Jump to content
WnSoft Forums

Recommended Posts

Posted

I received an email yesterday to inform me that I was hosting a phishing site. :blink:

I thought it was a joke or an error. But they provided a link and I discovered that it was true.

I still don't know how "they" could upload those files in one of my directory... <_<

In this mail, they told me to take appropriate measures too, what I did immediately by deleting all the suspicious files (uploaded the day before).

I posted an answer to swear that I didn't uploaded those files and I was not aware of it. They didn't answer and I thought everything was now fine.

But I had the surprise tonight to see that I couldn't reach my website and couldn't access my ftp space. :o

I called to the support and they told me that my account is now blacklisted, my files all deleted and I am not authorized to upload files any more.

They told me to send a mail of explanations to dedicated people who are in charge in case of abuse by clients. :huh:

That's why I do not have any idea when or if it will be even possible to put my site back. :(

Guest Techman1
Posted

Dom,

That's terrible news. It seems there is more and more of this going on and affecting so many people who create sites that are very helpful. I'm sorry that this has happened to your site, as I know it has been of great value to so many here.

I hope they reconsider and put your site back online soon. :(

Regards,

Fred

Posted

Hi Dom,

Just a suggestion. It sounds like a security issue with the provider. I would demand my money back and use a different host. I might suggest you have a look at 1&1 which has very low prices, excellent service, excellent security, huge storage for the money and are very helpful. I get 350 gigabytes of storage 2,500 gigabytes of monthly transfer bandwidth and lots of other bells and whistles for under $100 per year. Here's a link:

(note - corrected bytes to gigabytes) 2,500 gigabytes per month not 250,000 gigabytes - LOL)

I notice that the storage for $7.99 per month is now 250 gigabytes and for $14.99 monthly you get 300 gigabytes storage and 3,000 gigabytes per month transfer. The number change every so often, but it's still the best deal going I think....

http://order.1and1.co.uk/xml/order/Home;js...e=1176507054031

And a review:

http://www.realmetrics.com/a/shared-hostin...d1-com/beginner

Best regards,

Lin

I received an email yesterday to inform me that I was hosting a phishing site. :blink:

I thought it was a joke or an error. But they provided a link and I discovered that it was true.

I still don't know how "they" could upload those files in one of my directory... <_<

In this mail, they told me to take appropriate measures too, what I did immediately by deleting all the suspicious files (uploaded the day before).

I posted an answer to swear that I didn't uploaded those files and I was not aware of it. They didn't answer and I thought everything was now fine.

But I had the surprise tonight to see that I couldn't reach my website and couldn't access my ftp space. :o

I called to the support and they told me that my account is now blacklisted, my files all deleted and I am not authorized to upload files any more.

They told me to send a mail of explanations to dedicated people who are in charge in case of abuse by clients. :huh:

That's why I do not have any idea when or if it will be even possible to put my site back. :(

Posted

Dominique that is beyond reason. I think Lin is correct in a possible route for you to take. Two questions: 1. Do you have everything on your computer also so you can "easily" upload to a new provider? 2. With your problem provider, what language do they use? I mean are they English, French, Indian? Any chance that communication is part of the problem?

Posted

Dominique,

I completely agree with Lumenlux and Lin Evans ~ it may be a Provider Problem ~ or the work of a Phisher.

These hackers actually "Alias" genuine Servers letting you believe that the Provider is responsible whilst at

the same time stealing your Web-Site.

Before you do anything "Check-Out" your PC before going to another Provider.

I would seriously suggest the following:-

Get on to www.paretologic.com LINK:- http://www.paretologic.com/xoftspy/se/newlp/xray/?uid=dd0wo

and run the 'Free-Scan' of XoftSpy for Keyloggers and Phishing Loggers ~ purchase it and clean-up if thats necessary ~ It may be that you have been 'Hi-Jacked' by a Phisher and this Program will sort that out.

If your PC is clean then its definitely a Provider security problem !

Let me know how you get on.

Brian.Conflow.

Posted

Dom

This is not good, thanks for explaining the situation, hope that you take Lin's advise and can be up and running again soon.

Posted

Dominique,

So sorry this has happened to you again, your site was a source of information and learning points for us all.

I hope you can soon get this matter cleared up and get your most excellent site hosted once again.

I hope you will post the outcome so the members can learn how they can protect their sites, and therefore avoid what unfortunuately has happened to you.

Best regards to you.

Tom.

Posted
Dominique,

I completely agree with Lumenlux and Lin Evans ~ it may be a Provider Problem ~ or the work of a Phisher.

