RootsWeb: USGenWeb-NW-L [USGENWEB-NW] Fw: USGenWeb Sites Clean

USGenWeb-NW-L Archives

Archiver > USGenWeb-NW > 2009-10 > 1256025457

From: Colleen <>
Subject: [USGENWEB-NW] Fw: USGenWeb Sites Clean
Date: Tue, 20 Oct 2009 01:57:37 -0600 (GMT-06:00)

F.Y.I. Colleen Pustola NWPL CC Rep -----Forwarded Message----- >From: Sherri <> >Sent: Oct 19, 2009 5:46 PM >To: , , >Subject: [STATE-COORD] USGenWeb Sites Clean > >************* Please Share with Project Mail Lists ************* > >The USGenWeb National site and sites hosted on theusgenweb.org have been >checked and double checked and they are clean of the malware that was >discovered a few days ago. The only file types that we found affected were >ones that were .html, .htm or .shtml. The 'techies' at the hosting service >ran a script to remove the code on all files that were affected. In >checking through files, we've found no affected files still remaining. > >The reports through some mail lists of files from the Archives and/or >Tombstone Project have not been able to be confirmed. The Archives and TP >Projects are not hosted on the same servers or at the same hosting service >as the National site and/or theusgenweb.org. It is unlikely that a text >file would be affected by the problems that were discovered on the National >site since most files in the Archives are text files, not .html, .htm and/or >.shtml files. The servers that the Archives and TP Project are on have been >checked and no problems found. At this point, unless a specific URL is >provided, we can't reproduce the reported problem. > >A few have asked what the hosting service is going to do about the recent >infections, and their lack of security on the servers. The first infection >was NOT caused by a lack of security on the servers. The hacker gained >access to the National site by hacking into a computer that was connected to >an unsecured network, creating a back door for him/herself and then using >that backdoor to get in and do his/her dirty work. Once the backdoor was >opened, they had access to all site folders, which allowed them to infect >multiple sites. There was an auto-replicating file loaded, among other >things, so as fast as we were removing infected files, more infected files >were appearing. Files of many different type were affected. > >That was not the case this time. The files that were hacked were only those >that had .html, .htm or .shtml extensions. No elaborate file manipulation >was involved. If you looked at the upload dates, the affected files all had >the same date on them - the day that the issue was first recognized and >reported. It was easy to tell what files were affected if you checked them >carefully. The infections were the same type that were being reported all >across the web, including Rootsweb/Ancestry. Malware was causing a fake >notice of an update to Adobe that should be made - and not through the Adobe >site. If you actually downloaded the file, it 'stole' your cookies, >enabling them to have access to your info/passwords stored on your computer. >Most anti-virus programs that I've heard were actually not allowing the page >to open because they detected the Trojan. I know my Norton's refused to >allow the page to open, and I know someone reported the same of AVG. > >IX Webhosting's servers can't all be painted with the same bad name. Some >accounts hosted at IX were not affected - I know that a couple of my >personal accounts had no problem at all. Likewise, not all of the reports >were from IX's servers alone. As I mentioned, there were issues with >Rootsweb and Ancestry's files also not behaving as expected. Several other >hosting services also had problems with the same malware issues. > >If you should continue to have any problems accessing pages on the National >site or those that are hosted on theusgenweb.org domain, please let us know. >Please provide the specific URL of the file that you received the warnings >about from your anti-virus/anti-spyware software or that you experience >warning you of a needed update to Adobe. > >For those that host their sites on theusgenweb.org, new passwords are being >set and you should receive yours in the next couple of days. > > >Sherri Bradley >National Coordinator >USGenWeb Project >Information about the USGenWeb Project at http://usgenweb.org >Advisory Board Agenda http://usgenweb.org/agenda2.php > > > > > >------------------------------- >To unsubscribe from the list, please send an email to with the word 'unsubscribe' without the quotes in the subject and the body of the message

This thread:

[USGENWEB-NW] Fw: USGenWeb Sites Clean by Colleen <>