Health and Safety for Beginners

by **Jack Kane** » Thu Jan 07, 2010 11:00 am

Just to let you all know that I discovered yesterday that HSfB had been hacked!

It's all fixed now, but if you see anything strange at all on any part of the entire site, including the forums, please let me know.

This is one of the reasons why I'm such a big bad ogre on the forums sometimes :lol:

What Happened?

I'm no expert on how this happened, but the hacker/spammer has discovered a way in to the main site's file structure. There are many ways this could happen and I'd be guessing as to how they did it.

They managed to upload a web site to those medications we all get plenty of emails for and the web site contained 2,000 pages! Yup, 2,000 pages were uploaded to HSfB's root file system. They used an inconspicuous file path, but made it searchable by search engines.

I only found out after receiving an email from an executive director of security for a large organisation:

Scary Email wrote:Dear Sir or Madam,

Novartis is the owner of the well-known trademark and trade name Diovan. As you are no doubt aware, Diovan is a trademark used to identify products, services, activities and events related to Novartis.

It has come to Novartis' attention that you are utilizing the Diovan mark without having obtained prior written authorization from Novartis within the contents of the following URL(s):

In view of the above intellectual property rights owned by Novartis, we ask that you immediately remove all metatags, keywords, visible or hidden texts including trademark presently appearing on the above-cited web site(s) and any other web site(s).

If we do not hear from you, or the infringing material described above are not removed, within 14 days, we will take appropriate action to defend our intellectual property rights, including the referral of the case to appropriate authorities, if warranted. In this regard, the following links maybe of interest/relevancy to you:

Obviously I contacted my web host who were brilliant, as usual, and who are still investigating how this happened. They also removed the threat and have updated a few security things on their servers.

I also changed my passwords for the administration of the site!

by **Ian Rienewerf** » Thu Jan 07, 2010 11:12 am

Cheers Jack,
Very useful information for those of us who maintain our own business websites & internet spaces.

by **Jack Kane** » Thu Jan 07, 2010 11:15 am

That's what I thought too Ian. It's just handy to know a little of how we can help protect ourselves.

In fact, if you want to check your own root folders for similar, the uploaded pages were located within the main root folder under a folder called ".store". I also discovered on the web that other folders were called ".info".

by **Reddwarf** » Thu Jan 07, 2010 12:47 pm

but if you see anything strange at all on any part of the entire site, including the forums, please let me know.

Where do i start :lol:

Red

by **Jack Kane** » Thu Jan 07, 2010 2:42 pm

There's always one Red :roll:

by **sleepy184** » Thu Jan 07, 2010 8:17 pm

Thanks Jack.
Good info to have.

by **ddlh** » Sat Jan 09, 2010 8:41 pm

Jack - why did the system firewall not catch it?
Do you think your host supplier was slack or is this something that all computer users may be suceptable to? Could there have been a transfer to anyone accessining the site during the time of infection?

My computer is clean - but could others be infected?

Dave

by **Jack Kane** » Sat Jan 09, 2010 9:50 pm

Dave, I'm afraid I don't have any definitive answers to your questions.

I don't think it was a virus, I think it's a hack attack. What I can say though is that the web host is definitely not slacking, I'm confident of that.

None of the files on HSfB have been infected with any sort of virus as there was never a virus in the first place.

Good questions and these are probably questions other people must be thinking of also.

I'll pass on any updates I get from the web host when I get them.