My website has been taken over when viewed by Firefox
-
- Posts: 12
- Joined: December 22nd, 2005, 3:43 pm
- Location: Launceston, Tasmania
My website has been taken over when viewed by Firefox
I am the webmaster for City Baptist Church, Launceston. Our website is http://mywebsite.bigpond.com/citybaptistchurch/
When I view the site with Firefox 2.0.0.7 a different page shows, sometimes a containing a pornographic jpg. This does not occur when I view with MSIE, Safari, or SeaMonkey. Neither does it occur if I use http://mywebsite.bigpond.com/citybaptis ... /index.htm
The ISP, Bigpond, insists that it is nothing to do with them. I've looked the directory on the ISP and found nothing abnormal, and have reloaded the index file
I have run an AVG antivirus check and No-Adware and Ad-Aware spyware checks and found nothing on my computer.
Could some kind soul please check the website and tell me what you see? Even more important, could you tell me what to do to stop the problem?
When I view the site with Firefox 2.0.0.7 a different page shows, sometimes a containing a pornographic jpg. This does not occur when I view with MSIE, Safari, or SeaMonkey. Neither does it occur if I use http://mywebsite.bigpond.com/citybaptis ... /index.htm
The ISP, Bigpond, insists that it is nothing to do with them. I've looked the directory on the ISP and found nothing abnormal, and have reloaded the index file
I have run an AVG antivirus check and No-Adware and Ad-Aware spyware checks and found nothing on my computer.
Could some kind soul please check the website and tell me what you see? Even more important, could you tell me what to do to stop the problem?
Regards, Alex
- steviex
- Moderator
- Posts: 28902
- Joined: August 12th, 2006, 8:27 am
- Location: Middle England
Looks OK with me...Using Firefox 2.0.0.6 on Linux.
OK ... It is also possible that you might have a spyware infection on your machine. Install and run these programs.
Try them all, as they all catch different things...
SuperAntispyware
AdAware
Spybot Search & Destroy
AVG Anti-Spyware Free
If these don't find it or can't clear it, post in one of these forums for specialized malware removal help:
http://castlecops.com/
http://www.spywarewarrior.com/index.php
http://forum.aumha.org/
http://forums.spywareinfo.com/
(Thanks to Daifne for the list)
OK ... It is also possible that you might have a spyware infection on your machine. Install and run these programs.
Try them all, as they all catch different things...
SuperAntispyware
AdAware
Spybot Search & Destroy
AVG Anti-Spyware Free
If these don't find it or can't clear it, post in one of these forums for specialized malware removal help:
http://castlecops.com/
http://www.spywarewarrior.com/index.php
http://forum.aumha.org/
http://forums.spywareinfo.com/
(Thanks to Daifne for the list)
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -Albert Einstein
Please DO NOT PM me for support... Lets keep it on the board, so we can all learn.
Please DO NOT PM me for support... Lets keep it on the board, so we can all learn.
- Scribbler
- Posts: 330
- Joined: September 1st, 2003, 12:28 pm
- Location: Aurora CO
- Contact:
- Scorzonera
- Posts: 562
- Joined: May 14th, 2004, 1:31 am
Scribbler wrote:Actually, when I look at that site in Firefox, I get a simple page that says "Monitoring is fun" but when I use a different webbrowser it comes up just fine.
Looks like somebody with access to the site may have set it up to block browsers running FF and/or Adblock.
Looks like there is something going on with the statcounter script.
I block statcounter by default with AdBlock, and it's the only thing that gets blocked on that web site. When I disable AdBlock, I get that "Monitoring is fun" message. After a refresh, I get a picture (some kind of a weird troll, or whatever) instead of that message.
When I enable AdBlock again, leave the site and visit it again, all's well again.
-
- Posts: 12
- Joined: December 22nd, 2005, 3:43 pm
- Location: Launceston, Tasmania
Thanks to you both.
Now I'm even more worried than I was this morning. I downloaded and ran the AVG antispyware program, and thought I had fixed the problem because I could get back to the site and see it properly. But I just checked a minute ago and the problem is back.
