Page 1 of 1

TOTALLY eco OT - rescue our planet earth

Posted: 27 June 09 4:54 pm
by homedg
My sis' has finally;
after years of research :lol: , navel gazing :oops: and building up confidence :wink: , gone online.

www.r-o-p-e. com.au (edited by ideology as this website appears to be infected with a trojan/virus - see discussion below)

This is NOT an ad.

I just want some feedback from those in the community who have skills on how she can get better hits online, improve the site etc.

I tried to help by Googling and submitting the URL but ended up with a whole heap of Spam coming my way instead :roll: .

Any suggestions would be much appreciated. :)

BTW: They are cachers and if you have done a blitz in the Noosa area then you probably have a few of her notches on your belt.

Posted: 27 June 09 7:17 pm
by caughtatwork
That site triggered my virus detector for this:
JS:Redirector-H7 [Trj]

Enter at your own risk.

Posted: 27 June 09 7:28 pm
by homedg
caughtatwork wrote:That site triggered my virus detector for this:
JS:Redirector-H7 [Trj]

Enter at your own risk.
hey, C@W,
What does that mean?
It was developed by an external web designer Are they playing games?
Homedg (david)

Posted: 27 June 09 9:28 pm
by Geof

Code: Select all

<meta name="author" content="Muahammad Ali" />
Huuu :?

Posted: 27 June 09 9:35 pm
by tronador
When I googled r-o-p-e all i got was places that sold rope. :D

Posted: 27 June 09 9:40 pm
by caughtatwork
Look at the source code.
The line after this one:
head><script language=javascript><!--

That obfuscated javascript function is triggering a virus / trojan alert using Avast.
JS:Redirector-H7 [Trj]

I can't decode the obfuscation, but I would hazard a guess that it will redirect you to another site that will infect your machine.

Alternatively it's a false positive for valid code that appears to be a redirector. I can image no scenario that would require obfuscated javascript code like this so while it may be a false positive the fact that it's obfuscated is an indication of something not quite right.

Go back to the designer and ask if they put that in there. If the answer is yes, then it's OK, if the answer is NO then the site has been infected.

Posted: 27 June 09 10:08 pm
by homedg
caughtatwork wrote:Look at the source code.
The line after this one:
head><script language=javascript><!--

That obfuscated javascript function is triggering a virus / trojan alert using Avast.
JS:Redirector-H7 [Trj]

I can't decode the obfuscation, but I would hazard a guess that it will redirect you to another site that will infect your machine.

Alternatively it's a false positive for valid code that appears to be a redirector. I can image no scenario that would require obfuscated javascript code like this so while it may be a false positive the fact that it's obfuscated is an indication of something not quite right.

Go back to the designer and ask if they put that in there. If the answer is yes, then it's OK, if the answer is NO then the site has been infected.
i'm confused :shock: but wanted to post an online THANX!
Will PM

Posted: 27 June 09 10:12 pm
by ideology
oh dear, for a number of reasons

1. it looks like a form of the gumblar exploit
http://blog.unmaskparasites.com/2009/05 ... ed-script/

2. the choice of a URL with hyphens make it difficult for people to search for it. the search engines either treat the "-" as a boolean operator or ignore it

3. your sister's website will have a poor search engine ranking because it includes almost no searchable text on the home page. if you look at the page and select "view page source" you'll see what google sees, which is at best just the names of your products. no description, no comment about how to use them and no user comments or regularly updated content. perhaps your sister deliberately specified having a sparse homepage, but even so, the web designer should have counselled her strongly to put something more descriptive there.

Posted: 27 June 09 10:18 pm
by homedg
Quite the opposite, she was guided by the designer and she was very happy with the online look.
Similarly I was really proud of what she had achieved, at least I was until I posted this.
Will talk to my sister and hopefully she can get s**t in order.

Thanks again for all the advice.
Dave (homedg)

Posted: 27 June 09 10:20 pm
by Fuddley
Does that mean that those of us that visited this site may have problems :?: :?:

Posted: 27 June 09 10:44 pm
by ideology
good point. according to cnet, yes, you could be infected:
http://news.cnet.com/8301-1009_3-10244529-83.html

we've edited the original post to remove the link to the website to reduce the number of potential infections

Posted: 27 June 09 10:45 pm
by homedg
Fuddley wrote:Does that mean that those of us that visited this site may have problems :?: :?:
Fair question fuddley.
i am trying to contact her now to turn off the site "however that works" just in case.
Sorry guys........... :oops: