Warning! The ASCnet site maybe infected with a Virus.

Started by Ben Thoele, February 18, 2013, 11:32:32 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Mark

Right.  I just wgot it a few minutes ago and looked at it just to see what it was.  I assume it's been cleaned/replaced already.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Bloody Jack Kidd

Sysadmin - Parallel42

Bob

I noticed last week same thing.  AV stopped it cold but popped up visiting community.    Ironic I just mentioned this possibility but java not java script and if board could infect members.    ???

Bloody Jack Kidd

I am curious if it really was bad js and if so, how did it get there. It opens up some pretty scary scenarios.
Sysadmin - Parallel42

Mark

Quote from: Bloody Jack Kidd on February 19, 2013, 02:00:58 PM
I am curious if it really was bad js and if so, how did it get there. It opens up some pretty scary scenarios.

Right.  Was the server compromised and that script edited to obtain malware from somewhere, or what happened?

I know that ASCnet.org uses ColdFusion and there have been exploits for that in the past.  Not familiar with ColdFusion so idk how to tell if it's up to date or not.  Also, the Community and the website are not hosted at the same location.  Socious hosts out of Kansas City and ascnet.org looks to be in Washington DC.

So, www.ascnet.org running ColdFusion does not directly affect community.ascnet.org running Socious.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Bloody Jack Kidd

ah, so it was the coldfusion site?

that would not be surprising then - I had looked at that in the past and thought to myself - "oh boy, it's just a matter of time..."
Sysadmin - Parallel42

Mark

Quote from: Bloody Jack Kidd on February 19, 2013, 03:07:32 PM
that would not be surprising then - I had looked at that in the past and thought to myself - "oh boy, it's just a matter of time..."

HAHAHAHA.  Yep.
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

DebAmstutz

So it's safe to go to ascnet.org now? 

Also, I received email yesterday from one of the ascnet employees regarding an upcoming chapter meeting.  I have not opened it, having read the warning here first.  Do you think I should ask for the email to be resent or would email from ascnet.org yesterday before the problem was fixed be ok to open?  I know there are attachments but they would be pdf's as they are handouts.
Deb Amstutz
Missing TAM 5 days a week

Mark

I wouldn't expect the email to be infected if it were me..
Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Bob

Appears to be ok now.  I'm not getting any alerts like I did last Friday.

DebAmstutz

I'm getting a "This website has experienced an unexpected error" message just now when I tried to go there.  Perhaps there is a bigger problem?
Deb Amstutz
Missing TAM 5 days a week

Bloody Jack Kidd

not looking good...

...and the error is leaking info you don't want to be leaked, like file structure and user accounts.
Sysadmin - Parallel42

Mark

Mark Piontek, MBA
Director of Information Systems
BS in Information Systems Security

Ric

guess it was a good day to be off Monday and have been playing catch up ever since.  Still have not gotten caught up.  is the ASCnet site clean yet?
Ric Tucker
Manager of Information Systems
Past President, New Jersey Chapter

J A Mariano Agency
TAM 2020, 11users, Windows 2019 Server,
Windows 10 Pro 64-bit workstations
fax@vantage 9.0.5,
Acoustic guitar, drums, percussion
Chrome, Microsoft 365

Bloody Jack Kidd

Can't tell if it's clean, apparently it is broken to some degree.
Sysadmin - Parallel42