Hackers

K

Ken

Using FP2000, an intruder recently access my website and placed an
"animate.js" in the page title. According to my ISP, someone must have used
my user name and pass word, because they have all Microsoft's latest
security installed.

Any thoughts along this line.

Thanks, Ken
 
M

Murray

This sounds too bizarre, and very unlike most hackers I know of (not that I
know of any).

Why would someone do that, and what did they do again?
 
S

Steve Easton

animate.js is a standard FrontPage file.
Are you "sure" you didn't try a marquee or another animated content at one time??
If so, the animate.js can get "left behind" and get published to your web.


--
Steve Easton
Microsoft MVP FrontPage
95isalive
This site is best viewed............
........................with a computer
 
M

Mike Mueller

Ken
Most likely that file was created when you used something
like Dynamic HML. What I would do is check to see what
pages link to it. This should tell you what page(s) is/are
using that file.

Mike


Ken wrote:
: Using FP2000, an intruder recently access my website and
: placed an "animate.js" in the page title. According to
: my ISP, someone must have used my user name and pass
: word, because they have all Microsoft's latest security
: installed.
:
: Any thoughts along this line.
:
: Thanks, Ken
 
T

Tom Pepper Willett

Isn't this the same person who posted about the animate.js issue a few days
ago?
--
===
Tom "Pepper" Willett
Microsoft MVP - FrontPage
---
About FrontPage 2003:
http://office.microsoft.com/home/office.aspx?assetid=FX01085802
FrontPage 2003 Product Information:
http://www.microsoft.com/office/frontpage/prodinfo/default.mspx
Understanding FrontPage:
http://msdn.microsoft.com/office/understanding/frontpage/
FrontPage 2002 Server Extensions Support Center:
http://support.microsoft.com/default.aspx?scid=fh;en-us;fp10se
===
| animate.js is a standard FrontPage file.
| Are you "sure" you didn't try a marquee or another animated content at one
time??
| If so, the animate.js can get "left behind" and get published to your web.
|
|
| --
| Steve Easton
| Microsoft MVP FrontPage
| 95isalive
| This site is best viewed............
| .......................with a computer
|
| > Using FP2000, an intruder recently access my website and placed an
| > "animate.js" in the page title. According to my ISP, someone must have
used
| > my user name and pass word, because they have all Microsoft's latest
| > security installed.
| >
| > Any thoughts along this line.
| >
| > Thanks, Ken
| >
| >
|
|
 
G

George Hester

No it comes in from Apache servers on LINUX. Goes into your TIF when you visit an Apache server which is infected. Has nothing to do with permissions at your site.
 
M

Murray

What does that mean, George?

--
Murray

No it comes in from Apache servers on LINUX. Goes into your TIF when you
visit an Apache server which is infected. Has nothing to do with
permissions at your site.
 
G

George Hester

It means his behavior of a js link being inserted in web pages that the user did not put in explicitly "CAN BE" caused by an attack of this sort. It sounds like the user may have over reacted so my observation may have been off the mark. I can give you a discussion of this type of attack:

Well I posted a link to it but somehow it got mixed in with google crap. If I find it again I'll post it back here.
 
G

George Hester

Here Murray. It is really a pdf file that since I don't have that ActiveX installed, I viewed the page as HTML from Google. Seems that "link" cannot be posted. So this is how you read about what I was talking about. Go to Google and search on this:

q381275.exe

Near the bottom of the results (not many) you will see:

[PDF] Xpire/Splitinfinity.info Server Hack and Malware injection using ....

View that as HTML and read that person's discourse. It is very well done.
 
M

Murray

Thanks - very comprehensive, and very over my head. It doesn't tell me how
animate.js would wind up in the page's title, though.... 8(

--
Murray

Here Murray. It is really a pdf file that since I don't have that ActiveX
installed, I viewed the page as HTML from Google. Seems that "link" cannot
be posted. So this is how you read about what I was talking about. Go to
Google and search on this:

q381275.exe

Near the bottom of the results (not many) you will see:

[PDF] Xpire/Splitinfinity.info Server Hack and Malware injection using ...

View that as HTML and read that person's discourse. It is very well done.
 
G

George Hester

No animate.js was probably as discussed above OK. I don't think their issue had anything to do with the article. They wanted to know if a Hacker could do what they asked about. The answer is "Yes" and the artcle I gave you is how it's done.

--
George Hester
_________________________________
Murray said:
Thanks - very comprehensive, and very over my head. It doesn't tell me how
animate.js would wind up in the page's title, though.... 8(

--
Murray

Here Murray. It is really a pdf file that since I don't have that ActiveX
installed, I viewed the page as HTML from Google. Seems that "link" cannot
be posted. So this is how you read about what I was talking about. Go to
Google and search on this:

q381275.exe

Near the bottom of the results (not many) you will see:

[PDF] Xpire/Splitinfinity.info Server Hack and Malware injection using ....

View that as HTML and read that person's discourse. It is very well done.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Microsoft 365 Activations, Users or Devices? 0
Animate.js problem 2
My ISP does not support beyond FrontPage 2002 5
Word 2016 - Difficulties Learning Style Creation/Application 0
Extra Subweb Folder - What To Do? 1
How to print OneNote 2016 for Mac pages to fit on 8.5 x 11 inch paper 0
Solved -- the incompatibility between FP discussions and FP extensions. 2
Enclosures with word-doc 1

Top