1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My website is trying to download Bloodhound.Exploit.213 to everyone who reaches it...

Discussion in 'General Security' started by debrawinters, May 22, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. debrawinters

    debrawinters Thread Starter

    Joined:
    May 22, 2009
    Messages:
    4
    Our Little League website hosted at lunarpages.com is trying to download
    Bloodhound.Exploit.213

    on everyone's system! Google has tagged it as malware as well. Where do I find this darn thing???

    The website is hxxp://monarchlittleleage.org

    Thanks!

    Debra :eek:
     
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,662
    This is happening a lot lately via iframe, pdf or flash exploits. You need to have the web pages checked and cleaned of embedded malicious code.
     
  3. TOGG

    TOGG

    Joined:
    Apr 2, 2002
    Messages:
    5,700
    Two points to consider;

    1. Is 'monarchlittleleage' a spelling error for 'monarchlittleleagues.com'? The latter appears to be a legitimate site that produces no response from my security programs. In any event, it would be a good idea to edit the link out of your post.

    2. Have a look at this thread; http://forums.techguy.org/general-security/829066-google-preventing-access-my-site.html If your site, however it's spelt, is loading malware, it's probably the hosting company's servers that are infected.
     
  4. debrawinters

    debrawinters Thread Starter

    Joined:
    May 22, 2009
    Messages:
    4
    OK after surfing the web, I found where to look go to hxxp://monarchlittleague.org and do a View on the Page Source. Scroll down to the bottom and you'll find BELOW </body> and </html> is a lengthy line running a script. I'm positive that's the issue.

    I need to remove that, but I don't know how to do it via Joomla! The League's website is hosted on lunarpages.com and joomla.org is the admnistrator.

    I'm an old time webmaster that hacks html by hand. These CMS's drive me nuts. Any clue how to remove that line???
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,846
    That site has multiple malicious scripts from chinese sites including infected exploits downloading pdf & flash malware

    take it offline immediately & get your host to plug the security hole in joomla that has allowed them to do this
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,846

    there is a lot more than that line infected

    there are 7 or 8 scripts on the page all infected

    contact your host & take it offline immediately
    http://www.lunarpages.com/support/
     
  7. debrawinters

    debrawinters Thread Starter

    Joined:
    May 22, 2009
    Messages:
    4
    OMG I just bought my kids a Hedge Hog.

    Anyway, I figured this out:
    The CMS is Joomla -- someone from Joomla hacked into the site and changed some admin and other important files to 777 permissions. This enabled someone to install execute the script from our site.

    Changed the perms, password and all is well again. Thanks for all who replied.
     
  8. debrawinters

    debrawinters Thread Starter

    Joined:
    May 22, 2009
    Messages:
    4
    OK after working with lunarpages.com, I think we patched the holes. If anyone has the time to have another look, that would be great.

    I'm GLAD I found this forum!!!! This, by far, is the best forum I've found. Wish I'd known about this long ago.
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,846
    it is still infected this morning

    you are not alone but you MUST get it taken off line until it is cleaned up

    you are infecting everybody who visits your site
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/829229