Overclock.net › Forums › Software, Programming and Coding › Networking & Security › my site is opening a connection to some weird site
New Posts  All Forums:Forum Nav:

my site is opening a connection to some weird site

post #1 of 4
Thread Starter 
I built a simple site for my mom back in high school with dream weaver. It's on a linux server running apache and MYSQL. The other day one of her customers e-mailed her saying avast kept saying her site was infected. I checked it out, and sure enough it's opening a connection to "sativaonline.net" which doesn't have a website, but there is a domain name registration, and therefore a whois entry which says it's some guy in Jamaica. I've searched through the source code for anything that mentions that, and found nothing... what the heck is this?

the site is soapandgarden.com, but i'm not sure if it's really infected or not, so look at your own risk.
post #2 of 4
What the hell is that obfuscated JavaScript at the bottom?
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
post #3 of 4
Thread Starter 
that's it... where the hell did it come from? what was it doing?
post #4 of 4
Quote:
Originally Posted by {core2duo}werd;13012608 
that's it... where the hell did it come from? what was it doing?

I dunno, I didn't bother to decode it. Not in the mood to be sent to random malicious websites today. smile.gif

Next step is to actually secure your web site.
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
Underground
(14 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 920 C0 ASUS P6T6 WS Revolution GTX 460 TR3X6G1600C8D 
Hard DriveOptical DriveCoolingOS
WD1001FALS SAMSUNG SH-S223F 22X DVD MULTI Corsair H50 Fedora 16 KDE x86_64 
MonitorKeyboardPowerCase
HP w19b Microsoft Comfort Curve Corsair CX600 Thermaltake Armor VA8003BWS 
MouseMouse Pad
Razer DeathAdder Black 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › my site is opening a connection to some weird site