Well after living here for 18 years its time for a move, we have bought a new place and after a quick freshen up with a coat of paint it will be time to pack and move everything over. Well not everything, it is amazing the amount of stuff that you accumulate over the years and when we started packing we realised just how little of it we have actually used.

So packing has turned into sorting, ah well better to do it now than pack everything and sort later (yeah right) so we have cleaned out one room and now it is a holding room for the stuff to get rid of. I was going to get a skip for the building work that needs to done and yard clean up but will get one just a bit bigger to save the hassle

Why the move?

Well when we bought this place it was to get our step onto the housing market, we have done what we can but some things need to be redone and to do them properly the house needs to be empty so we had the choice move out temporarily have the work done and move back or upgrade. We took the upgrade path and of course happy wife means happy life.

We did look a buy a block and have a place built but that would have meant a 12 month wait minimum and land is getting very $$$$, the new place ticks pretty much all the boxes on what we are after and only took a month and worked out a cheaper option so away we go.

So what does it look like and where are the photo’s?

We keep getting asked that and I can only say they are coming, we do have some photos but I will be taking more when we get the keys for the before and after the paint job and will post them then.

more details to come…..

Well I knew it could happen one day but I have have been safe for so long I though it would never be this bad.

I received a report that a client had gone to their site and the browser had poped up a warning “The webpage you are about to open contains a virus” hmm not good.
So logged in via FTP and sure enough the home page and other index files had been updated and had an iframe inserted in the code, fortunately I hd copies of the infected files and uploaded them all good.

Investigation on the server revealed that the files had been updated via FTP so the password had been used, as multiple users had FTP access the quick and simple fix was to change the password to restrict access and up security on the rest of the site. Site repaired and changes made to the admin area of the site I thought I would check things and logged in. Bad Move on my part!

Browser locked up loading the page, WHAT!!! yep you guessed it the admin page had the same hack and I had missed it. I had not noticed but to compound the problem AVG had not started for some reason when the PC had booted up that morning so I did not get a warning. I shut down the browser but the damage was done the web page had silently contacted a site in China using a hidden iframe and downloaded the trojan. Little did I realise that the particular nasty was the same one that had caused the problem on the website. I wiped everything and loaded it from offsite backups, checked everything and all looked good and then fired up the MIA Antivirus and set it running.

Oh it found stuff and went about its business finding and quarantining infected files, whew got it or so I though.

Next day thought I would check things again just to make sure things were Ok on the site and what do you know they had the iframe hack again but only a few files, this is odd. Changed password again and re upload the files, checked back during the day and no further issues.

After that I went on to do some work on another site and uploaded some files, 20 minutes later the site goes off air. What do you know same problem, iframe hack but this time as the site is php the inserted code actually broke the page. Whats the chances of two sites for different clients on two different servers having the same problem, what could be the common point, yep ME!

A little time doing some research and I found out just what it does, apart from installing itself in various locations on your PC it infects the resident antivirus program and looks for any FTP program to use and any sites you access it edits every possible home page inserting a link back to its maker. As I manage quite  a few sites this is a major issue. AVG did not get everything so first delete it along with filezilla as it is now infected and install fresh copy of Avast (6 hours for a full scan) and ran that, ran malwarebytes (4 hours) to pick up any others and found another set of infected files. So went looking for another AV program and found some very good articles about Avira AntiVir including some about this particular trojan and the success at getting rid of all infected files.

After installing and running a full scan (9.5 hours) it found 93 infected files various viruses and trojans as well as a few others it matched through its heuristic scan so I can now report I am completely virus and trojan free

Just to be sure I set up a fresh copy of filezilla and set up an account on a test domain, logging on and uploading and downloading files for a couple of days.

As a precaution I had to change the passwords for every other account that the FTP program had in its list, although checks of all sites using another PC revealed that no other sites were compromised it was still better to be safe that sorry.

So be warned keep your AntiVirus measures up to date and make sure they are running!