?

Log in

No account? Create an account

Previous Entry | Next Entry

One World Multimedia

У всех такое же выдает?


http://blog.oneworld.am/2008/07/28/rferl-armenian-relations-with-turkey/

UPD from onewmphoto:

My Site
It appears as though someone or something (automated?) managed to get into the top level of my oneworld.am domain and add some javascript to some of the html files which accessed a russian malware site.

Netsys identified the problem in 5 or 6 files at the top level of oneworld.am and I've since cleared out the code, changed all passwords and notified Google so I hope the warning will be gone soon.

Interestingly, however, it was only on the oneworld.am and no malicious code was present on my blog.oneworld.am site. However, the entire domain was flagged as suspicious.

Anyway, for anyone accessing my blog http://blog.oneworld.am there was never any problem -- only http://www.oneworld.am. However, if you access the latter domain keep an eye on your status line to make sure no calls to marsohodiki.ru are made (obviously don't access this site yourself either).

Now, the question is how did the malicious javascript get in there?

Comments

( 18 comments — Leave a comment )
uzogh
Jul. 28th, 2008 11:34 am (UTC)
Да. Онник уже мне написал.
Он разбирается.
ahousekeeper
Jul. 28th, 2008 11:45 am (UTC)
Кстати, а где там вирус? Посмотрел страничку, вроде всё чисто.
uzogh
Jul. 28th, 2008 11:53 am (UTC)
Да нет там вируса.
Там на какое-то время по непонятной причине появился линк на сайт с вирусом.
ahousekeeper
Jul. 28th, 2008 11:44 am (UTC)
На самом деле firefox 3.0 берет эти данные с Гугл: http://www.google.com/search?hl=en&q=%22http%3A//blog.oneworld.am/2008/07/28/rferl-armenian-relations-with-turkey/%22

А Гугл, в свою очередь, действительно утверждает, что сайт заражен.
ku_ryaba
Jul. 28th, 2008 11:52 am (UTC)
у меня открывается
ku_ryaba
Jul. 28th, 2008 11:53 am (UTC)
зы. Хотя у нас на работе стоит какая-то героическая защита.
a_lilianna
Jul. 28th, 2008 12:08 pm (UTC)
у меня та же фигня.
ex_kamanin7
Jul. 28th, 2008 12:18 pm (UTC)
у меня работает
rubywedge
Jul. 28th, 2008 12:23 pm (UTC)
Работает
onewmphoto
Jul. 30th, 2008 08:27 am (UTC)
My Site
It appears as though someone or something (automated?) managed to get into the top level of my oneworld.am domain and add some javascript to some of the html files which accessed a russian malware site.

Netsys identified the problem in 5 or 6 files at the top level of oneworld.am and I've since cleared out the code, changed all passwords and notified Google so I hope the warning will be gone soon.

Interestingly, however, it was only on the oneworld.am and no malicious code was present on my blog.oneworld.am site. However, the entire domain was flagged as suspicious.

Anyway, for anyone accessing my blog http://blog.oneworld.am there was never any problem -- only http://www.oneworld.am. However, if you access the latter domain keep an eye on your status line to make sure no calls to marsohodiki.ru are made (obviously don't access this site yourself either).

Now, the question is how did the malicious javascript get in there?

517design
Jul. 30th, 2008 01:08 pm (UTC)
Re: My Site
Turks may be... who knows.
I'll put your posting into the header as Update to the topic :)
ermeni
Jul. 31st, 2008 02:57 pm (UTC)
То что работает, ещё не означает что там вируса нет. Сайт может спокойно открываться и заражать ваш компьютер через браузер.
onewmphoto
Aug. 1st, 2008 06:51 am (UTC)
Clarification
o Ermeni
As I said, there was NO infection on http://blog.oneworld.am. I know this FOR SURE because the malicious javascript was only in the html files on http://www.oneworld.am top level.

According to Google, calls to a russian malware site were being made from the javascript as was made clear by Google's own diagnosis and me taking a look at the browser status line.

http://www.google.com/safebrowsing/diagnostic?site=http://www.oneworld.am

The call to the Russian malware site were being made from a few files in the top level of http://www.oneworld.am and NEVER http://blog.oneworld.am.
ermeni
Aug. 1st, 2008 02:59 pm (UTC)
Re: Clarification
Thank you for clarifying this issue. I applied the appropriate updates to my blog.
onewmphoto
Jul. 31st, 2008 09:59 pm (UTC)
To Ermeni
As I said, there was NO infection on http://blog.oneworld.am. I know this FOR SURE because the malicious javascript was only in the html files on http://www.oneworld.am top level.

According to Google, calls to a russian malware site were being made from the javascript as was made clear by Google's own diagnosis and me taking a look at the browser status line.

http://www.google.com/safebrowsing/diagnostic?site=http://www.oneworld.am

The call to the Russian malware site were being made from a few files in the top level of http://www.oneworld.am and NEVER http://blog.oneworld.am.



517design
Aug. 1st, 2008 04:54 am (UTC)
Re: To Ermeni
You mixed the thread, ermeni may miss your reply.
onewmphoto
Aug. 2nd, 2008 12:56 pm (UTC)
Oneworld.am Cleaned Up
Thanks to Google for removing the warning on their search pages. They were quick to reassess my site after the problem became evident.

http://www.google.com/safebrowsing/diagnostic?site=http://www.oneworld.am

Apologies to all who might have been concerned by the warning. Again, I am still unsure as to how the malicious code was inserted and more importantly, who was responsible.
kael2121
Aug. 27th, 2008 07:18 pm (UTC)
Re: Oneworld.am Cleaned Up
Ermeni,

I'd like to hear more via email how you solved this problem and what other details you found out about marsohodiki.net

I have a website that is also accessing this domain on almost all pages being loaded. I have a hunch how it got there, but I cannot find the source file that is calling this domain. I can however find the pages where the bad javascript is being populated.

What is your email address or MSN IM so we may chat further?

Kael
( 18 comments — Leave a comment )

Profile

517design
Седрак Мкртчян

Latest Month

June 2016
S M T W T F S
   1234
567891011
12131415161718
19202122232425
2627282930  

Tags

Counters

Данный материал оригинально опубликован в блоге http://517design.livejournal.com. Перепубликация возможна при наличии активной ссылки на оригинальный источник.



Circle.Am: Rating and Statistics for Armenian Web Resources



Powered by LiveJournal.com
Designed by Lilia Ahner