USGenWeb-NW-L ArchivesArchiver > USGenWeb-NW > 2009-10 > 1256025457
From: Colleen <>
Subject: [USGENWEB-NW] Fw: USGenWeb Sites Clean
Date: Tue, 20 Oct 2009 01:57:37 -0600 (GMT-06:00)
NWPL CC Rep
>From: Sherri <>
>Sent: Oct 19, 2009 5:46 PM
>To: , ,
>Subject: [STATE-COORD] USGenWeb Sites Clean
>************* Please Share with Project Mail Lists *************
>The USGenWeb National site and sites hosted on theusgenweb.org have been
>checked and double checked and they are clean of the malware that was
>discovered a few days ago. The only file types that we found affected were
>ones that were .html, .htm or .shtml. The 'techies' at the hosting service
>ran a script to remove the code on all files that were affected. In
>checking through files, we've found no affected files still remaining.
>The reports through some mail lists of files from the Archives and/or
>Tombstone Project have not been able to be confirmed. The Archives and TP
>Projects are not hosted on the same servers or at the same hosting service
>as the National site and/or theusgenweb.org. It is unlikely that a text
>file would be affected by the problems that were discovered on the National
>site since most files in the Archives are text files, not .html, .htm and/or
>.shtml files. The servers that the Archives and TP Project are on have been
>checked and no problems found. At this point, unless a specific URL is
>provided, we can't reproduce the reported problem.
>A few have asked what the hosting service is going to do about the recent
>infections, and their lack of security on the servers. The first infection
>was NOT caused by a lack of security on the servers. The hacker gained
>access to the National site by hacking into a computer that was connected to
>an unsecured network, creating a back door for him/herself and then using
>that backdoor to get in and do his/her dirty work. Once the backdoor was
>opened, they had access to all site folders, which allowed them to infect
>multiple sites. There was an auto-replicating file loaded, among other
>things, so as fast as we were removing infected files, more infected files
>were appearing. Files of many different type were affected.
>That was not the case this time. The files that were hacked were only those
>that had .html, .htm or .shtml extensions. No elaborate file manipulation
>was involved. If you looked at the upload dates, the affected files all had
>the same date on them - the day that the issue was first recognized and
>reported. It was easy to tell what files were affected if you checked them
>carefully. The infections were the same type that were being reported all
>across the web, including Rootsweb/Ancestry. Malware was causing a fake
>notice of an update to Adobe that should be made - and not through the Adobe
>site. If you actually downloaded the file, it 'stole' your cookies,
>enabling them to have access to your info/passwords stored on your computer.
>Most anti-virus programs that I've heard were actually not allowing the page
>to open because they detected the Trojan. I know my Norton's refused to
>allow the page to open, and I know someone reported the same of AVG.
>IX Webhosting's servers can't all be painted with the same bad name. Some
>accounts hosted at IX were not affected - I know that a couple of my
>personal accounts had no problem at all. Likewise, not all of the reports
>were from IX's servers alone. As I mentioned, there were issues with
>Rootsweb and Ancestry's files also not behaving as expected. Several other
>hosting services also had problems with the same malware issues.
>If you should continue to have any problems accessing pages on the National
>site or those that are hosted on theusgenweb.org domain, please let us know.
>Please provide the specific URL of the file that you received the warnings
>about from your anti-virus/anti-spyware software or that you experience
>warning you of a needed update to Adobe.
>For those that host their sites on theusgenweb.org, new passwords are being
>set and you should receive yours in the next couple of days.
>Information about the USGenWeb Project at http://usgenweb.org
>Advisory Board Agenda http://usgenweb.org/agenda2.php
>To unsubscribe from the list, please send an email to with the word 'unsubscribe' without the quotes in the subject and the body of the message
|[USGENWEB-NW] Fw: USGenWeb Sites Clean by Colleen <>|