Economists Do It With Models

Warning: “graphic” content…

Bookmark and Share
An Apology For The Interruption, And A Public Service Announcement…

May 12th, 2010 · 5 Comments
Administrative

First off, apologies to those who came to my site to find it down earlier today. Second off, bigger apologies to those who came to my site in the last few hours before it was down and had it try to give you a virus. I mean, I’m a prankster sometimes, but even I wouldn’t go that far. =P

Regardless of whether you experienced any of this, you should keep reading because this problem is affecting a lot of web sites and computers. Apparently what happened is a version of what is written about here.

Here’s the holasionweb symptoms:

1. Infected sites get redirected to a fake AV (scareware).
2. Some home pages are not showing the virus, but when clicking on a post or page, you will see the redirect [see the link for pictures].
3. Redirects to a blank page at www.1.realsafe-23.net
4. Source code reveals [something having to do with holasionweb.com] in the the header section of the infected pages.

Public Service Announcement: When your computer tells you to click OK to start any sort of “cleaning” process because it’s supposedly discovered something that shouldn’t be on your machine, be VERY careful to confirm that it’s not a program within your web browser trying to get you to accept a virus. (There are certain mean things that the program can’t do without permission from you, so it’s trying to trick you into giving it permission.) You can close the alert window by clicking the X in the corner rather than clicking the “OK” button that the program wants you to and then closing the browser window. Alternatively, you could hit Control-Alt-Delete and force the browser to close. Hell, even holding down the power button until the damn computer shuts itself off would be a better option than clicking OK. (If you choose one of these last two options, be wary when the browser asks you if you would like it to restore the tabs from the last session, since that could likely just get you back where you started.) Then you can scan the computer for viruses- just make sure that your virus software is updated to catch these new guys.

If you run a web site…well, my condolences. This issue seems to have started with sites hosted on GoDaddy servers and has since spread from there. The first thing I would do is look at the FTP directory of your site and see if there are any files that have been mysteriously updated recently. (For me it was the .htaccess file and all of the php files) If the .htaccess file has been modified, try to compare it to a backup version that you have to see what has been changed. If you have a backup of the whole site, I would just replace the infected files with the backup. If you don’t, you need to find the script that is causing all of this and remove it from ALL of the files that have it. The script will either have the URL http://holasionweb.com/oo.php in it or will be some long and obviously not supposed to be there encoded thing. You can go through each file individually to do this, you can write some Perl code to scrub the files, or you can download a free program called TextCrawler that can find and replace across documents.

Lastly, don’t believe your hosting company when they tell you this is your fault because you don’t have the most updated version of whatever package you’re using- it’s happening to plenty of people with updated software and thus needs to be addressed at the provider level. To be on the safe side, I would change your FTP and database passwords and Google your site to make sure that it’s not flagged as evil. (This will happen if the malicious code sits there for too long, and you will need to contact Google to have the warning taken off if it’s there.)

Now you know what I’ve been up to all day…and all it took to fix the problem was 2 degrees in Computer Science. =P

Tags: Administrative

5 responses so far ↓

  • 1 Dan L // May 12, 2010 at 9:14 pm

    I’m sure this is a really dumb question, but how does a website get infected by a virus?

  • 2 Howard // May 12, 2010 at 9:52 pm

    Jodi,

    Is there any economics lesson in this debacle that you could impart to us? Why do people do these things?

    Best, Howard

  • 3 econgirl // May 12, 2010 at 10:19 pm

    @ Dan: I am pretty sure that I am going to butcher this explanation, but here goes. There seems to be something about the way PHP scripts are run (these scripts being what give web sites more flexibility than static HTML code) such that if a hacker gets into one account on a web hosting server it can mess around with files on the whole server. I woke up this morning to every one of my site’s .php files showing on the FTP server as having been modified a few hours earlier. I clearly didn’t do that (unless I was sleeptyping), so I started poking around. Basically, the virus inserted a bunch of text at the beginning of the 300 or so .php files that, when decoded as happens when the file is called and run, runs a piece of JavaScript that redirects the user to another site and tries to give the user a virus. I guess if you want to be semantically precise, you could say that my web hosting server got a virus.

    That was probably way more than you wanted to know.

    @ Howard: Usually to prove that they can. Might not be a terrible strategy for one of my web hosting company’s competitors. =P

  • 4 Rob // May 13, 2010 at 12:09 pm

    That’s a pretty sloppy mistake on the server company’s side. Normally if one account gets hacked you can’t actually access the files from other people’s accounts. Maybe you should switch hosting companies!

  • 5 Braden // May 22, 2010 at 10:26 am

    You are awesome.

    I’m curious–have you found economics or computer science more comfortable as a woman?

Leave a Comment