I-BLOG

As I mentioned before, my site was tagged for malware’s by Google and I had to put quite some effort to get it cleaned. I got a JavaScript injection attacks named ‘Yahoo! Counter Starts”, this seems relatively new and not much of authentic information is available at this moment. But there are a lot of forums/blogs that got affected by it and tagged by Google as well.

Seems that this thing basically has a redirection to an ip address residing somewhere in Russia and eventually takes the username/password details from the site/visitors etc. Pretty Scary if we look for the real meaning of this. Couple of sites helped me in cleaning it up and am consolidating here for the sake of others.

The script looks something like this;

<script language=javascript><!-- Yahoo! Counter starts
if(typeof(yahoo_counter)!=typeof(1))eval(unescape('|/#/@.~.!.................[keeps going]
<!-- counter end --></script>

Checkout this thread [ Click Here ] Also it may be possible that your actual php/html files are neat, since this kinda stuff can go into the base DB as well. It is a nasty one to fix. Check all your permissions on the files, is the best thing to do.

1. Google.com (Google webmaster tools)
   1. If you own a site, you can add your site address and a full sitemap here and Google will analyze the site for anything that is found wrong. [Click Here to Go] More information can be found [Here]
2. BadwareBusters.org
   1. These guys have a facility where you can provide your web address, they’ll scan and let you know the issues found. There is also an option for looking deep and to have a complete scan report (comes quite fast, 24 hours maximum)
3. BlacklistDoctor.com
   1. Again these guys have the facility to scan your website by giving the URL will let you know of any found scripts
4. UnmaskParasites.com
   1. It was in beta stage and when I tried wasn’t working. Lately it is seen to be working fine. Does scanning of your sites and also gives you an impression on whether it is black marked or not.
5. MalwareBytes
1. They have a utility to check your computer to see if there are any remnants of trojan files or affected file streams in your local system. This is very important since you cleaning up the site is ok on one hand but what if you reinfect it by yourselves again?
6. WP Security Scan
1. If you own a wordpress web site like me, this plugin is a good one to use. It does check this following.
1. -passwords
   
   -file permissions

   -database security

   -version hiding

   -WordPress admin protection/security

   -removes WP Generator META tag from core code

7. Also Read this [ Click Here ]

Once you do the cleaning, go back to Google Web Masters and/or other sites mentioned above for a reevaluation and they’d take off the malware warning tag from your blog once they verify the contents again.

My company is situated in a Tech Park / IT Park in Bangalore and couple of months back SBI opened a branch in our complex. Kinda great deal that time with the recession at this pace, banks going haywire. One of my colleague said that it is always better to have an account with SBI and since it is a nationalized public sector bank, you can trust them. I joined the crowd and opened an account! I still couldn’t believe that I was doing that, based on my past experiences with public sector banks. To get anything from them is an ART!

So I opened an account and they sent me the debit card + check books in a months time. I went to the bank asking for the PIN, debit card’s (SBI do not send the PIN to your house, you have to go collect it from the bank personally, an additional security or so they say). I checked with the accountant looking guy about my PIN, he goes;

“It won’t come here”

I was stumped, then I asked him for details, so he said “it goes to another branch and we have to collect it from there”. So I asked him again, does this ‘we’ means I should go collect or the bank will do it, so the answer was the bank would do it, once they receive it they’ll buzz me was the option I had. Then I said okay don’t you need my details so that you can collect it from that branch, he says no, he will collect it (first when I entered he didn’t even know me, but he now says that he’d collect my PIN and give it to me!). I wasn’t convinced but neither had an option. I was asked to come on the next Monday to get the PIN.

