This is a virus ? webair

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • SmokeyTheBear
    ►SouthOfHeaven
    • Jun 2004
    • 28609

    #1

    This is a virus ? webair

    i was uploading some stuff today for site and suddenly the ftp connection was closed and i couldnt login.

    Turns out the host ( webair ) has a security feature that scans uploaded files for a virus and if found it closes the connection and changes the ftp password for you. Kind of a neat feature i suppose , but i went to isolate the file it was finding and it was a variation of this

    Code:
    <?php
    $out = "http://yahoo.com";
    ?>
    
    <html>
    <head>
    <script>
    function xtb(){
    top.location.href="<?php echo $out; ?>";
    }
    </script>
    </head>
    <body>
    hello<br>
    
    <iframe id=xnsi onload="xtb();" src=http://google.com width=1 height=1></iframe>
    
    </body>
    </html>
    although the code could be used to initiate a virus , it isn't malicious or a virus on its own.


    interesting to note although they change your ftp password for you they dont delete the file that was found to be a virus.

    try it out if you want , save code and upload to webair , it will log you off and change your pass.

    curious , where does webair get its virii defs from
    hatisblack at yahoo.com
  • Jakez
    Confirmed User
    • Jan 2004
    • 5656

    #2
    Originally posted by SmokeyTheBear
    i was uploading some stuff today for site and suddenly the ftp connection was closed and i couldnt login.

    Turns out the host ( webair ) has a security feature that scans uploaded files for a virus and if found it closes the connection and changes the ftp password for you. Kind of a neat feature i suppose , but i went to isolate the file it was finding and it was a variation of this

    Code:
    <?php
    $out = "http://yahoo.com";
    ?>
    
    <html>
    <head>
    <script>
    function xtb(){
    top.location.href="<?php echo $out; ?>";
    }
    </script>
    </head>
    <body>
    hello<br>
    
    <iframe id=xnsi onload="xtb();" src=http://google.com width=1 height=1></iframe>
    
    </body>
    </html>
    although the code could be used to initiate a virus , it isn't malicious or a virus on its own.


    interesting to note although they change your ftp password for you they dont delete the file that was found to be a virus.

    try it out if you want , save code and upload to webair , it will log you off and change your pass.

    curious , where does webair get its virii defs from
    So it's redirecting to Yahoo and loading Google in a somewhat hidden iframe? I take it you just changed the URL's so you could post it?

    Anyhow, if a host deleted files suspected to contain malicious code they would quickly be in deep shit when peoples index files and other important pages come up missing, which is where most malicious code is planted.
    [email protected] - jakezdumb - 573689400

    Killuminati

    Comment

    • SmokeyTheBear
      ►SouthOfHeaven
      • Jun 2004
      • 28609

      #3
      Originally posted by Jakez
      So it's redirecting to Yahoo and loading Google in a somewhat hidden iframe? I take it you just changed the URL's so you could post it?.
      the real code was simply for converting a video, so the hidden frame loaded the video conversion and when complete it loaded the "conversion complete" page.
      hatisblack at yahoo.com

      Comment

      • SmokeyTheBear
        ►SouthOfHeaven
        • Jun 2004
        • 28609

        #4
        Originally posted by Jakez
        Anyhow, if a host deleted files suspected to contain malicious code they would quickly be in deep shit when peoples index files and other important pages come up missing, which is where most malicious code is planted.
        if file exists dont overwrite would do the same function

        ie delete file if its a new file , dont overwrite if its an existing file.
        hatisblack at yahoo.com

        Comment

        • BareBacked
          Confirmed User
          • Feb 2007
          • 3685

          #5
          nice of them to be pro active. I am sure if cuts down on customer service for the techs and sites being banned from google
          NEW SITE PAYING $30 for a $1 TRIAL

          Selfies

          Comment

          • SmokeyTheBear
            ►SouthOfHeaven
            • Jun 2004
            • 28609

            #6
            Originally posted by BareBacked
            nice of them to be pro active. I am sure if cuts down on customer service for the techs and sites being banned from google
            def a cool feature, but if it creates alot of false positives , maybe not
            hatisblack at yahoo.com

            Comment

            • WebairGerard
              Confirmed User
              • Sep 2005
              • 8113

              #7
              This is our Automatic FTP Virus Scanning Security Feature.

              It is something you can easily enable or disable via our Webair control panel in the ftp manager section. This scan only happens AT THE TIME OF FTP UPLOAD, it doesn't go in and scan existing files.

              In the event a virus is detected, the file is automatically cleaned, and the FTP password is reset and an email is sent to you with the details and the new password.

              The virus definitions come from multiple sources as well as internal. Smokey I will check to why that was blocked and get back to you regarding that.

              This security feature has helped GREATLY in protecting clients. As new threats emerge our signature database will evolve proactively. The FTP Security Feature is is available to all Webair hosting accounts and is FREE of charge.

              Comment

              Working...