servers can't all be painted with the same bad name.
Some accounts hosted at IX were not affected - I know that a couple of
my personal accounts had no problem at all. Likewise, not all of the
reports were from IX's servers alone. As I mentioned, there were
issues with Rootsweb and Ancestry's files also not behaving as
expected. Several other hosting services also had problems with the
same malware issues.
If you should continue to have any problems accessing pages on the
National site or those that are hosted on _theusgenweb.org_
(
http://theusgenweb.org/) domain,
please let us know. Please provide the specific URL of the file that
you received the warnings about from your anti-virus/anti-spyware
software or that you experience warning you of a needed update to Adobe.
For those that host their sites on _theusgenweb.org_
(
http://theusgenweb.org/) , new passwords are
being set and you should receive yours in the next couple of days.
Sherri Bradley
National Coordinator
USGenWeb Project
Information about the USGenWeb Project at _http://usgenweb.org_
(
http://usgenweb.org/)
Advisory Board Agenda
_http://usgenweb.org/agenda2.htt_
(
http://usgenweb.org/agenda2.php)