Results 1 to 6 of 6
March 22nd, 2012, 11:49 AM #1Trojan Warning Exploit-ms04-028
superCool just looked at one of his own pages and received a virus warning for Exploit-ms04-028. This is apparently an old (2004) issue where a certain type of jpg file can do something to allow code to run on your machine.
The page was a product page with 4 datafeed images and 4 or 5 merchant banners plus the normal background and logo images for the site. When superCool returns to the page he does not get the warning again.
Google WMT doesn't say anything about malware. What do you think? Was superCool somehow hacked, is a bad image coming from the merchant or network, or was it a false alarm?
March 22nd, 2012, 12:14 PM #2
- Join Date
- April 6th, 2006
First things first - change your FTP & cPanel passwords now, to something completely different & secure.
I'm not suggesting your site has been hacked (will defer to others with more experience), but a couple of years ago, 2 sites under my watch kept getting hacked. Turns out the hacker would come in via ftp, run a script, then leave. Nearly impossible to detect..
Just wanted to share - if you think something might be amiss, first thing is to change hosting passwords (I could have saved myself months of stress). The sites didn't suffer in the SERPS long-term.
Hope all is ok!
March 22nd, 2012, 12:55 PM #3
Create an .htaccess file with the following contents and add to every single image directory. This prevents malicious programs from being run from within the image directory:
# This is used with Apache WebServers # # The following blocks direct HTTP requests to all filetypes in this directory recursively, except certain approved exceptions # It also prevents the ability of any scripts to run. No type of script, be it PHP, PERL or whatever, can normally be executed if ExecCGI is disabled. # Will also prevent people from seeing what is in the dir. and any sub-directories # # For this to work, you must include either 'All' or at least: 'Limit' and 'Indexes' parameters to the AllowOverride configuration in your apache/conf/httpd.conf file. # Additionally, if you want the added protection offered by the OPTIONS directive below, you'll need to add 'Options' to the AllowOverride list, if 'All' is not specified. # Example: #<Directory "/usr/local/apache/htdocs"> # AllowOverride Limit Options Indexes #</Directory> ############################### # deny *everything* <FilesMatch ".*"> Order Allow,Deny Deny from all </FilesMatch> # but now allow just *certain* necessary files: <FilesMatch ".*\.(jpe?g|JPE?G|gif|GIF|png|PNG|swf|SWF)$" > Order Allow,Deny Allow from all </FilesMatch> IndexIgnore */* ## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS): # OPTIONS -Indexes -ExecCGISalty kisses, Sandy toes, and a Pirate's heart...
March 22nd, 2012, 12:56 PM #4
From reading MS' report here.
Microsoft Security Bulletin MS04-028 : Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
It sounds like something on your own computer trigger the stack over flow warning.
At least it is the one I ran into Sunday on a customer's computer.
I'd check your system with some adware and malware systems.
Let me know if you would like the names of a couple of good scanners that are free.Where's the Great Life of Affiliate Marketing Hiding?
March 23rd, 2012, 10:23 AM #5
Thanks for the input everyone. superCool is researching and hasn't found anything out of the ordinary yet. Unfortunately the antivirus program that's catching this (McAfee VirusScan Enterprise and AntiSpyware Enterprise) does not specify which file caused the error, and it does not occur every time.
March 23rd, 2012, 01:24 PM #6
Try these 2, I highly recommend both and use them a lot.
They can co-exist with your current anti-virus program and don't counter it.
#1 is AdAware
#2 is Malwarebytes
both are available for free downloads at filehippo.
Watch the one if offers God's Chrome. #2 I believe.
Hope these find it for you.Where's the Great Life of Affiliate Marketing Hiding?
By John Powell in forum Midnight Cafe'Replies: 0Last Post: January 8th, 2009, 09:36 AM
By Amy_S in forum Midnight Cafe'Replies: 4Last Post: January 14th, 2008, 04:42 PM
By Dynamoo in forum Midnight Cafe'Replies: 17Last Post: January 4th, 2006, 01:38 AM
By Dynamoo in forum Midnight Cafe'Replies: 2Last Post: October 1st, 2003, 05:55 PM
By Dynamoo in forum Midnight Cafe'Replies: 0Last Post: March 11th, 2003, 12:42 AM