These hackers actually "Alias" genuine Servers letting you believe that the Provider is responsible whilst at

the same time stealing your Web-Site.

Before you do anything "Check-Out" your PC before going to another Provider.

I would seriously suggest the following:-

Get on to www.paretologic.com LINK:- http://www.paretologic.com/xoftspy/se/newlp/xray/?uid=dd0wo

and run the 'Free-Scan' of XoftSpy for Keyloggers and Phishing Loggers ~ purchase it and clean-up if thats necessary ~ It may be that you have been 'Hi-Jacked' by a Phisher and this Program will sort that out.

If your PC is clean then its definitely a Provider security problem !

Let me know how you get on.

Brian.Conflow.

Brian,

I am always interested in any advice from you. The only anti-spyware I have surrently installed is Windows Defender which never seems to find anything although it seems to update itself regularly. I tried your suggestion above and Xoftspy found some minor low risk problems, mainly to do with cookies. Do you think it is worth paying for this software and ditching Defender ?

Regards

Jeff

PS to Dominique : This is terrible news and I do hope you are able to re-build your excellent web site with a better provider. Advice from Lin and Brian is always top class information.

Jeff

Posted

Hi Dom

So sorry to learn of your problems and look forward to the return of your excellent site in the not too distant future. Only joined a couple of days ago and noticed whilst checking out the facilities that you had a number of members from Russia/Latvia that were really no more than links to porn sites. Maybe that was were the problem stemmed from and some of them had managed to take control of parts of your site. Tried to email you to draw attention to them but unfortunately the site had gone down before I could do so.

It's difficult to know how to totally prevent this sort of thing but I would have expected your ISP to provide some help. As Lin mentioned earlier I would certainly check out 1&1. I maintain a couple of sites with them for my daughter and have found them very efficient.

Best Wishes for a speedy "recovery"

Ted

Posted
Brian,

I am always interested in any advice from you. The only anti-spyware I have surrently installed is Windows Defender which never seems to find anything although it seems to update itself regularly. I tried your suggestion above and Xoftspy found some minor low risk problems, mainly to do with cookies. Do you think it is worth paying for this software and ditching Defender ?

Regards

Jeff

PS to Dominique : This is terrible news and I do hope you are able to re-build your excellent web site with a better provider. Advice from Lin and Brian is always top class information.

Jeff

Hi Jeff,

Nice to hear from you again ~ everything is fine with you ~ thats good news.

Windows Defender If you are running XP, Windows Defender is an excellent Program and it literally does what it says on the "Tin" - It defend's the Windows Op.System particularily the Win.Kernel & Cabs and it does that silently.

Microsoft no longer supports Win 2000 Pro with the Defender Program, so we now use IOBit WinCare2 for 2000 Pro.

Recently we started to use a new program called 'Browser Retaliator' from Zamaans Software (Link Below)

This is designed to protect your Web Page,ie:- Your Search Page & Home Page and all active parts of IE.

It works by detecting any 'script-changes' within IE & Mozilla (Hacker activity) and promptly "Tags" and blocks that and then deletes damaged components and restores to you a brand new Home & Search Page from its own (insulated) Backup.

I recommend it ~ it has saved my PC's a number of times when all the other Anti-Virus/Hijack Systems failed.

XoftSpy by Paretologic.Com ~ I paid for this years ago and its updated twice weekly, and its my right hand man against these parasites both the 'silent types' and the advertised ones.

I now see that they have an "SE Version" which is always on guard. Works with 2000.Pro - XP(All) - Vista(All)

So to cut things short, one has a choice of:- Being 'Defensively Protected' and/or 'Pro-Active Defence' and it looks as if the latter is giving the best overall protection combined with a good Anti-Virus Program.

Regards,

Brian.Conflow

Link:- http://www.zamaansoft.com/index.php

Posted

Brian:

thanks for your guidance. I try my best to stay on top of spyware and needed system protection. Recently my system has had a variety of weird characteristics... slow, Wacom tablet driver didn't load, etc. I followed your link to XoftSpy and purchased a copy after running the free scan. It found many files of concern and quarantined them. AVG and Adaware have been run regularly on this system and I was blown away by the number of files XoftSpy found. They threw in a free copy of RegCure with the purchase. I use a product called Registry Booster and, again, thought I was being well taken care of. The RegCure program found over 900 links, files, and lines that needed attention in the registry. Good grief. After making a recovery point I had the RegCure "fix" the files it found. After rebooting I can honestly say that this system has not run as fast or as well for at least 1.5 years. So, that's my long way of saying "thanks". And my wife wonders why I troll these forums so much.