I sat on it for 2 more weeks, nothing happened. So I went to the bank, the manager said, SBI used to get their card printed from a third party people and now recently they moved to their own subsidiary for printing the card and stuff like that. All I wanted to know was where the hell my PIN for the debit card is! He suggested that there are some issues and he’ll send an email. So this guy is looking into the monitor, typed something then started staring at the monitor for quite some time. Then the previously mentioned accountant also joined him. They were looking for something which I couldn’t see. One of my friend was sitting next to me, he hadn’t even received the card itself. About 5 minutes my friend was kind of struggling to quit laughing (remember we’re seated in Manager’s cabin). Then finally they said, they have let the concerned department know and will update us. We came out and my friend bursted out in laughter and he said, for about 5 minutes they searched for the ‘SEND’ button for sending the email!

Then after a week, I insisted on closing my account and get me a new debit card (by that time, the bank got their ‘acceptance kit’, with the debit card and 10 leaves of checkbook etc). So I opened another account, they gave me the new debit card. Guess what was printed on it for a name “Branch Manager’. I was shocked to see it and had some funny jokes about it with my friends. Well, what did I know

I had a very big amount transferred to that account thinking that I’d use this one for all my purchases that I’m doing for my new home. Then came thee issues, tried this card in couple of shops and it never worked.

Today I went to SBI again to tell my ‘sad story’. They looked at me like a cancer patient who is breathing his last breath. Then came the questions;

“Which shop did it not work’

“Did you make sure it was used as debit card”

I would’ve thought they’d give some respect for my age and that I’d have not simply complained for the sake of complaining. Then the lady said, it would take 3 months to get it activated. I was shocked. What the f****?

I got up and was a bit tensed and my sound wasn’t quite comfortable to anybody in the bank, then the accountant came up to say something, by the way he came to me, I thought he has a solution and he uttered these to me man;

“Even my debit card doesn’t work”

For a moment, I wasn’t sure I heard it correct. So he clarified, seems that he tried it in a couple of shops and it didn’t work and he assumed that it’ll take some time before it gets activated. For a moment I felt like I got a slap on my face. I walked up to the Manager’s cabin and told him. As usual this fella started making couple of calls like our MLA/MP’s do in movies. Then finally said, he would send a mail to some one and get some clarification. I silently walked out of the bank not knowing what to do. AND this is our public sector BANK!

PS:- The guy who opened the very first account in this branch got his ATM card only today and he has been asked to wait for 45 days and *see* whether he gets the ATM PIN, otherwise they’d close his account and open a new one. Ya, the ‘Branch Manager’ card

Finally after much of cleaning up, my site is clear of ‘malware’ tag. Thanks for Google/Stopbadwares.org/Badwarebusters.org to find out what the issue was with my blog(s).

Still some cleaning up is required and my hosting provider is working on it. Thanks to them, they already did clean some of the issues. Seems that a lot of the sites with this hosting provider got hacked and thus suffers. I’m looking to write a detailed write-up on what happened / how it is cleaned; not now though, once the life comes back to normal

So gladly I got sql injected probably… Well, so many others are too…

Well, Google ranks my site as attack site and the popular browsers have Google’s client side API, the browsers don’t allow to browse through my site, yea a perfect weekend for me

Couple of months back my site got hacked by Zone.H guys and I don’t realize what fun they get by doing this. However I spent some good time in cleaning it up. Since then the site has been behaving good. However, Google’s web-crawl report shows a lot of links that are dangerous on my site, the thing is those links are invalid and I however do not have any content at all that harms anybody.

I spent some more time cleaning up a lot of old archived files etc and have resubmitted my request again to give me a clean certificate. Now it is wait and see time. To my surprise, there are a lot of sites blocked like this and internet does have a lot of resources/ plugins that can be used to check the site. Well believe me, I’ve used them all now and they say my site is clean and neat. Gotta wait now… Sigh!!!

  Among a lot of ‘ism’s’, this one is another “Indianism”

  Got through an email forward at work and lets look at it ;

      My Girl grows faster and taller day by day

She makes the decisions for herself now, well at ~4 years of age this girl demands that her hair be left as it is and wouldn’t let me get it trimmed. Kids now-a-days are more and more self-contained and determined. You just can’t make them do what you want to do!