homepage Welcome to WebmasterWorld Guest from 54.204.231.110
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Malware 301 Permanent Redirect
ZakAltF4




msg:4426889
 9:57 am on Mar 9, 2012 (gmt 0)

Hello all .. I have a client who contacted me and asked that I look into a site that is somehow infected with malware.

The problem: I am reasonably familiar with Apache, and how it deals with permanent 301's .. My issue in comprehending this, is that the headers 1) DO in fact read a 301, and 2) the htaccess file is CLEAN. One line .. (Yes I viewed line numbers, the file is only one line and is 29 bytes in size. No scrolling there...) What are other possible methods of achieving a 301? I am including what some malware detection sites print out, and including the full source code (it's a static 5 page site ... There is nothing to it really). Can a would be hacker have gotten into Apaches conf file? This site is hosted on a well known host (Think Danica Patrick), and access to the conf file from what I understand is supposed to be impossible. Ideas ideas ideas?

Here is what I have:

1) On certain pages the site redirects to what I am assuming is a Phishing site or something of the like.

2) unmaskparasites shows the following results:


General
Title:
URL: http://*********.com
Redirects: 301 -> http://********.ru/vis/index.php


3) Sucuri SiteCheck says the following:

Malware found in the URL:
http://*****.com/404javascript.js

Malware found in the URL:
http://*****.com/cust.php

Suspicious conditional redirect on:
http://*****.com



The .htaccess file:

ErrorDocument 404 missing.php


There IS NO /404javascript.js ...

cust.php:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Made to Perfection</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link rel="stylesheet" href="menu_style.css" type="text/css" media="screen" />
<link href="default.css" rel="stylesheet" type="text/css" />
<link rel="icon" href="/favicon.ico" type="image/x-icon">
</head>
<body>
<?
include("head.php");
?>

<h1>Customer Satisfaction</h1>
<p><strong>Satisfaction</strong> is our guarantee! We strive for the highest quality in service so that you, our client and rest assured that the job with be done right, and on time. We value you and appreciate your business! Let us help you with your cleaning needs and see the difference between us and other vendors ... We guarantee you won't be dissappointed!</p>
<h2>Professional and Courteous Staff</h2>
<p>One of our primary goals is to maintain a professional and courteous staff. We understand that managing a property can be stressful in itself, so we strive to be respectful, polite and friendly with our business partners, clients and affiliates. </p>
<h3>Questions and Comments</h3>
<p>We, at Made to Perfection, encourage questions and comments to help us better serve you and increase our overall customer satisfaction. Because, after all, without you, our clients, we couldn't be here serving the Spokane Area! Again, we appreciate you, and your business! </p>

<?
include("foot.php");
?>



Index.php:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Made to Perfection</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link rel="stylesheet" href="menu_style.css" type="text/css" media="screen" />
<link href="default.css" rel="stylesheet" type="text/css" />
<link rel="icon" href="/favicon.ico" type="image/x-icon">
</head>
<body>
<?
include("head.php");
?>
<h1>Welcome to the Made to Perfection!</h1>
<p><strong>Here at MTP</strong>, we are a local business here to <a>Serve You</a> and <a>Cater to Your Commercial Cleaning Needs</a>! We specialize in Residential/Apartment restoration and preparation for new tenancy. We do, however, have a extensive range of cleaning/preparation experience and proficiency. We are committed to the highest standards and <a>Quality Cleaning</a>. <em>If it can be done, we can do it!</em></p>
<h2>Quality Commercial Cleaning</h2>
<p>Our standards are of the highest caliber, as is the method of our service. You will receive the utmost attention to detail, while still retaining a friendly and courteous staff. We pride ourselves on our unique approach to the industry. Call us and let us explain how we can be of assistance to you today!</p>
<h3>Low overhead -- Low cost</h3>
<p>Here at Made to Perfection, we try very hard to ensure that costs are not passed down to our customers. In an effort to do this we are diligent at keeping our overhead to a minimum ensuring that our customers can still retain the expected quality, while retaining a satisfactory rate:</p>
<ol>
<li>All company assets are owned. Which means you are not paying for our monthly payments! </li>
<li>We use carpooling and other methods to ensure that travel expenses are kept to a minimum!</li>
<li>We use smart shopping for our products, and are able to pass that savings on to our customers and clients!</li>
</ol>
<p><br />
</p>
<?
include("foot.php");
?>