Best wishes,

Bruce

Posted

Hi Bruce,

Many thanks for your reply. It's a funny thing, when Windows is "new" its a great OP.System but as time goes

by it literally 'chokes-itself' with useless garbage, in particular the amount of Log-Files it accumulates

would fill the Pentagon, and as for useless File references and empty Registry Keys....need I say more !

I have come across PC's where the Microprocessor spends more time processing 'gagbage' than it does

operating a Program and as Windows operates within the User Memory (Ram) it means that everything

eventually comes to a grinding halt....then the real problems start.

This 'rubbish' also leaves the PC so wide open that even a School-Child could 'hack it' ~ So I am a firm believer

in doing a complete "Spring Clean" every few weeks ~ the results you have seen for yourself.

Best regards.

Brian.Conflow.

Posted

So sorry to hear your bad news Dom :(

Hope everything can be restored and it is all sorted for you very soon.

Many Thanks for all the hard work and hours you put into helping so many people.

Thanks also to Brian & others for their good advice.

With very best wishes

Maureen

Posted
I received an email yesterday to inform me that I was hosting a phishing site. :blink:

I thought it was a joke or an error. But they provided a link and I discovered that it was true.

I still don't know how "they" could upload those files in one of my directory... <_<

In this mail, they told me to take appropriate measures too, what I did immediately by deleting all the suspicious files (uploaded the day before).

I posted an answer to swear that I didn't uploaded those files and I was not aware of it. They didn't answer and I thought everything was now fine.

But I had the surprise tonight to see that I couldn't reach my website and couldn't access my ftp space. :o

I called to the support and they told me that my account is now blacklisted, my files all deleted and I am not authorized to upload files any more.

They told me to send a mail of explanations to dedicated people who are in charge in case of abuse by clients. :huh:

That's why I do not have any idea when or if it will be even possible to put my site back. :(

Hello th Dom,

I have tried to log many times But uncessfully, now i understand your problem. Sorry for you because job done is fantastic, and i has helped lots of people. I hope you will recover very quickly you website.

Best regards

Posted

Je n'ai rien compris à ce qui t'arrive, ne sachant pas ce que veut dire phishing, mais en tout cas c'est moche, j'espère simplement que tu as tout sauvegardé cette fois-ci pour réinstaller chez un autre hébergeur. Bon courage.

I haven't understand what happen but it's a bad thing. I hope you have this time a back up in order to build a new one on another provider.

Posted

Hi everybody,

Thank you very much for your support.

The good news is that my last backup was about one month old.

The bad news is that my account is definitely blacklisted and can't be used any more.

I think I'm gonna adopt Lin's suggestion and open a 1&1 account.

But I'm afraid I will have to rebuild my site entirely because there might be security issues in the script I used.

I'm still thinking about it.

I think i'm gonna start with pafileDB script (http://www.phparena.net/scripts.php?script=pafiledb) but if you have other suggestions for a secure php script for a good download center, please let me know.

I'm in vaccation right now and will be back on saturday.

Have fun with beta #9 ! :)

Dom.

PS : for JPD : definition of phishing in french : http://fr.wikipedia.org/wiki/Phishing

Posted

We are all maybe aware of Phishing but we should also be aware of pharming too..........

http://en.wikipedia.org/wiki/Pharming

I am having great "fun" .... I mean problems setting up a wireless router network here and after reading http://www.cs.indiana.edu/~atsow/mal-router/ I wonder if I should have bothered.

Still haven't got it to work yet so Internet is hit & miss.

Hope Dom's site is soon back up and running and very secure.

Best wishes

Maureen

Posted

Brian et al,

I downloaded a trial version of XoftSpy by Paretologic.Com and ran a scan. It reported Dollarrevenue as being a Severe threat associated with a file ~DF305B.tmp. To remove the file I would have had to pay $36 for the full program.

I was a little surprised as I use Computer Associates PestPatrol, in active mode, and update it daily. Being cautious I sent the file to CA and their analysis showed that the file was in fact clean.

I also scanned the folder containing the tmp file with Spybot and Adaware neither of these reported the file as suspicious. I am not sure what to conclude from this but having purchased on internet security suite from CA I did not want to pay XoftSpy to enable me to remove a harmless file!

This whole security issue is a bit of a nightmare. I have found the following site very useful and informative:

http://spywarewarrior.com/ There is a fantastic amount of information about security issues on this site and some interesting anformation about rogue products.

There is a note on this page about XoftSpy http://www.spywarewarrior.com/rogue_anti-s...re.htm#xos_note

Peter

Posted
Brian et al,

I downloaded a trial version of XoftSpy by Paretologic.Com and ran a scan. It reported Dollarrevenue as being a Severe threat associated with a file ~DF305B.tmp. To remove the file I would have had to pay $36 for the full program.

