TOTALLY eco OT - rescue our planet earth

homedg · Post by **homedg** » 27 June 09 4:54 pm

My sis' has finally;
after years of research

, navel gazing

and building up confidence

, gone online.

www.r-o-p-e. com.au (edited by ideology as this website appears to be infected with a trojan/virus - see discussion below)

This is NOT an ad.

I just want some feedback from those in the community who have skills on how she can get better hits online, improve the site etc.

I tried to help by Googling and submitting the URL but ended up with a whole heap of Spam coming my way instead

.

Any suggestions would be much appreciated.

BTW: They are cachers and if you have done a blitz in the Noosa area then you probably have a few of her notches on your belt.

Post by **caughtatwork** » 27 June 09 7:17 pm

That site triggered my virus detector for this:
JS:Redirector-H7 [Trj]

Enter at your own risk.

homedg · Post by **homedg** » 27 June 09 7:28 pm

caughtatwork wrote:That site triggered my virus detector for this:
JS:Redirector-H7 [Trj]

Enter at your own risk.

hey, C@W,
What does that mean?
It was developed by an external web designer Are they playing games?
Homedg (david)

Geof · Post by **Geof** » 27 June 09 9:28 pm

Code: Select all

<meta name="author" content="Muahammad Ali" />

Huuu

tronador · Post by **tronador** » 27 June 09 9:35 pm

When I googled r-o-p-e all i got was places that sold rope.

Post by **caughtatwork** » 27 June 09 9:40 pm

Look at the source code.
The line after this one:
head><script language=javascript><!--

That obfuscated javascript function is triggering a virus / trojan alert using Avast.
JS:Redirector-H7 [Trj]

I can't decode the obfuscation, but I would hazard a guess that it will redirect you to another site that will infect your machine.

Alternatively it's a false positive for valid code that appears to be a redirector. I can image no scenario that would require obfuscated javascript code like this so while it may be a false positive the fact that it's obfuscated is an indication of something not quite right.

Go back to the designer and ask if they put that in there. If the answer is yes, then it's OK, if the answer is NO then the site has been infected.

homedg · Post by **homedg** » 27 June 09 10:08 pm

caughtatwork wrote:Look at the source code.
The line after this one:
head><script language=javascript><!--

That obfuscated javascript function is triggering a virus / trojan alert using Avast.
JS:Redirector-H7 [Trj]

I can't decode the obfuscation, but I would hazard a guess that it will redirect you to another site that will infect your machine.

Alternatively it's a false positive for valid code that appears to be a redirector. I can image no scenario that would require obfuscated javascript code like this so while it may be a false positive the fact that it's obfuscated is an indication of something not quite right.

Go back to the designer and ask if they put that in there. If the answer is yes, then it's OK, if the answer is NO then the site has been infected.

i'm confused

but wanted to post an online THANX!
Will PM

ideology · Post by **ideology** » 27 June 09 10:12 pm

oh dear, for a number of reasons

1. it looks like a form of the gumblar exploit
http://blog.unmaskparasites.com/2009/05 ... ed-script/

2. the choice of a URL with hyphens make it difficult for people to search for it. the search engines either treat the "-" as a boolean operator or ignore it

3. your sister's website will have a poor search engine ranking because it includes almost no searchable text on the home page. if you look at the page and select "view page source" you'll see what google sees, which is at best just the names of your products. no description, no comment about how to use them and no user comments or regularly updated content. perhaps your sister deliberately specified having a sparse homepage, but even so, the web designer should have counselled her strongly to put something more descriptive there.

homedg · Post by **homedg** » 27 June 09 10:18 pm

Quite the opposite, she was guided by the designer and she was very happy with the online look.
Similarly I was really proud of what she had achieved, at least I was until I posted this.
Will talk to my sister and hopefully she can get s**t in order.

Thanks again for all the advice.
Dave (homedg)

Fuddley · Post by **Fuddley** » 27 June 09 10:20 pm

Does that mean that those of us that visited this site may have problems

ideology · Post by **ideology** » 27 June 09 10:44 pm

good point. according to cnet, yes, you could be infected:
http://news.cnet.com/8301-1009_3-10244529-83.html

we've edited the original post to remove the link to the website to reduce the number of potential infections

homedg · Post by **homedg** » 27 June 09 10:45 pm

Fuddley wrote:Does that mean that those of us that visited this site may have problems

Fair question fuddley.
i am trying to contact her now to turn off the site "however that works" just in case.
Sorry guys...........