TOTALLY eco OT - rescue our planet earth

For all your general chit chat, caching or not.
Post Reply
User avatar
homedg
1550 or more caches found
1550 or more caches found
Posts: 798
Joined: 24 February 06 3:15 pm
Location: South West Sydney

TOTALLY eco OT - rescue our planet earth

Post by homedg » 27 June 09 4:54 pm

My sis' has finally;
after years of research :lol: , navel gazing :oops: and building up confidence :wink: , gone online.

www.r-o-p-e. com.au (edited by ideology as this website appears to be infected with a trojan/virus - see discussion below)

This is NOT an ad.

I just want some feedback from those in the community who have skills on how she can get better hits online, improve the site etc.

I tried to help by Googling and submitting the URL but ended up with a whole heap of Spam coming my way instead :roll: .

Any suggestions would be much appreciated. :)

BTW: They are cachers and if you have done a blitz in the Noosa area then you probably have a few of her notches on your belt.

User avatar
caughtatwork
Posts: 16090
Joined: 17 May 04 12:11 pm
Location: Melbourne
Contact:

Post by caughtatwork » 27 June 09 7:17 pm

That site triggered my virus detector for this:
JS:Redirector-H7 [Trj]

Enter at your own risk.

User avatar
homedg
1550 or more caches found
1550 or more caches found
Posts: 798
Joined: 24 February 06 3:15 pm
Location: South West Sydney

Post by homedg » 27 June 09 7:28 pm

caughtatwork wrote:That site triggered my virus detector for this:
JS:Redirector-H7 [Trj]

Enter at your own risk.
hey, C@W,
What does that mean?
It was developed by an external web designer Are they playing games?
Homedg (david)

Geof
450 or more roots tripped over
450 or more roots tripped over
Posts: 1232
Joined: 10 August 04 12:26 pm
Location: Yarra Ranges

Post by Geof » 27 June 09 9:28 pm

Code: Select all

<meta name="author" content="Muahammad Ali" />
Huuu :?

User avatar
tronador
4500 or more caches found
4500 or more caches found
Posts: 1542
Joined: 04 November 05 10:18 pm
Location: Lidcombe,Sydney, NSW

Post by tronador » 27 June 09 9:35 pm

When I googled r-o-p-e all i got was places that sold rope. :D

User avatar
caughtatwork
Posts: 16090
Joined: 17 May 04 12:11 pm
Location: Melbourne
Contact:

Post by caughtatwork » 27 June 09 9:40 pm

Look at the source code.
The line after this one:
head><script language=javascript><!--

That obfuscated javascript function is triggering a virus / trojan alert using Avast.
JS:Redirector-H7 [Trj]

I can't decode the obfuscation, but I would hazard a guess that it will redirect you to another site that will infect your machine.

Alternatively it's a false positive for valid code that appears to be a redirector. I can image no scenario that would require obfuscated javascript code like this so while it may be a false positive the fact that it's obfuscated is an indication of something not quite right.

Go back to the designer and ask if they put that in there. If the answer is yes, then it's OK, if the answer is NO then the site has been infected.

User avatar
homedg
1550 or more caches found
1550 or more caches found
Posts: 798
Joined: 24 February 06 3:15 pm
Location: South West Sydney

Post by homedg » 27 June 09 10:08 pm

caughtatwork wrote:Look at the source code.
The line after this one:
head><script language=javascript><!--

That obfuscated javascript function is triggering a virus / trojan alert using Avast.
JS:Redirector-H7 [Trj]

I can't decode the obfuscation, but I would hazard a guess that it will redirect you to another site that will infect your machine.

Alternatively it's a false positive for valid code that appears to be a redirector. I can image no scenario that would require obfuscated javascript code like this so while it may be a false positive the fact that it's obfuscated is an indication of something not quite right.

Go back to the designer and ask if they put that in there. If the answer is yes, then it's OK, if the answer is NO then the site has been infected.
i'm confused :shock: but wanted to post an online THANX!
Will PM

User avatar
ideology
Posts: 2763
Joined: 28 March 03 4:01 pm
Location: Sydney
Contact:

Post by ideology » 27 June 09 10:12 pm

oh dear, for a number of reasons

1. it looks like a form of the gumblar exploit
http://blog.unmaskparasites.com/2009/05 ... ed-script/

2. the choice of a URL with hyphens make it difficult for people to search for it. the search engines either treat the "-" as a boolean operator or ignore it

3. your sister's website will have a poor search engine ranking because it includes almost no searchable text on the home page. if you look at the page and select "view page source" you'll see what google sees, which is at best just the names of your products. no description, no comment about how to use them and no user comments or regularly updated content. perhaps your sister deliberately specified having a sparse homepage, but even so, the web designer should have counselled her strongly to put something more descriptive there.

User avatar
homedg
1550 or more caches found
1550 or more caches found
Posts: 798
Joined: 24 February 06 3:15 pm
Location: South West Sydney

Post by homedg » 27 June 09 10:18 pm

Quite the opposite, she was guided by the designer and she was very happy with the online look.
Similarly I was really proud of what she had achieved, at least I was until I posted this.
Will talk to my sister and hopefully she can get s**t in order.

Thanks again for all the advice.
Dave (homedg)

User avatar
Fuddley
1950 or more caches found
1950 or more caches found
Posts: 360
Joined: 17 February 08 6:22 am
Location: Hastings NZ GPSr: Garmin Oregon 300 GPSr: Tom Tom XL one GPSr: Garmin Etrex Vista
Contact:

Post by Fuddley » 27 June 09 10:20 pm

Does that mean that those of us that visited this site may have problems :?: :?:

User avatar
ideology
Posts: 2763
Joined: 28 March 03 4:01 pm
Location: Sydney
Contact:

Post by ideology » 27 June 09 10:44 pm

good point. according to cnet, yes, you could be infected:
http://news.cnet.com/8301-1009_3-10244529-83.html

we've edited the original post to remove the link to the website to reduce the number of potential infections

User avatar
homedg
1550 or more caches found
1550 or more caches found
Posts: 798
Joined: 24 February 06 3:15 pm
Location: South West Sydney

Post by homedg » 27 June 09 10:45 pm

Fuddley wrote:Does that mean that those of us that visited this site may have problems :?: :?:
Fair question fuddley.
i am trying to contact her now to turn off the site "however that works" just in case.
Sorry guys........... :oops:

Post Reply