I was a little surprised as I use Computer Associates PestPatrol, in active mode, and update it daily. Being cautious I sent the file to CA and their analysis showed that the file was in fact clean.

I also scanned the folder containing the tmp file with Spybot and Adaware neither of these reported the file as suspicious. I am not sure what to conclude from this but having purchased on internet security suite from CA I did not want to pay XoftSpy to enable me to remove a harmless file!

This whole security issue is a bit of a nightmare. I have found the following site very useful and informative:

http://spywarewarrior.com/ There is a fantastic amount of information about security issues on this site and some interesting anformation about rogue products.

There is a note on this page about XoftSpy http://www.spywarewarrior.com/rogue_anti-s...re.htm#xos_note

Peter

Peter,

Yes, I am aware of these issues concerning XoftSpy ~ but one has to be exteremely careful when checking out particular Files with CA. CA is a Yes/No organisation,either the File is 'Clean' or 'Dirty' but thats only part of the overall scenario.

Other Considerations are:-

* Known 'Blacklisted Sites' engaging in aggressive Adware.

* Known 'Blacklisted Sites' engaging in deliberate 'Browser Hi-Jacking'

* Known 'Blacklisted Sites' engaged in 'Browser Re-Direction' to Porn Sites.

There are some 6000+ of these Sites which are well known to the 'Spyware Community' including XoftSpy and SpyBot and many more accredited vendors of Anti-Spyware/Anti-Virus Products.

Your Example:- Dollaravenue, is a known Blacklisted-Site which is capable of 'Automatic-Communications' to other sites WITHOUT your knowledge ~ thats why it is a severe threat and Blacklisted not only by XoftSpy but also Lavasoft, SpyBot, Windows Defender, IoBit-Wincare2 and many others including Microsoft Defender.

Their File in your Temp.Internet Directory DF305b.tmp is -currently benign- but wait till it is commanded to "wake-up" ~ Then we will see if it is a 'False Positive' ~ I hope you get the bigger Picture ?

One is not suggesting that you buy XoftSpy ~just that you avail of the 'Free Scan'~ but believe you me if it flags something at Threat Level 4/6 there is a profound reason why it's doing it....Simply right-click the Item

and get the full explaination, it leaves the final action decision to you !

Brian.Conflow.

P.S If you look at the 'Reviews' about these Programs you will find that XoftSpy has been the No:1 ranking Program for the past 3 years.

Posted

Brian,

I think it might be wise to delete that file!!! I had not come across the concept of a file that acts like a "sleeper" in a spy film - very nasty. Thanks for a timely warning.

Peter

Posted

Peter,

You are making the right decision about that File ~ Just bear with me a little more ~ XP and 2000.Pro and to some extent Vista have the capability of 'Auto-Communications' without intervention from you and without your knowledge.

This utility is used by Microsoft and Norton and many others and was designed for 'Auto-Updating' and 'Auto-Upgrading' of the respective Anti-Virus and Operating Systems. Also there are many Intelligent Programs on your PC that need to communicate with the outside World, such as Windows Defender and most of the modern PC.Printers with Pix-Bridge enabled, there are others...

Unfortunately the 'Hacker Community' have cottoned on to this and use 'devious ways' of exploiting the utility,such as:- Keyloggers that record&send every Keyboard transaction, others use 'Sleeper Files' the most famous of which was the Doomsday file, then we have the Phishers and Browser Hi-Jackers ~ The list is endless, why ?? ~ because there is money to be made at your expense.

The moral of the Story is...If a good A/V Program or Anti-Spy Program 'flags' something, there is good reason for it, and when you see a 'False Positive' always right click it and find out its Properties ~ chances are that it's Blacklisted or that it's capable of 'Erratic Behaviour'

not acceptable against Industry Standards and it could also be a 'Infected File'. The average person wouldn't have the skills to deal with

such things but thankfully we have Professional Companies that do have the skills and historic knowledge about these "rogues"...

Brian.

Posted
The good news is that my last backup was about one month old.

The bad news is that my account is definitely blacklisted and can't be used any more.

I think I'm gonna adopt Lin's suggestion and open a 1&1 account.

But I'm afraid I will have to rebuild my site entirely

G'day Dom,

So sorry to read of your problems, your site has provided us with so much in the past and would be a great loss if not reestablished somehow.

It would be great if you could let us know if the reestablishment of you site is happening and what progress has been made.

I will keep my fingers crossed, good luck and best wishers.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...