Malware Warning on the website

Troubleshooting
Post Reply
VK RAMAN
Posts: 5009
Joined: 03 Feb 2010, 00:29

Malware Warning on the website

Post by VK RAMAN »

I am getting following message when I use Google chrome to reach rasikas.org:

The Website Ahead Contains Malware!
Google Chrome has blocked access to http://www.rasikas.org for now.
Even if you have visited this website safely in the past, visiting it now is very likely to infect your computer with malware.
Malware is malicious software that causes things like identity theft, financial loss, and permanent file deletion.

Anybody else has this occurring.

vasanthakokilam
Posts: 10956
Joined: 03 Feb 2010, 00:01

Re: Google Chrome Vs Rasikas.org

Post by vasanthakokilam »

Yes, several people have reported this. It happens with both Chrome and Firefox. Srkris has been notified.

srkris
Site Admin
Posts: 3497
Joined: 02 Feb 2010, 03:34

Re: Google Chrome Vs Rasikas.org

Post by srkris »

The issue is now fixed (the warning was correct and there was malware on the site) and google has been alerted to review the message, but the warning message itself will continue for the next few hours until google reviews the site.

VK RAMAN
Posts: 5009
Joined: 03 Feb 2010, 00:29

Re: Malware Warning on the website

Post by VK RAMAN »

Thank you Ramakrishnan for your prompt action and fixing the problem. I believe many of our members cut and paste Urls for websites without verifying the genuineness of the website. A guidance to the rasikas what to look for in a website before giving the urls will help the rasikas and protect our forum safety.

Pasupathy
Posts: 7868
Joined: 26 Jan 2013, 19:01

Re: Malware Warning on the website

Post by Pasupathy »

Thanks, srkris, for quick action.

arasi
Posts: 16774
Joined: 22 Jun 2006, 09:30

Re: Malware Warning on the website

Post by arasi »

Prompt action indeed, srkris! Thanks.
After losing what I typed last night, I will retype again, and try to catch up with Cleveland!

VK RAMAN
Posts: 5009
Joined: 03 Feb 2010, 00:29

Re: Malware Warning on the website

Post by VK RAMAN »

Yes, No more warning from Google Chrome. Our Website works in Google Chrome also. Thanks Ramakrishnan.

Nick H
Posts: 9379
Joined: 03 Feb 2010, 02:03

Re: Malware Warning on the website

Post by Nick H »

I never got a warning... I'm feeling left out!
I believe many of our members cut and paste Urls for websites without verifying the genuineness of the website. A guidance to the rasikas what to look for in a website before giving the urls will help the rasikas and protect our forum safety.
Perhaps because I use a bookmark to access the site and the URL is always the same?

Even though I am an ex IT professional, the world of viruses, malware, etc, has grown enormously since my retirement from active duty, and I am but a child in the face of it.

rajeshnat
Posts: 9906
Joined: 03 Feb 2010, 08:04

Re: Malware Warning on the website

Post by rajeshnat »

NickH
In chrome and firefox it came and in IE it did not come(for one day I liked IE) . This issue was in laptops
On the mobile side , I did not have this problem of malware in my android mobile. Perhaps you were either browsing for the whole day in either a mobile or tablet - that is why you did not get it

Srkris
I will send a personal mail , possibly we should do few things . There are few out there for sure who donot like this site , we should have more security precautions.
Last edited by rajeshnat on 24 Apr 2014, 16:34, edited 1 time in total.

Nick H
Posts: 9379
Joined: 03 Feb 2010, 02:03

Re: Malware Warning on the website

Post by Nick H »

I never browse on the phone, except for vital info like train times, when away, and I don't [yet] have a tablet.

I use Firefox, and Linux. That might make the difference

vasanthakokilam
Posts: 10956
Joined: 03 Feb 2010, 00:01

Re: Malware Warning on the website

Post by vasanthakokilam »

Just so everyone is on the same page. This is the sequence of events.

1) Somehow malware of sorts gets into the server
2) Google, in their regular scan of the internet, detects this and adds the site to this 'malware infected site' list.
3) It is upto the browsers to check this list maintained by Google. Firefox and Chrome do it and not IE. I do not know about safari or opera. May be they do not.

Srkris, since there was a real malware problem, can you characterize what it is so members can assess if they need to do anything in case they got onto the site before the malware was removed?

eesha
Posts: 366
Joined: 30 Apr 2009, 23:15

Re: Malware Warning on the website

Post by eesha »

VK RAMAN wrote:Thank you Ramakrishnan for your prompt action and fixing the problem. I believe many of our members cut and paste Urls for websites without verifying the genuineness of the website. A guidance to the rasikas what to look for in a website before giving the urls will help the rasikas and protect our forum safety.
When a member cuts and pastes a URL of a website that has malware and posts a message and when other members click on that URL, the PC / laptop of those members can get affected. This will NOT affect rasikas.org server

This malware has affected due to vulnerability in FTP service that runs on the server. The malware is injected into the server using this security vulnerability to hijack htm and php files to hijack the pages to a different destination.

We faced this issue with sangeethapriya server many years ago. I manually removed the malware code from all the infected htm, php files and then uninstalled FTP service

And that ended the problem

I find that rasika.org server accepts FTP connections. srkris should first disable, ideally uninstall this service. SFTP is nowadays preferred over FTP

srkris
Site Admin
Posts: 3497
Joined: 02 Feb 2010, 03:34

Re: Malware Warning on the website

Post by srkris »

There was an index.php file present on the server (not placed by me) that seemed to redirect the users to another website (which supposedly had some malware). Since google regularly scans the site, it found this and placed a warning. I got an email from google which described this, so I located the file and deleted it.

Since we have faced such issues in the past as well, I will find out if we can enable Secure Sockets Layer (SSL) -- the only disadvantage of that would be its effect on performance i.e. the site would load slower.

Eesha thanks for that suggestion, I will look into it right away.

eesha
Posts: 366
Joined: 30 Apr 2009, 23:15

Re: Malware Warning on the website

Post by eesha »

srkris: enabling SSL will not help and is not required

the vulnerability is thru FTP service, as mentioned earlier

disabling FTP will solve

also disable telnetd if that is running

eesha
Posts: 366
Joined: 30 Apr 2009, 23:15

Re: Malware Warning on the website

Post by eesha »

And another thing:

- change your root password mmdtly
- do not save your root password in your SFTP client software (I am saying SFTP because, I assume you will disable FTP and start using SFTP, if not done already)

srkris
Site Admin
Posts: 3497
Joined: 02 Feb 2010, 03:34

Re: Malware Warning on the website

Post by srkris »

Done. Thanks Eesha again for the suggestions.

vasanthakokilam
Posts: 10956
Joined: 03 Feb 2010, 00:01

Re: Malware Warning on the website

Post by vasanthakokilam »

I feel better already. Thanks eesha and srkris

eesha
Posts: 366
Joined: 30 Apr 2009, 23:15

Re: Malware Warning on the website

Post by eesha »

srkris wrote:Done. Thanks Eesha again for the suggestions.
I find that FTP process is still running. Please stop it and remove it from start up process list

srkris
Site Admin
Posts: 3497
Joined: 02 Feb 2010, 03:34

Re: Malware Warning on the website

Post by srkris »

Hi Eesha, apologies for the delayed reply. I have checked this with the host and they say we still get the login prompt but it wont allow login. I have tested this and find that its correct.

Post Reply