Head.php:


<div id="logo">
<h1>example.com
example@gmail.com</h1>
<center>
<div style="width:860px;">
<ul id="menu">

<?php
function curPageName() {
return substr($_SERVER["SCRIPT_NAME"],strrpos($_SERVER["SCRIPT_NAME"],"/")+1);
}

$page = curPageName();
?>
<li><a href="index.php" title="" <? if ($page == "index.php" or $page == ""){echo" class=\"current\"";}?>>Home</a></li>
<li><a href="service.php" title="" <? if ($page == "service.php"){echo" class=\"current\"";}?>>Services</a></li>
<li><a href="cust.php" title="" <? if ($page == "cust.php"){echo" class=\"current\"";}?>>Customer Satisfaction</a></li>
<li><a href="faq.php" title="" <? if ($page == "faq.php"){echo" class=\"current\"";}?>>FAQ's</a></li>
<li><a href="contact.php" title="" <? if ($page == "contact.php"){echo" class=\"current\"";}?>>Contact</a></li>
<li><a href="about.php" title="" <? if ($page == "about.php"){echo" class=\"current\"";}?>>About</a></li>
</ul>
</div></center>
</div>
<div id="page"><div class="inner_copy"><div class="inner_copy"></div></div>
<div id="left">
<h2>Navigation</h2>
<ul>
<li><a href="index.php">Home</li>
<li><a href="service.php">Cleaning Services</a></li>
<li><a href="cust.php">Customer Satisfaction</a></li>
<li><a href="faq.php">FAQ's</a></li>
<li><a href="contact.php">Contact</a></li>
<li><a href="about.php">About Us</a></li>


</ul>
<h2>Our Partners</h2>
<ul>
<li><a href="#">Rockwood Property Managment</a></li>
<li><a href="#">Greenstone Homes</a></li>
<li><a href="#">Cheney Realty</a></li>
<li><a href="#">NAI Black</a></li>
<li><a href="#">Campus Commons</a></li>
</ul>
</div>
<!-- end #left -->
<div id="center">



foot.php
</div>
<!-- end #center -->
<div id="right">
<h3>We support out local community by keeping business local:</h3>
<h2>Affilates</h2>
<ul>
<li><a href="#">Jarms Hardware </a></li>
<li><a href="#">Corona Village</a></li>
<li><a href="#">Cheney Realty</a></li>
<li><a href="#">Greenstone</a></li>
<li><a href="
http://maps.google.com/maps/place?hl=en&sugexp=crnk_spiketing&cp=21&gs_id=1s&xhr=t&biw=1366&bih=549&gs_upl=&bav=on.2,or.r_gc.r_pw.&um=1&ie=UTF-8&q=brewed+awakenings+spokane&fb=1&gl=us&hq=brewed+awakenings&hnear=0x549e185c30bbe7e5:0xddfcc9d60b84d9b1,Spokane,+WA&cid=129169088416751512" target="_blank">Brewed Awakenings</a></li>
<li><a href="#">Z's Auto</a></li>
</ul>
</div>
<!-- end #right -->
<div style="clear:both;">&nbsp;</div>
</div>
<!-- end #page -->
<div id="footer">
<div class="fleft"><p><a href="/admin" target="_blank">&copy; Made to Perfection 2012</a></p></div><div class="fright"><p>509-703-2984</p></div><div class="fcenter"><p>Design by <a href="http://example.com/">Likarich Solutions</a></p></div>
</div>
</body>
</html>



And missing.php

<html><head></head><body><H1>404 Page Not Found</H1></body></html>

[edited by: eelixduppy at 1:28 pm (utc) on Mar 9, 2012]
[edit reason] fixed formatting [/edit]

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved