Website Hacking Update

It’s taken some time, but as I’m getting a few hits on my website from people searching for information on the malware that was inserted onto my website, I thought I’d make what we’ve found out so far public.

As mentioned already, the malware most obviously installed on the website was reported as Trojan:JS/BlacoleRef.BG and Exploit:Java/CVE-2012-0507.AV.  After cleaning these javascript rogues off my site several times, they kept coming back (the excellent Securi Sitecheck Scanner is an invaluable tool, here!).  The rogue scripts are added to legitimately running javascript files and are picked up straight away by Google Chrome (which I use) and Microsoft Security Essentials (which I use at home).  It was the fact I use Chrome which alerted me to the problem in the first place.

So, how did the hackers get in?  It seems that the security breach was due to Parrallels Plesk Control Panel which the web server my site is hosted on uses as it’s web based interface.  I finally tracked down this information from this excellent website, and it’s an interesting read:

Unmask Parasites Blog

It seems that the Plesk vulnerability was compounded by the fact that the password list in plesk is stored in plain text!!!!!!  This meant that the hackers potentially had access to all the plesk passwords on the server (including ftp etc..)  So, unless all passwords on the server (which may well host multiple sites!) were reset, the hacker could get back in and read all the passwords again!  One interesting addition, is that we discovered extra scripts in the cgi-bin directory of websites on the server which seem to be similar to other distributed denial of service attack type scripts.

Anyway, now Plesk is patched and upgraded and all the passwords on the server have been reset, normal service should resume!

Website Compromised 20th – 22nd June, 2012

I’m very sorry to report that my website was hacked and was delivering malware between 20th – 22nd June, 2012.  Google Chrome picked it up straight away, and my virus checker (MS Security Essentials) cleaned instantly, but if you have visited the site recently, it would be a good idea to clear your browser cache and run a full virus scan.  The two exploits are reported as being:

Trojan:JS/BlacoleRef.BG
Exploit:Java/CVE-2012-0507.AV

Looking at more details of the CVE exploit, it seems that it could have been targeting Macs, but I can’t be sure.  For example, see this link, while the BlacoleRef is targetted at Windows (see this link for a different variant of the same trojan).

If your OS patches and anti-virus are up to date, then there shouldn’t be a problem, but please check to be sure.

After discussing the issue with my web host, we think we have identified how the exploit happened, and fixed the issue (my first attempt at cleaning the virus worked, but the site got reinfected soon after….it’s all clean now).   The free Securi Sitecheck website scanning tool was invaluable in this task, and for this free service, I thank you!

Sorry about this if it’s caused you any issues….normal service should now resume!

HTML5 Audio Tag and Surround Sound

I’m going to add quite a bit of content to this site soon, and have been looking into ways of embedding surround sound audio. The HTML5 Audio tag looks ideal for this and, it seems, some browsers will support 5.1 surround files….hooray. However, they all seem to support different format surround files……booo! Anyway, as a test, try the embedded players below.

Initial findings:

  • Chrome on PC – seems to successfully downmix to stereo and play multi-channel OGG, AAC and WAVE versions
  • Chrome on MAC – same as above EXCEPT, it doesn’t downmix to stereo, it only reproduces front channels (including Centre)
  • Firefox on PC – recognises ogg….refuses to play anything. Nothing else recognised (shame on you, firefox)
  • Firefox on Mac – plays ogg correctly in multi-channel, but over stereo reproduces front left out the left speaker and Centre front out of the right speaker! Doesn’t recognise any other formats.
  • Internet Explorer 9 on PC – correctly plays and downmixes AAC and WAVE versions (from what I can tell)
  • Internet Explorer 8 on PC – doesn’t recognise anything
  • Safari on Mac – Doesn’t play OGG, plays the rest. Downmixes to stereo including all channels, but downmixes AAC and WAVE by just routing surround Left and Right to the left and right front speakers, but seems to do a more complex downmix of AC3 to the front left and right (includes phase shifts by the sounds of it!)

This is a simple 5.1 test file with Microsoft Anna reporting speakers to you….

Ogg Vorbis :
AAC :
AC3 :
WAVE :

Tweet Counters

As part of this blog (which is based on the absolutely fantastic WordPress platform) I’ve been playing with some of the various tweet counters to track how many (if any!) retweets my posts get.  This seemed to be working fine.  However, on my last post, Backtype missed the fact that I tweeted (using the backtype tweet count button on the post) this post.  So, I tried again….still nothing.  I looked at two other tweet counters (Tweetmeme and Topsy) and compared the results….. (click continue reading to….continue reading!)

Continue reading “Tweet Counters”

%d bloggers like this: