We hope you all had a great break over the Xmas and new years period – now that we are all back at work now, we forget the Xmas cheer and get straight back to business.
Here at Dijitul.com – our 2013 was kicked off with a couple of infected customer websites, and us being saved by our fantastic website warranty package.
One of our customer sites is built using cubecart, and we inherited it from another website design company. We’ve improved, streamlined and generally fixed the whole website, and its currently back with the client for populating. Since its been passed back, it seem an exploit has been found with some part of one of the websites hosted on their domain, and a load of files had an iFrame injected into the source code. This caused other websites (infected ones) to load when our client site was loaded, and then the problem generally got worse each time.
http://xxx.tomurcukozel.com/ecws.html
This URL (www changed to xxx so it doesn’t link) was what the iframe was loading (well, trying to) DO NOT VISIT THIS URL
Thanks to our early defence warning systems, we were informed of the changed files – kicked off a server scan that cleaned all the files when dodgy code was located and then notified blacklists ensuring that any blocks were removed and no customers were deterred. If we didn’t have our Website Warranty software running, we wouldn’t have know about the infection until google had blocked the site, and by that time you have lost customers and the virus has spread past the point of easy disinfection!
We are now plugging holes in the cleansed website files, and hope to have the issue fully resolved by close of play today.
Another customer has had a few problems since the start of 2013, but this time with a hack that modifies the .htaccess files and forces the users onto dodgy shopping sites and pornography, but only if viewing the website through certain browsers/devices. Its clever as it makes it so the webmaster doesn’t notice the issue, but anyone browsing on a mobile (for example) would be redirected.
We are still finishing off the disinfection ill post more about that once we’re done.
Leave a Reply