Saschart: Web Design and Programming

Iframe Virus, Malware, src Virus - How to Remove ?

2009-07-05T10:07:00.000-07:00

Right in this moment is a new massive hacking attack on web sites. This attack targeted a lot of webhosting providers!

How to clean your web site and remove the Iframe Virus, Malware or src Virus injection?

The attacker will change in mass all your index files and your home files. The format of this viruses is almost like this:

Allmost attack is based on src out of your domain, so you must find which pages have isertion with src which is not on your domain. Other posibility is in javascript, but this is encoded script which is hard to find it, in this case you must check javascript content other then yours which was added on your web site files.

Follow this steps:
1. Immediately change your FTP password

2. Login on your FTP account and order your files by date, the changed files will be on the top of list. Here is the target when you must check first iframe or src out of your domain, remove it and upload again your clean files.

3. Securize your FTP account, allow only your ip or a class of ip to can login using the firewall. In the Unix based OS if you have iptables enabled is very easy to do this using commands:

iptables -A INPUT -p tcp --dport 21 -s 80.47.84.200 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -s 80.47.84.201 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -s 81.69.58.0/255 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j DROP

This command will allow only 80.47.84.200, 80.47.84.201 ip to login and all 81.69.58 class.

4. Make sure you have right the security features on your server to prevent server attack

5. Check your OS with antispyware or anti trojans, is a lot of viruses in Windows which stole your FTP password from Cute FTP, Total Commander etc. and send it on the Internet!

6. If Google allready find your virus or malware they will block your website, you must send to Google a request to recheck your web site here http://www.google.com/webmasters/tools

Clean Web Site script can help you to make fast checking and clean your site files !

This is a php based script malware remover using backup method. Clean Web Site script can help you to keep clean and safe your site files to prevent iframe insertion, src virus injection, malware, backdoor or other attacks which change your site files content.

HOW WORK ?

after you upload a fresh and clean site files you will make a backup files from Clean Web Site

Clean Web Site will check every 6 hours in cron job (you can set the interval from your cron job) if your site files is the same with the last backup made

if your site files was changed, remove or add other Clean Web Site will send you an email with status of your files changed as date of changing, old and new size

if this files was not changed by you after the last backup mean was changed by hacker, you must restore quickly your site files from the last clean backupWhat happen if you or you change files and don't make backup after changing ?

You will receive a message from Clean Web Site with status of your files changed and you will find your changing which is not made by hacker, so is not dangerous, you must make backup to have the last version of your site files.

Visit http://soft.saschart.com/ to take the Clean Web Site.

SaschArt Flash Loader

2009-07-01T01:57:00.000-07:00

SaschArt Flash Loader - free version 1.2

Flash Loader is simple but smart application for CD Multimedia Presentation in flash. With this application you can loading your swf file and use it like an application for all Windows Platforms. If you try to make windows projector from Flash you will can launch only other executables. My application can launch all kind of files and open it in the default application with easy commands. For example you can open from your swf file: doc, txt, pdf, exe, jpg, gif, avi, mp3 and more. Also you can set in SaschArt Flash Loader swf sizes and path from another folder, border style and fullscreen style.

Commands setting:

In the readme.txt file you can set border, fullscreen, sizes and relative path from your swf file. Make this settings in the follow order:

border:true set true or false if you want to have border or not for your swf

fullscreen:false set true or false if you want your swf to open it in fullscreen mode or not

sizes:550x400 set sizes for your swf file (if you set before fullscreen:true can erase this command to open your swf file with screen size)

/presentation.swf set relative path from your swf file

Also you can make commands into your swf file to launch all kind of files or other like this:

fscommand("open","readme.txt") to open any file

fscommand("minimize") to minimize your swf file

fscommand("quit") to close your swf file with application

Visit http://soft.saschart.com/ to takeyour Flash Loader.

SWF Obfuscator

2009-06-08T10:08:00.000-07:00

SWF Obfuscator - free version 1.0

This SWF Obfuscator can easy to encode your swf files to protect your work. This obfuscator rename variable and functions names which you insert on the field, also you can find the functions names from your swf files.

I use this in the script:

$fp=fopen($src,"rb") ;
$head=fread($fp,3) ;
if ($head<>"FWS" && $head<>"CWS") {
messageEcho("Uploaded file is not a valid SWF file");
return;
}
$head.=fread($fp,5);
$swfdata=fread($fp,filesize($src)-8);
fclose($fp);
if (substr($head,0,1)=="C")

$swfdata=gzuncompress($swfdata);

//change variables and functions name to obfuscate

$swfdata=strtr($swfdata,array($old_var=>$new_var,... ));

if (substr($head,0,1)=="C")
$swfdata=gzcompress($swfdata);
$swfdata=$head.$swfdata;

$fp=fopen($dest,"wb");
$result=fwrite($fp,$swfdata);
fclose($fp);

Visit http://soft.saschart.com/ to make safe your swf files.