If both Scribbler and Scorzona experienced the problem then it can't just be my computer, though I don't understand why Steveiex didn't have the problem - unless it's a window based malware.
Can you suggest a solution? I'll try uploading an index page without the Statcounter script and see if that works. I'm the only one with legal access to the church site.
Now I'm even more worried than I was this morning. I downloaded and ran the AVG antispyware program, and thought I had fixed the problem because I could get back to the site and see it properly. But I just checked a minute ago and the problem is back.
If both Scribbler and Scorzona experienced the problem then it can't just be my computer, though I don't understand why Steveiex didn't have the problem - unless it's a window based malware.
Can you suggest a solution? I'll try uploading an index page without the Statcounter script and see if that works. I'm the only one with legal access to the church site.
Regards, Alex
- steviex
- Moderator
- Posts: 28902
- Joined: August 12th, 2006, 8:27 am
- Location: Middle England
Sorry... I thought the monitoring is fun message was part of the site.... (Add 10 idiot points!) Other than that I could see no problems.... The Bible message seems to come up OK after clearing my cache..... Now seems to behave normally....
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -Albert Einstein
Please DO NOT PM me for support... Lets keep it on the board, so we can all learn.
Please DO NOT PM me for support... Lets keep it on the board, so we can all learn.
-
- Posts: 12
- Joined: December 22nd, 2005, 3:43 pm
- Location: Launceston, Tasmania
No, it's back, Steviex, even after uploaded an index page without the statcounter script.
The problem was not there when I tested just after uploading the new index.htm, but came back within half an hour. It bothers me that someone has access to my site, and I can't stop them.
I really have no idea what to do next.
The problem was not there when I tested just after uploading the new index.htm, but came back within half an hour. It bothers me that someone has access to my site, and I can't stop them.
I really have no idea what to do next.
Regards, Alex
- malliz
- Folder@Home
- Posts: 43796
- Joined: December 7th, 2002, 4:34 am
- Location: Australia
- a;skdjfajf;ak
- Posts: 17002
- Joined: July 10th, 2004, 8:44 am
-
- Posts: 6920
- Joined: July 29th, 2003, 1:09 pm
-
- Posts: 2
- Joined: October 5th, 2007, 2:59 pm
- Location: Melbourne
my webspace at bigpond has also been similarly corrupted for the past 12 hours (starting 5.10.07). Mainly images been swapped, but sometimes a whole webpage from another site replaces a single jpg on my site. It is causing havoc. I am hosting images at ebay with auctions closing today and my AV receiver pics are being swapped for dogs and horses. Shall I cancel my auction and claim a refund of fees from Telstra? This is certainly not caused by a problem at my end. I use numerous Macintosh at work and home. I have found the fault on numerous Mac OS, both OSX and OS9, running Safari and MSIE (did not check firefox). I have uploaded replacement jpg files and the problem is fixed for either minutes or hours. I have changed my password twice. I have absolutely no problem with any of the other 7 domains which I manage from the same computer. I have no problem viewing any non-bigpond websites.
Yesterday I called Bigpond cable to tell them about it.
I got referred to hosting who referred me back to cable. Cable people know nothing more than how to set up an email client. Absolutely clueless. They told me my computer had a virus and I should buy some anti-adware software!! Macs don't get viruses, especially adware ones that run on MSIE for windows. I have never experienced a virus in 17 years of using Macs, and stopped buying anti-virus software 15 years ago because it was a waste of time and money. I insisted on being referred to someone who knows what an ftp port is. Eventually I got to speak to someone in a vaguely technical area (hosting I think). They were dismissive. The first guy could not check for the problem because his browser is not accessible to the WWW. He sent a message to a superior (who apprantly has www access) and the message came back that there is no problem with my site. That is perhaps because I was on a 5 minute upload cycle repetetively uploading my pics to try to avoid them being stuffed with by a trojan horse residing on the bigpond server.
Check out this thread:
http://forums.whirlpool.net.au/forum-re ... 77855.html
It is the same story all over again.
