[debrawinters]

Our Little League website hosted at lunarpages.com is trying to download
Bloodhound.Exploit.213

on everyone's system! Google has tagged it as malware as well. Where do I find this darn thing???

The website is hxxp://monarchlittleleage.org

Thanks!

Debra

[Cookiegal]

This is happening a lot lately via iframe, pdf or flash exploits. You need to have the web pages checked and cleaned of embedded malicious code.

[TOGG]

Two points to consider;

1. Is 'monarchlittleleage' a spelling error for 'monarchlittleleagues.com'? The latter appears to be a legitimate site that produces no response from my security programs. In any event, it would be a good idea to edit the link out of your post.

2. Have a look at this thread; http://forums.techguy.org/general-se...s-my-site.html If your site, however it's spelt, is loading malware, it's probably the hosting company's servers that are infected.

[debrawinters]

OK after surfing the web, I found where to look go to hxxp://monarchlittleague.org and do a View on the Page Source. Scroll down to the bottom and you'll find BELOW </body> and </html> is a lengthy line running a script. I'm positive that's the issue.

I need to remove that, but I don't know how to do it via Joomla! The League's website is hosted on lunarpages.com and joomla.org is the admnistrator.

I'm an old time webmaster that hacks html by hand. These CMS's drive me nuts. Any clue how to remove that line???

[dvk01]

That site has multiple malicious scripts from chinese sites including infected exploits downloading pdf & flash malware

take it offline immediately & get your host to plug the security hole in joomla that has allowed them to do this

[dvk01]

Quote:

Originally Posted by debrawinters

OK after surfing the web, I found where to look go to hxxp://monarchlittleague.org and do a View on the Page Source. Scroll down to the bottom and you'll find BELOW </body> and </html> is a lengthy line running a script. I'm positive that's the issue.

I need to remove that, but I don't know how to do it via Joomla! The League's website is hosted on lunarpages.com and joomla.org is the admnistrator.

I'm an old time webmaster that hacks html by hand. These CMS's drive me nuts. Any clue how to remove that line???

there is a lot more than that line infected

there are 7 or 8 scripts on the page all infected

contact your host & take it offline immediately
http://www.lunarpages.com/support/

[debrawinters]

Quote:

Originally Posted by dvk01

That site has multiple malicious scripts from chinese sites including infected exploits downloading pdf & flash malware

take it offline immediately & get your host to plug the security hole in joomla that has allowed them to do this

OMG I just bought my kids a Hedge Hog.

Anyway, I figured this out:
The CMS is Joomla -- someone from Joomla hacked into the site and changed some admin and other important files to 777 permissions. This enabled someone to install execute the script from our site.

Changed the perms, password and all is well again. Thanks for all who replied.

[debrawinters]

OK after working with lunarpages.com, I think we patched the holes. If anyone has the time to have another look, that would be great.

I'm GLAD I found this forum!!!! This, by far, is the best forum I've found. Wish I'd known about this long ago.

[dvk01]

it is still infected this morning

you are not alone but you MUST get it taken off line until it is cleaned up

you are infecting everybody who visits your site