Tweet
Guys,
I regret to have to inform everyone that on 4/11 at 5:30pm, MiFbody.com was hacked and a trojan/worm code was injected into many of the .htm, .html, and .php files on the website. The person that actually hacked the site not only infected MiFbody.com but infected the other site on my server, Meissenation.com, too -- literally infecting hundreds of files with a possibly malicious code string.
I'm slowly going through the very tedious process of manually removing the string from each individual file that was edited on April 11th. I'm not even close to being finished at this point, but I wanted to throw up a warning message sooner than later.
At this point, I do not know the seriousness of the trojan/worm. BitDefender 2008 with up-to-date definitions, Symantec Antivirus corporate edition with up-to-date definitions, and McAfee Antivirus corporate edition on Vista with up-to-date definitions never picked up any viruses in their scans, nor did it ever warn me when going to the page.
When my hard drive crashed after the M&G, I went back to using Windows XP and was using BitDefender 2008 for a period of time. It wasn't working as I wanted, so I decided to go back to the free route and went back to Avast! over the weekend. Today for the first time I actually allowed Meissenation.com to load (I normally go straight to MiFbody) which then popped up a warning message that the index.php file which loads first on Meissenation.com was infected.
For the most part, those that go to http://www.mifbody.com/vbulletin/ directly should not be as concerned. Those that went to http://www.mifbody.com/ which then redirects to the vbulletin website are those that might be infected.
Again, I do not know 100% the seriousness of the trojan/worm or whether it's even a trojan/worm at all. I've had a hard time even finding any information on the internet about the code that was added to all my files and it *seems* that Avast! is the only antivirus that's even picking it up.
Regardless, I felt it was my responsibility to alert everyone. I'm currently in the process of editing and expunging all the virus code from the .htm, .html, and .php files and will update when MiFbody.com has been "cleaned."
Sorry guys.
- Brian
I regret to have to inform everyone that on 4/11 at 5:30pm, MiFbody.com was hacked and a trojan/worm code was injected into many of the .htm, .html, and .php files on the website. The person that actually hacked the site not only infected MiFbody.com but infected the other site on my server, Meissenation.com, too -- literally infecting hundreds of files with a possibly malicious code string.
I'm slowly going through the very tedious process of manually removing the string from each individual file that was edited on April 11th. I'm not even close to being finished at this point, but I wanted to throw up a warning message sooner than later.
At this point, I do not know the seriousness of the trojan/worm. BitDefender 2008 with up-to-date definitions, Symantec Antivirus corporate edition with up-to-date definitions, and McAfee Antivirus corporate edition on Vista with up-to-date definitions never picked up any viruses in their scans, nor did it ever warn me when going to the page.
When my hard drive crashed after the M&G, I went back to using Windows XP and was using BitDefender 2008 for a period of time. It wasn't working as I wanted, so I decided to go back to the free route and went back to Avast! over the weekend. Today for the first time I actually allowed Meissenation.com to load (I normally go straight to MiFbody) which then popped up a warning message that the index.php file which loads first on Meissenation.com was infected.
For the most part, those that go to http://www.mifbody.com/vbulletin/ directly should not be as concerned. Those that went to http://www.mifbody.com/ which then redirects to the vbulletin website are those that might be infected.
Again, I do not know 100% the seriousness of the trojan/worm or whether it's even a trojan/worm at all. I've had a hard time even finding any information on the internet about the code that was added to all my files and it *seems* that Avast! is the only antivirus that's even picking it up.
Regardless, I felt it was my responsibility to alert everyone. I'm currently in the process of editing and expunging all the virus code from the .htm, .html, and .php files and will update when MiFbody.com has been "cleaned."
Sorry guys.
- Brian
357ci LT1, cammed, stalled, and driven. 
I set up an access control list so my home IP address is the -ONLY- IP address allowed to access the server via SSH (which is how the hacker got in) so that should stop it from happening again.
)
Comment