One of my pics on my bigpond site is my AV receiver.
It should be at this location:
http://mywebsite.bigpond.com/sean.hardy ... onkyo1.jpg
But last night it gave me a bizarre webpage instead of a jpg. I captured what it showed me and saved it to its own page, which I have posted on bigpond here:
http://mywebsite.bigpond.com/sean.hardy ... amily.html
When I visit that bigpond page, I find it has been stuffed within only 1 minute after loading it. You will see that it in fact displays the "monitoring is fun" text.
So I have also placed the original stuffed page here:
http://www.japanese.com.au/syme_family.html
What you will see on the syme_family page is a missing jpg in the centre of page. The missing jpg is supposed to link to someone's new-born. On my page, the link remained the same, but the actual image displayed was my av receiver. In other words, when I tried to view my jpg alone, I got a html page with linked jg file that is not suppoed to be of my av receiver, but actually was my av receiver....
But when I download the original html file back to my computer I see all the original html is intact and unchanged. So whatever is doing this is not changing the html, and I now see they are also not changing the actual images. They are just diverting the calls to those addresses to other random bigpond addresses. The text "monitoring is fun" is probably the test placed by a bigpond customer on his/her website somewhere and is being sent out in lieu of the proper link.
I have placed a jpg of the adulterated webpage in two places and you can see how stuffed bigpond is. Check the url at top of the page which shows what i was hoping to view was my av receiver:
bigpond server: http://mywebsite.bigpond.com/sean.hardy ... igpond.jpg
a secure server: http://www.japanese.com.au/bigpond.jpg
I have had many bizarre examples of this. Horses, dogs, html replacing jpg, etc. Within seconds of placing a jpg on my bigpond site it will be swapped for something else.
Anyway, enough speculation. Bigpond have known about this for 9 months and have not fixed the problem. They are still in denial. Telstra, one of the biggest telcos in the world is unable to maintain secure web servers. It is unable to address, or even acknowledge, customer complaints about security breaches on webspace their cumstomers have paid for. Telstra does not seem to have any internet security staff at all, 'cos I tried for 2 hours to be put through to them during business hours yesterday and continually was told no such personal existed. Little wonder webservers hosted at telstra bigpond are riddled with viruses. I have been a telstra subscriber for 4 weeks. It took me 7 weeks of pain, inconvenience and gross incompetance to have telstra cable connected. Even getting my home phone connected in August was a joke. It went off the air for 7 days after I moved into my new place.
Previously I spent 6 years subscribed to Optus cable. It was marvellous. Barely a single problem, and any that happened were only minor and fixed immediately. If only Optus had cable or ADSL2+ in my street.....
Yesterday I called Bigpond cable to tell them about it.
I got referred to hosting who referred me back to cable. Cable people know nothing more than how to set up an email client. Absolutely clueless. They told me my computer had a virus and I should buy some anti-adware software!! Macs don't get viruses, especially adware ones that run on MSIE for windows. I have never experienced a virus in 17 years of using Macs, and stopped buying anti-virus software 15 years ago because it was a waste of time and money. I insisted on being referred to someone who knows what an ftp port is. Eventually I got to speak to someone in a vaguely technical area (hosting I think). They were dismissive. The first guy could not check for the problem because his browser is not accessible to the WWW. He sent a message to a superior (who apprantly has www access) and the message came back that there is no problem with my site. That is perhaps because I was on a 5 minute upload cycle repetetively uploading my pics to try to avoid them being stuffed with by a trojan horse residing on the bigpond server.
Check out this thread:
http://forums.whirlpool.net.au/forum-re ... 77855.html
It is the same story all over again.
One of my pics on my bigpond site is my AV receiver.
It should be at this location:
http://mywebsite.bigpond.com/sean.hardy ... onkyo1.jpg
But last night it gave me a bizarre webpage instead of a jpg. I captured what it showed me and saved it to its own page, which I have posted on bigpond here:
http://mywebsite.bigpond.com/sean.hardy ... amily.html
When I visit that bigpond page, I find it has been stuffed within only 1 minute after loading it. You will see that it in fact displays the "monitoring is fun" text.
So I have also placed the original stuffed page here:
http://www.japanese.com.au/syme_family.html
What you will see on the syme_family page is a missing jpg in the centre of page. The missing jpg is supposed to link to someone's new-born. On my page, the link remained the same, but the actual image displayed was my av receiver. In other words, when I tried to view my jpg alone, I got a html page with linked jg file that is not suppoed to be of my av receiver, but actually was my av receiver....
But when I download the original html file back to my computer I see all the original html is intact and unchanged. So whatever is doing this is not changing the html, and I now see they are also not changing the actual images. They are just diverting the calls to those addresses to other random bigpond addresses. The text "monitoring is fun" is probably the test placed by a bigpond customer on his/her website somewhere and is being sent out in lieu of the proper link.
I have placed a jpg of the adulterated webpage in two places and you can see how stuffed bigpond is. Check the url at top of the page which shows what i was hoping to view was my av receiver:
bigpond server: http://mywebsite.bigpond.com/sean.hardy ... igpond.jpg
a secure server: http://www.japanese.com.au/bigpond.jpg
I have had many bizarre examples of this. Horses, dogs, html replacing jpg, etc. Within seconds of placing a jpg on my bigpond site it will be swapped for something else.
Anyway, enough speculation. Bigpond have known about this for 9 months and have not fixed the problem. They are still in denial. Telstra, one of the biggest telcos in the world is unable to maintain secure web servers. It is unable to address, or even acknowledge, customer complaints about security breaches on webspace their cumstomers have paid for. Telstra does not seem to have any internet security staff at all, 'cos I tried for 2 hours to be put through to them during business hours yesterday and continually was told no such personal existed. Little wonder webservers hosted at telstra bigpond are riddled with viruses. I have been a telstra subscriber for 4 weeks. It took me 7 weeks of pain, inconvenience and gross incompetance to have telstra cable connected. Even getting my home phone connected in August was a joke. It went off the air for 7 days after I moved into my new place.
Previously I spent 6 years subscribed to Optus cable. It was marvellous. Barely a single problem, and any that happened were only minor and fixed immediately. If only Optus had cable or ADSL2+ in my street.....
Last edited by stoner on October 5th, 2007, 8:16 pm, edited 1 time in total.
- steviex
- Moderator
- Posts: 28902
- Joined: August 12th, 2006, 8:27 am
- Location: Middle England
I guess there is not much we can advise you with here, if it is a hosting company problem..
All I can advise is
All I can advise is
- Tell them that there is a problem
- Hassle them some more
- See if they are not breaking any of their contractual obligations
- Judge whether the goods you are receiving are fit for purpose
- Ask for a refund if points 3 and 4 are not satisfied
- Vote with your feet.if you are still not happy
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. -Albert Einstein
Please DO NOT PM me for support... Lets keep it on the board, so we can all learn.
Please DO NOT PM me for support... Lets keep it on the board, so we can all learn.
-
- Posts: 12
- Joined: December 22nd, 2005, 3:43 pm
- Location: Launceston, Tasmania
Thanks, Stoner. That's most helpful if only in that it gives me an idea where to look to deal with the problem. Have you had any success in contacting Bigpond by email? There are bigpond users groups on Usenet, and I'll try there to
Some interesting points
- My wife runs Safari on her Apple, and has not seen the false jpgs or scraps of text when she visits the site
- the affected site is on bigpond.com. My home page is on bigpond.net.au, and has not been affected. Is this significant do you think?
- I had intended to change the password for the site to see if that helped, but you have changed your password twice so I won't bother changing mine till I have tried something else.
Some interesting points
- My wife runs Safari on her Apple, and has not seen the false jpgs or scraps of text when she visits the site
- the affected site is on bigpond.com. My home page is on bigpond.net.au, and has not been affected. Is this significant do you think?
- I had intended to change the password for the site to see if that helped, but you have changed your password twice so I won't bother changing mine till I have tried something else.
Regards, Alex