Help!

vraiblonde

vraiblonde

Board Mommy
PREMO Member
Patron
I just got a notice that one of my client sites, hosted at iPowerweb (and not on our server, thank god) is infected with Framer Z.

Anyone familiar with this? And how do I remove it? My computer won't let me access the pages, either via web or get into it with ftp/FrontPage.

Any ideas? I tried googling it but there isn't much information.
 
GWguy

GWguy

*
:confused: Checked a few different virus sites, no references to Framer. Symantec is usually pretty good about server viruses, nothing there.
 
onebdzee

onebdzee

off the shelf
I have a call into my IT guy and all of his associates to see if they can come up with something
 
vraiblonde

vraiblonde

Board Mommy
PREMO Member
Patron
I deleted both infected files and replaced them with older versions. So it's just a matter of tweaking the pages so they're correct.

I sent a note to iPowerweb telling them they need to batten down their hatches and fix their security leaks. Buttheads.
 
onebdzee

onebdzee

off the shelf
vraiblonde said:
I deleted both infected files and replaced them with older versions. So it's just a matter of tweaking the pages so they're correct.

I sent a note to iPowerweb telling them they need to batten down their hatches and fix their security leaks. Buttheads.
Click to expand...

So....should I call off the forces?
 
vraiblonde

vraiblonde

Board Mommy
PREMO Member
Patron
onebdzee said:
So....should I call off the forces?
Click to expand...

Call them off on my behalf, but they should probably know about this anyway. iPowerweb obviously has a glaring security hole, but it's worth looking into for anyone who manages a server.
 
The_Twisted_Ear

The_Twisted_Ear

A proud Conservative!
vraiblonde said:
Call them off on my behalf, but they should probably know about this anyway. iPowerweb obviously has a glaring security hole, but it's worth looking into for anyone who manages a server.
Click to expand...

Actually, the problem was a Script issue - you probably have a Blog or something running that accepts input.

I had the Russians compromise my main website one time. The problem was traced to a "update" that wasn't installed at my ISP. They actually called me up to break the news to me (and their mistake) and reloaded my site. I keep accurate daily backups so I only had to upload those changed files since their backup.
 
You must log in or register to reply here.
Top