Free Webpage Providers

[Feb 01, 2009]

FYI...

State of the "Art"...
- http://www.finjan.com/MCRCblog.aspx?EntryId=2155
Feb 01, 2009 - "As most of you probably know, in order to upload your web site to the internet you don’t have to sign a contract, supply your personal details or pay for the service - you can simply search for free web hosting. The search will result in lots of options that will offer you everything you need in order to publish your website online, sometimes with an advertisement added by the service provider. As most of these hosting services are free, many users signup for them. This makes it hard for the administrators to track the hosted websites’ content. Attackers are taking advantage of this opportunity and host their malicious code (mostly crimeware toolkits) on these web servers, without being detected by the web hosting company. Once the web hosting administrator finds out that one of his hosted accounts is being used for malicious activity, he usually deletes it and the attacker will be forced to move his “badness” to another (free) web hosting server... this so called “free hosting company” is probably operated by Cybercriminals who use the “free hosting service” as a coverup for their real and crooked business..."

(More detail at the URL above.)

    

A few weeks ago I thought I'd been hit with a virus, and I ran Malwarebyte's anti-malware program. It took care of what I thought the problem was.

In the mean time I've noticed a strange problem with several of the websites I have hosted at Freeservers. An extra string of javascript is added to the body of the sites. When I tried to remove it from a few of the sites the HTML was compromised severely. I tried searching for bits of the code through Google, and the Spybot S&D that I have installed on my computer indicated it was a malicious code, a URL spoofer. I searched for it on this forum, and didn't find anything recent...wonder if someone can help me?

<script type="text/javascript">eval(String.fromCharCode

After that comes a string of a lot of numbers in parentheses.

Sorry if this is in the wrong forum, wasn't exactly sure where to put it.

Hi there,

The best thing you can do about this is to alert the hosting company (freeservers?) to update their server software patches.

[freeservers.com]

FYI...

freeservers.com
- http://google.com/safebrowsing/diagnostic?site=freeservers.com/
"... Part of this site was listed for suspicious activity 7 time(s) over the past 90 days... Of the 201 pages we tested on the site over the past 90 days, 5 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-05-17, and the last time suspicious content was found on this site was on 2009-05-15... Malicious software includes 11 scripting exploit(s), 10 worm(s), 2 trojan(s). Successful infection resulted in an average of 5 new process(es) on the target machine. Malicious software is hosted on 4 domain(s), including 84.244.138.0/, hayboxiw.cn/, rifnasax.cn/. 3 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including 95.129.144.0/, thehugetitstop.cn/, tozxiqud.cn/. This site was hosted on 1 network(s) including AS13446 (NETZERO)... Over the past 90 days, freeservers.com appeared to function as an intermediary for the infection of 1 site(s) including orgmarket.net/..."

Hacked website? What to do:
- http://www.apwg.com/reports/APWG_WTD_HackedWebsite.pdf

 

Carol_C,
Chances are high that it's related to the on-going gumblar.cn crapware floating about (both via e-mail, and via hacked servers).

ALL of your files will need replaced with a backup, as the code is usually added to ALL files on the server, not just the .html/php etc files.

If you have a database on there, ensure you go through it with a fine tooth combe, to ensure there's nothing been added to it (this typically occurs when the site is vulnerable to SQL injection).

If you do NOT have a backup, I'd strongly recommend getting rid of the infected files, and re-creating the site from scratch, as this will be alot easier and alot quicker, especially for those without knowledge on the coding itself. From there, ensure you do FREQUENT backups of your sites codes, and ensure the backups are dated (a single backup is not good enough).

 

I appreciate your responses....

Unfortunately for me I have no backups of any of the sites. I build the HTML code myself (without WYSIWYG help) and I built them all directly on the Freeservers filemanager tool. Re-coding them will be very labor intensive for me...but as I said that's -my- problem.

I did contact Freeservers for help, but have not received any. I guess it's time to shop for a new web host. The problem is that even though they are called "Free"servers...I pay for my sites. This is why I'm going to push them to offer some help. I shell out several hundred dollars a year for many sites hosted there.

Thanks again for your responses

[including additional Software or third party software, to your computer while it is connected to the Internet through any means]

Well this says enough (taken from their Terms of Service) :

9. Warranty Disclaimer. YOU ACKNOWLEDGE THAT THE SERVICES AND THE SOFTWARE ARE PROVIDED "AS IS, AS AVAILABLE" WITHOUT ANY WARRANTY OF ANY KIND. UNITED ONLINE WEB SERVICES HEREBY DISCLAIMS ANY WARRANTY OR CONDITION WITH RESPECT TO THE QUALITY, PERFORMANCE OR FUNCTIONALITY OF THE SERVICES AND SOFTWARE, OR WITH RESPECT TO THE QUALITY OR ACCURACY OF ANY INFORMATION OBTAINED FROM OR AVAILABLE THROUGH USE OF THE SERVICES AND SOFTWARE, OR THAT THE SERVICES AND SOFTWARE WILL BE UNINTERRUPTED, ERROR-FREE OR FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS. THE SERVICES AND SOFTWARE MAY CONTAIN ERRORS. NO ADVICE OR INFORMATION GIVEN BY UNITED ONLINE WEB SERVICES OR UNITED ONLINE WEB SERVICE’S REPRESENTATIVES INCLUDING, WITHOUT LIMITATION, CUSTOMER SUPPORT REPRESENTATIVES, SHALL CREATE A WARRANTY. UNITED ONLINE WEB SERVICES DISCLAIMS ALL WARRANTIES ..... (goes on)

Outrageous

And there's more (not related to your sites), like :

United Online Web Services may from time to time download and install software, including additional Software or third party software, to your computer while it is connected to the Internet through any means. United Online Web Services retains the right to limit, restrict or require the use of certain software or service in connection with the Services.

erm... no comment 

I knew there was danger in singing up for any of these kinds of services. I guess the thing that irritates me the most is that most of the sites I have there have been active since 2001, and I've never had a problem with the service in all that time.

My requests for help have been met with "we're working on it" responses...but clearly they aren't.

I hope you get the help you deserve Carol, if you are already a costumer   :(since 2001...  they can't deny that     

Thanks for the support.

If I get no response to emails, I will call them directly...after I add up how much I pay them each year.

HI GUYS.
I have a account in 100webspace and run e107 in server.
now , how can remove ad from top site.
in other topics , in find this code:
<noscript><body></noscript>
that must add in theme.php but , where?
if you have a different hit plz share with me.

thanks.
http://molana.100webspace.net ;;;;; my site

[here]

...remove ad from top site.

Nope - check their EULA.

"Money for nothin' and your chicks for free" is only a song by Dire Straits*, and will probably remain so for your lifetime.

* http://en.wikipedia.org/wiki/Brothers_in_Arms_(Dire_Straits_album)#Side_1

.