{"id":389,"date":"2012-07-04T22:18:54","date_gmt":"2012-07-04T21:18:54","guid":{"rendered":"http:\/\/www.brucewiggins.co.uk\/?p=389"},"modified":"2012-07-05T08:49:29","modified_gmt":"2012-07-05T07:49:29","slug":"website-hacking-update","status":"publish","type":"post","link":"https:\/\/www.brucewiggins.co.uk\/?p=389","title":{"rendered":"Website Hacking Update"},"content":{"rendered":"<p>It&#8217;s taken some time, but as I&#8217;m getting a few hits on my website from people searching for information on the malware that was inserted onto my website, I thought I&#8217;d make what we&#8217;ve found out so far public.<\/p>\n<p>As mentioned already, the malware most obviously installed on the website was reported as\u00a0<a href=\"http:\/\/www.microsoft.com\/security\/portal\/Threat\/Encyclopedia\/Entry.aspx?name=Trojan%3aJS%2fBlacoleRef.BG&amp;threatid=2147657687\" target=\"_blank\">Trojan:JS\/BlacoleRef.BG<\/a>\u00a0and\u00a0<a href=\"http:\/\/www.microsoft.com\/security\/portal\/Threat\/Encyclopedia\/Entry.aspx?name=Exploit%3aJava%2fCVE-2012-0507.AV&amp;threatid=2147656667\" target=\"_blank\">Exploit:Java\/CVE-2012-0507.AV<\/a>. \u00a0After cleaning these javascript rogues off my site several times, they kept coming back (the excellent <a href=\"http:\/\/sitecheck.sucuri.net\/scanner\/\" target=\"_blank\">Securi Sitecheck Scanner<\/a> is an invaluable tool, here!). \u00a0The rogue scripts are added to legitimately running javascript files and are picked up straight away by Google Chrome (which I use) and Microsoft Security Essentials (which I use at home). \u00a0It was the fact I use Chrome which alerted me to the problem in the first place.<\/p>\n<p>So, how did the hackers get in? \u00a0It seems that the security breach was due to <a href=\"http:\/\/www.parallels.com\/products\/plesk\/\" target=\"_blank\">Parrallels Plesk Control Panel<\/a> which the web server my site is hosted on uses as it&#8217;s web based interface. \u00a0I finally tracked down this information from this excellent website, and it&#8217;s an interesting read:<\/p>\n<p><a href=\"http:\/\/blog.unmaskparasites.com\/2012\/06\/22\/runforestrun-and-pseudo-random-domains\/\" target=\"_blank\">Unmask Parasites Blog<\/a><\/p>\n<p>It seems that the Plesk vulnerability was compounded by the fact that the password list in plesk is stored in plain text!!!!!! \u00a0This meant that the hackers potentially had access to all the plesk passwords on the server (including ftp etc..) \u00a0So, unless all passwords on the server (which may well host multiple sites!) were reset, the hacker could get back in and read all the passwords again! \u00a0One interesting addition, is that we discovered extra scripts in the cgi-bin directory of websites on the server which seem to be similar to other distributed denial of service attack type scripts.<\/p>\n<p>Anyway, now Plesk is patched and upgraded and all the passwords on the server have been reset, normal service should resume!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It&#8217;s taken some time, but as I&#8217;m getting a few hits on my website from people searching for information on the malware that was inserted onto my website, I thought I&#8217;d make what we&#8217;ve found out so far public. As mentioned already, the malware most obviously installed on the website was reported as\u00a0Trojan:JS\/BlacoleRef.BG\u00a0and\u00a0Exploit:Java\/CVE-2012-0507.AV. \u00a0After cleaning &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.brucewiggins.co.uk\/?p=389\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Website Hacking Update&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[12],"tags":[],"class_list":["post-389","post","type-post","status-publish","format-standard","hentry","category-web-development"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p2iYFT-6h","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":378,"url":"https:\/\/www.brucewiggins.co.uk\/?p=378","url_meta":{"origin":389,"position":0},"title":"Website Compromised 20th &#8211; 22nd June, 2012","author":"Bruce Wiggins","date":"June 22nd,  2012","format":false,"excerpt":"I'm very sorry to report that my website was hacked and was delivering malware between 20th - 22nd June, 2012. \u00a0Google Chrome picked it up straight away, and my virus checker (MS Security Essentials) cleaned instantly, but if you have visited the site recently, it would be a good idea\u2026","rel":"","context":"In &quot;Web Development&quot;","block_context":{"text":"Web Development","link":"https:\/\/www.brucewiggins.co.uk\/?cat=12"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":514,"url":"https:\/\/www.brucewiggins.co.uk\/?p=514","url_meta":{"origin":389,"position":1},"title":"Visualisation Test","author":"Bruce Wiggins","date":"February 25th,  2014","format":false,"excerpt":"Below this should be a visualisation of 1st, 2nd and 3rd order Ambisonics (click the mouse to change order). \u00a0This is showing the velocity and energy vector analysis of a velocity vector optimised decoder, but you'll still notice the energy vector magnitude improving with rising order. White blob is the\u2026","rel":"","context":"With 3 comments","block_context":{"text":"With 3 comments","link":"https:\/\/www.brucewiggins.co.uk\/?p=514#comments"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":66,"url":"https:\/\/www.brucewiggins.co.uk\/?p=66","url_meta":{"origin":389,"position":2},"title":"Ambisonic Music Creation Grou.ps Site","author":"Bruce Wiggins","date":"July 14th,  2010","format":false,"excerpt":"This year I created a Ning networking site to support a 2nd year assignment in the module Computer Music Systems on our Music & Media Technology courses.\u00a0 The idea was to create a persistent site that was accessible by more than just one course\/module at the University of Derby, and\u2026","rel":"","context":"In &quot;Ambisonics&quot;","block_context":{"text":"Ambisonics","link":"https:\/\/www.brucewiggins.co.uk\/?cat=3"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1799,"url":"https:\/\/www.brucewiggins.co.uk\/?p=1799","url_meta":{"origin":389,"position":3},"title":"WHAM &#8211; Webcam Head-track AMbisonics","author":"Bruce Wiggins","date":"January 27th,  2022","format":false,"excerpt":"The restrictions imposed by the pandemic thwarted the continuation of \u2018in-person\u2019 listening tests into Ambisonic Order and transparency over head-tracked headphones in 2020\/21, which is an ongoing project using Very High Order Ambisonics (up to 35th) and hardware head-tracking. It raised the question, \u201cHow do we maintain our essential test\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.brucewiggins.co.uk\/wp-content\/uploads\/2022\/01\/image-3.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.brucewiggins.co.uk\/wp-content\/uploads\/2022\/01\/image-3.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/www.brucewiggins.co.uk\/wp-content\/uploads\/2022\/01\/image-3.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/www.brucewiggins.co.uk\/wp-content\/uploads\/2022\/01\/image-3.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":859,"url":"https:\/\/www.brucewiggins.co.uk\/?p=859","url_meta":{"origin":389,"position":4},"title":"Details on Facebook 360 Ambisonics Mapping from Angelo Farina","author":"Bruce Wiggins","date":"February 22nd,  2017","format":false,"excerpt":"EDIT: You can download a JS effect (for Reaper) that does the conversion from ambiX to TBE and another that goes from TBE to 2nd order, 2D, Furse-Malham format here (I've included my remapping JS effect too, so you can also go from Furse-Malham to TBE format by converting to\u2026","rel":"","context":"In &quot;Ambisonics&quot;","block_context":{"text":"Ambisonics","link":"https:\/\/www.brucewiggins.co.uk\/?cat=3"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.brucewiggins.co.uk\/wp-content\/uploads\/2017\/02\/TBE_Channel_4_ZR-217x300.png?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.brucewiggins.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/389","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.brucewiggins.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.brucewiggins.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.brucewiggins.co.uk\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.brucewiggins.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=389"}],"version-history":[{"count":4,"href":"https:\/\/www.brucewiggins.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/389\/revisions"}],"predecessor-version":[{"id":391,"href":"https:\/\/www.brucewiggins.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/389\/revisions\/391"}],"wp:attachment":[{"href":"https:\/\/www.brucewiggins.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.brucewiggins.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.brucewiggins.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}