Friday, April 16, 2004

Web Virus

My friend, Lance Finley, recruiter for Winebrenner Seminary, called me last night while I was watching the final episode of The Apprentice (I am hooked on reality TV right now sadly). He said that his tech guy says that The Crossover website has a virus. I never heard of such a thing. I sent an email to my web host, Hostsave, and they sent an email back this morning that said in fact I do.

Dear customer,


Thank you for contacting HostSave Technical Support. In reviewing your account, I noticed there is a virus embedded within it's content. This appears to have occurred because someone was able to "crack" your password and upload the coding for the virus.

We first ask you to change your password to increase security for your website. We recommend using a combination of letters (both upper and lower case), numbers, and special charactors (such as !@$$%^&*). Here is a link to our Knowledgebase article detailing Good Password Practices: http://216.219.248.52/article.asp?article=70460&p=3629.

Next, you will need to remove the embedded virus from your website. You will need to go through your site and remove the virus code.

The coding should be near the bottom of each of your pages. Please be sure to go through the HTML coding for every page on your website to be positive you have removed the entire infection.

If you prefer, you can delete the current version of your site on the server and upload a clean copy from your computer. We do not have a back up of your site, so only use this method if you have a clean backed up version of your website on your computer!

We are not able to remove the infected pieces of code from your files because this requires modifying your website files. You or your webmaster are most familiar with your website and therefore, in order to ensure your website remains intact, it is best practice for you or your webmaster to make these modifications.

If you have any questions, please feel free to contact us.


How someone cracked my password I don't know. Then I checked my other two websites -- Midwest Planting and Dan R Smith Building Services. Midwest Planting was infected. Dan R Smith was not. It appears what they did was add one piece of code at the bottom of each HTML page that opened an invisible window to another website which then did what I don't know.

It is fixed for now, but yikes...

No comments: