| News Entry - 06/05/2010 |
| The SHIN website was hacked. The website was set up, using WordPress php code and was using a WordPress template. Someone found a way to bypass the WordPress security features and inserted malicious code that made it appear that when someone tried to go to the home page (http://www.sanadahiroyuki.com) they were being infected by viruses. They made a fake virus scan page that appeared to show a scan taking place and the result of the scan showed there were approximately a dozen or so viruses on a person's machine. Then they would have a link on the page that suggested that one should click it in order for the anti-virus software to clean off the viruses. If one actually clicked on the button or link they would see that an .exe (executable) file was to be downloaded. THAT file, possibly COULD be a REAL virus. |
| It was quite difficult to get off of this page. I finally figured out that if I was to click the browser windows X in the upper right hand corner of the page and then click the X in all popup messages that would appear and on and on, all the messages and windows would finally close. That was in Internet Explore 8. I the Mozilla Firefox browser, I ended up having to use the Task Manager to get the window to close. |
| After experiencing all of that, I actually did run an intense virus scan on my machine and there were NO VIRUSES. Again, I cannot stress enough, that the virus scan that people are seeing is NOT their virus scanning software in action. It is a FAKE page, made to make users think they have been infected and should download their .exe to clean out the viruses. I feel confident in saying that their .exe will probably do anything BUT remove a virus. :-O (With that said, if anyone DID click yes, to download and run that file, it is HIGHLY recommended that you should run your pc's anti-virus software!) |
| Now here are the ways that I have made it so that I can get to places that I want to go in the SHIN website. People were mainly complaining because they were encountering the fake virus scan in the Forum. I figured they were probably experiencing the same by trying to get to the WebGallery, as well. The first thing I did was disconnected the site from the php page that I feel like was the start of everyone's problem. The problem was the malicious code that was probably written into the WordPress php file. Not everyone realizes that when they were thinking they were going to http://www.sanadahiroyuki.com, they were actually going to http://www.sanadahiroyuki.com/index.php. I changed the name of that file to indexBAD.php and created a new page, so that now when people type in http://www.sanadahiroyuki.com, they are directed to http://www.sanadahiroyuki.com/index.html. HTML is a much safer code to work with right now. |
| But for people to really see the right stuff, they need to clear out the old cookies/files/browsing history from their browsers, otherwise they get slapped right back to the old .index.php file, which is in the browser's memory. I, personally, am a chronic cookie cleaner anytime I change pages or detect fishiness about pages. Once I had done this and then went to the new index.html page things looked fine - no fake virus scan page. Then I went to http://www.sanadahiroyuki.com/forum. I was no longer seeing the fake virus scan page and could actually access the forum to make some posts. One of our members, Reiko, has been going to all the various links and is having no problem because she is using a MAC. MACs are not as suseptible to these kinds of malicious attacks. Nasty little things are not put into their browser's histories. |
| When I went to http://www.sanadahiroyuki.com/WebGallery, I did encounter the fake virus page. There are a few things that people can try when they see it. They can click the BACK button on their browser and sometimes it will take you back to the page that you are really trying to get to. When we try to go to a page and we are about to be directed to that nasty page, we will notice a wheel turning in the middle of the webpage. If we click on the browser's STOP button, that can sometimes kill the bad page and return the user to the page they are trying to get to. I have learned several ways of getting where I want to go, but it's taken about 3 days to learn all these methods, but now I am hardly ever being directed to the bad page, because each time I finally manage to make it to the page that I want to go, I CLEAN OUT THE COOKIES. I've done it when I made it to the forum. I did it again when I finally made it to the WebGallery. |
| Now I want to give a quick tutorial for people that might not know just how to clean out the cookies/old files/browser history. This is how it is done for the Internet Explorer 8 browser. I am not writing tutorials for Mozilla Foxfire or any other version of I.E., but I am sure the principle is basically the same ... |
| 1) With the browser open, click on the Tools option. |
| 2) Click Internet Options |
| (See screenshot below and make note of the red arrows.) |
|
|
| 3) Make sure that you are on the General tab. |
| 4) In the browsing history section, click the checkbox that says "Delete browsing history on exit" |
| 5) Click the Delete ... button. |
| 6) Once it had completed deleting the files, etc., click the OK button at the bottom of the screen. |
| (See screenshot below and make note of the red arrows.) |
|
|
| Finally, it would not be a bad idea to exit out of the browser and then reopen it. |
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
| I sincerely hate that the site has taken a hit like this and also hate that I do not have more time to take even more measures to clear all this up. I do NOT believe that the forum or the webgallery were hacked in any way. People may not be able to get there because they still have stuff in their browser's memory that can only be removed by clearing the cache. I strongly believe that everything stemmed from code that was written into the main website's front page and it was carried around in the history, making it appear that something was wrong with the forum and gallery. I will not consider reloading the forum and gallery, because it would take weeks and it is very risky business to load so much content into another version of the code. |
| I want everyone to know that I am totally willing to talk to anyone that may still be having problems getting to the forum or gallery, so please DO email me with any questions or problems you may have. I can be reached at Jamhin4@aol.com I sincerely do want to get everyone to where I am now. I am not seeing ANY more of the fake virus pages, so let me help you, if I can! |
