Join me @ IBOtoolbox for free.
Curtiss Martin
Member Since: 8/13/2012
  
performance / stats
Country: United States
Likes Received: 2744
Featured Member: 18 times
Associates: 12662
Wall Posts: 474
Comments Made: 26757
Press Releases: 360
Videos: 2
Phone: No Calls Please
Skype:    
profile visitor stats
TODAY: 86
THIS MONTH: 3959
TOTAL: 536473
are we ibo associates?
member advertising
active associates
Ray Burton    
Last logged on: 9/19/2017


Alexei Zoubov    
Last logged on: 9/19/2017


Evon Folkes    
Last logged on: 9/19/2017


Ezworksystem Opportunities    
Last logged on: 9/19/2017


Bill Brown    
Last logged on: 9/19/2017


Dave Young    
Last logged on: 9/19/2017


Douglas Spingola    
Last logged on: 9/19/2017


Imogene LewisBroderick    
Last logged on: 9/19/2017


Nathan Williams    
Last logged on: 9/19/2017


Michelle Dussault     
Last logged on: 9/19/2017


LUSEKELO HUDSON    
Last logged on: 9/19/2017


Brian Perryman    
Last logged on: 9/19/2017


Chuck Reynolds    
Last logged on: 9/19/2017


James Reilly    
Last logged on: 9/19/2017


Mori Webster    
Last logged on: 9/19/2017


other ibo platforms








Curtiss Martin   My Press Releases

Have You Checked Your Website Today?

Published on 11/11/2014
For additional information  Click Here

FavIcon
SevenOaksArtHave you checked your website today?
Part of my morning routine is to check on the stats for the Nove-Noga website using the Google Webmaster Tools. Over time, I have seen a few strange errors marked as well as the few where I made a mistake. Sometimes I have wondered if Google wasn’t just making stuff up just to see if I am paying attention.

Today I found a new one. The link was entirely foreign to me so I went probing deeper into the situation. Given the structure of the link and the apparent target URL, I knew that it wasn’t one of mine. Unfortunately, I marked it as fixed before I made a note of the link in question. Usually Google Webmaster Tools tells me where the link was found. That makes it a lot easier to find and fix. Today was different.

I opened the page at Nove-Noga and right clicked to see the source code. I couldn’t see any problems so I went to my FileZilla tool. Imagine my surprise when I saw that every HTML page except the Index.html had been changed on 11/9/2014.

*Note: For those who are paying attention, that was the day Before I actually started back to work.*

Going to one of the changed pages, I found that a line had been added to my page in the form of a new div element inserted into the body close tag. It was designed to be invisible. What it did was add an invisible list of links to the bottom of my web page. Effectively, this hack is providing numerous backlinks to the pages in question.

One cue to the problem was an extension to the bottom of my page. The new links were not visible but they take up space and added to the bottom of the page. I won’t give them further support by listing these sites here. Let’s just say that I recognized many as the same sort of sites that plop unauthorized posts on our Facebook pages.

The fix for this problem is relatively simple. All I needed to do was upload the latest copies of every page in my website.

While going through my files, I found one uploaded 11/3/2014 labeled ssfm.asp. Curious about it, I Googled “asp file” and then “ssfm asp file”. What I found was a little scary. It appears that this problem has occurred before.

I don’t want to get too technical. I am not an expert on anything except my own website. One of the reasons for creating Nove-Noga from the ground up was so that I would be able to spot and repair problems just like this. Today all of that hard work paid off.

Xref:
http://whatis.techtarget.com/fileformat/ASP-Active-Server-Page-an-HTML-file-containing-a-Microsoft-server-processed-script

According to the article above, ASP is the file extension for the “Active Server Page” file format. It is used by an HTML file containing a Microsoft server-processed script. To the best of my knowledge, I don’t have any reason to use any such scripts on the Nove-Noga site. Per the article above, “ASP is a feature of the Microsoft Internet Information Server (IIS)”

The information provided gave me a little bit of a guide to what I was looking at. To learn more, I Googled “ssfm asp file”. I found an article from 2006.

Xref:
http://www.stokia.com/news/iskorpitx-iis-ssfm-hack-info.htm

The article indicates that GoDaddy experienced a problem in 2005 and 2006. Guess who my service provider is. The details are different. Instead of the ASP file being placed in a subdirectory, it was placed in the website root directory. My subdirectory pages were not affected. Given the two activity dates, I don’t know if my pages were subjected to one hack or two. I communicated with GoDaddy as soon as their chat desk opened up to make them aware of the problem.

Their first advice was a prompt change of my ftp password. To set up your FileZilla FTP Quickconnect you will need to know the following.
Host = sitename.com
Username = FTP Users
Password
Port = 21 (Default for FTP is 21.)

To change an existing Quickconnect in your FileZilla FTP simply enter the information in the fields. Then Click [Quickconnect].

Recap:
So what does this all mean? While it is possible that someone got my password and made changes to my files, I have some good reasons to doubt it. I am concerned that this is the tip of an iceberg. The additions to my web pages were essentially just a bunch of links designed to increase backlinks to their sites. *Note: These are all gone now. Nove-Noga is Safe.*

The ssfm asp file is of more concern. I removed and quarantined it so that it can do me no harm but there is no way that I am going to inspect it. I don’t know whether it caused my subsequent problem or if it represents the first attack. There is one thing that I know. I will be keeping an even closer eye on my site in the future. Have you checked your website today? Vigilance is its own reward. Nove-Noga!

Nove-Noga.com/Learn.html
Nove-Noga.com
Nove-Noga.com
© 11/11/2014

Member Note: To comment on this PR, simply click reply on the owners main post below.
-  Copyright 2016 IBOsocial  -            Part of the IBOtoolbox family of sites.