Note: The Rootsweb Mailing Lists will be shut down on April 6, 2023. (More info)
RootsWeb.com Mailing Lists
Home

Results for list 'state-coord'

Previous Page      Next Page
Total: 3380/8731
    1. Re: [STATE-COORD] REINFECTION

    3. Stuff like this can spread within microseconds of an FTP connection. I think the best solution is to get off their server. I've already moved both of my sites and know of quite a few others that are going as well. All I want is a pw for now for a redirect, so it won't be long that the only one there will be the National website holding the bag. <sigh> They can talk all they want about other hosts, but, I'm not seeing it. All I keep seeing is IX Web Hosting. Same problem, same server, over and over and that sure tells me something. Something rotten there. Jan

    10/21/2009 10:49:01
    1. Re: [STATE-COORD] REINFECTION
    2. Jan Cortez

    3. I think the best solution is to get off their server. I've already moved both of my sites and know of quite a few others that are going as well. All I want is a pw for now for a redirect, so it won't be long that the only one there will be the National website holding the bag. <sigh> They can talk all they want about other hosts, but, I'm not seeing it. All I keep seeing is IX Web Hosting. Same problem, same server, over and over and that sure tells me something. Something rotten there. Jan ----- Original Message ----- From: <[email protected]> > Might not be part of the solution, just throwing out something I found. If > you hate technical reading then delete this now. > > For those that know about servers and programming, I found a technical > article that was interesting. > Run a google search on > CGI Vulnerabilities > First link should be a four page article by Aleksandar Stancin - for Help > Net Security > > Page 3 had "By using a cgi scanner you can safely find out by yourself for > any insecure CGI's on your system." > > Back to page 2, "In order for an attacker to find an vulnerable CGI, all > he > has to do is to connect to port 80 and repeatedly send a GET request to > CGI's on the server or suspecting they are on the server. Simply by > checking > your logs for repeated GET requests from a single remote host resulting in > a > 404, the 'file not found' error can give you an idea that something wicked > is > going on. As time passes, that same attacker may come up with an unsecure > CGI on your system. If that is the case, he'll most probably try to > exploit > the vulnerability." > > Maybe something the hosting companies need to glance at. > Michael Andrews, ASC Minnesota > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message -------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.423 / Virus Database: 270.14.24/2449 - Release Date: 10/20/09 18:42:00

    10/21/2009 10:43:41
    1. Re: [STATE-COORD] REINFECTION

    3. Might not be part of the solution, just throwing out something I found. If you hate technical reading then delete this now. For those that know about servers and programming, I found a technical article that was interesting. Run a google search on CGI Vulnerabilities First link should be a four page article by Aleksandar Stancin - for Help Net Security Page 3 had "By using a cgi scanner you can safely find out by yourself for any insecure CGI's on your system." Back to page 2, "In order for an attacker to find an vulnerable CGI, all he has to do is to connect to port 80 and repeatedly send a GET request to CGI's on the server or suspecting they are on the server. Simply by checking your logs for repeated GET requests from a single remote host resulting in a 404, the 'file not found' error can give you an idea that something wicked is going on. As time passes, that same attacker may come up with an unsecure CGI on your system. If that is the case, he'll most probably try to exploit the vulnerability." Maybe something the hosting companies need to glance at. Michael Andrews, ASC Minnesota

    10/21/2009 10:10:49
    1. [STATE-COORD] Latest Info: Reinfection of National & Sites Hosted at theusgenweb.org
    2. Sherri

    3. An update on the latest malware infection - I sent part of this last night but as happens every so often with messages from earthlink.net, it was rejected as the mail server it happened to go through was the one blacklisted by sorbs.net. ****************************Please forward to applicable Project Lists *************************** In regards to the message that both National and sites hosted at theusgenweb.org were clear of infection, within 24 hours, the infection was back. The sites have once again been cleaned and no alarms are currently sounding as you visit the pages, as far as we can tell. We found a couple of files that appear to be how the pages were re-infected this time. We've disabled ftp access to all accounts for the time being as we check through all folders on the account to make sure things are clean. We'll get new passwords out as soon as we can - please understand, we want to be sure that things stay clean! If you continue to have problems, or get reports of any further problems, please let either us know. Thanks, Sherri Bradley National Coordinator USGenWeb Project Information about the USGenWeb Project at http://usgenweb.org Advisory Board Agenda http://usgenweb.org/agenda2.php

    10/21/2009 03:28:08
    1. [STATE-COORD] hack attack stopped?
    2. W. David Samuelsen

    3. Apparently the powers that be got to the problem faster than before because I am not getting attack warnings now. David Samuelsen

    10/20/2009 04:00:58
    1. Re: [STATE-COORD] REINFECTION
    2. Karen De Groote-Johnson

    3. According to feedback from my people this infection is more far reaching then it was originally. All the pages on one particular county are infected as reported by that CC and it was only the index page before. There has got to be a computer out there that is infecting when they FTP, how can we stop that or it won't matter where we move. Someone needs to play detective here. Find out the common denominator of the infections and you will find the source. As a side note to Mike's post, all I know about other infections was when I was on Ancestry, the Adobe update window popped up and then my computer froze. I don't know if RW was affected or not but where I was at on Ancestry sure was. Karen MTGenWeb -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Tuesday, October 20, 2009 5:11 PM To: [email protected] Subject: Re: [STATE-COORD] REINFECTION Are these cgi script infections? Is the back door just unfiltered cgi forms? So no matter how many times it is removed, they just reenter their code on a cgi form and start reinfecting again. Michael Andrews, ASC Minnesota ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

    10/20/2009 12:15:51
    1. Re: [STATE-COORD] REINFECTION

    3. Are these cgi script infections? Is the back door just unfiltered cgi forms? So no matter how many times it is removed, they just reenter their code on a cgi form and start reinfecting again. Michael Andrews, ASC Minnesota

    10/20/2009 12:11:15
    1. Re: [STATE-COORD] REINFECTION
    2. Sherri

    3. Yes, it is, Jan. I'm going to get on the phone with IX in just a minute. Please ask folks not to visit National, and for those that host their sites on theusgenweb.org not to log in at all. Sherri -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jan Cortez Sent: Tuesday, October 20, 2009 3:07 PM To: [email protected] Subject: Re: [STATE-COORD] REINFECTION Is Montana on IX Web Hosting? Let Sherri know what URL's are ringing the bells if it is. Jan ----- Original Message ----- From: "Karen De Groote-Johnson" <[email protected]> >I had already emailed Sherry but thought I would share with everyone > else. MTGenWeb and USGenWeb pages are ringing the virus protection > bells again today. The back door has NOT been nailed shut. Please > advise! > Karen > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message ---------------------------------------------------------------------------- ---- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: 10/20/09 03:55:00 ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

    10/20/2009 11:56:05
    1. Re: [STATE-COORD] REINFECTION
    2. Mike & Diane

    3. I think the FBI needs to be brought in to investigate this. This is the 3rd or 4th time in a month. I was just informed one of the NCGenWeb sites housed on theusgenweb.org site is infected: http://theusgenweb.org/nc/edgecombe/ We have got to do something and I agree with Jan that it needs immediate attention. Diane  NCGenWeb SC NCGenWeb CC NCGenWeb Special Projects -------Original Message------- From: Jan Cortez Date: 10/20/2009 4:09:24 PM To: [email protected] Subject: Re: [STATE-COORD] REINFECTION As one of our Reps to the Advisory Board, I think that is a topic that needs Immediate attention before we lose all our patrons over it, should this Continue. Me thinks it has become a bit more serious than CC Guidelines at This point. Jan MIGenWeb ----- Original Message ----- From: <[email protected]> > If you have changed the password for access to the account and they are > still getting in, then they have been able to access the host's back door. > Apparently the host has done nothing about it, it's time to move > elsewhere. > > > Dale Grimm > OHGenWeb > > >> Yupper - I just went to the National Page and the Adobe Flash Player came >> up >> and Windows shut it down. Same thing happened at my Broome Co., NY >> website. >> >> I have already moved my Broome Co. Website back to RW as I still had >> that >> site, but, will have to either load Banks Co. GA on to another RW site or >> to >> my own domain server. This is getting ridiculous. >> >> I also think that the National pages need to be placed on another server. >> We are going to lose patrons if this keeps up. >> >> Jan >> >> >> ----- Original Message ----- >> From: "Karen De Groote-Johnson" <[email protected]> >> To: <[email protected]> >> Sent: Tuesday, October 20, 2009 2:36 PM >> Subject: [STATE-COORD] REINFECTION >> >> >>>I had already emailed Sherry but thought I would share with everyone >>> else. MTGenWeb and USGenWeb pages are ringing the virus protection >>> bells again today. The back door has NOT been nailed shut. Please >>> advise! >>> Karen >>> >>> ------------------------------- >>> To unsubscribe from the list, please send an email to >>> [email protected] with the word 'unsubscribe' without the >>> quotes in the subject and the body of the message >> >> >> ----------------------------------------------------------------------------- -- >> >> >> >> No virus found in this incoming message. >> Checked by AVG - www.avg.com >> Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: >> 10/20/09 >> 03:55:00 >> >> >> ------------------------------- >> To unsubscribe from the list, please send an email to >> [email protected] with the word 'unsubscribe' without the >> quotes in the subject and the body of the message >> > > > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message ----------------------------------------------------------------------------- -- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: 10/20/09 03:55:00 ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message ____________________________________________________________ No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: 10/20/09 03:55:00

    10/20/2009 10:27:26
    1. Re: [STATE-COORD] REINFECTION
    2. Michael and Vivian Saffold

    3. I wholeheartedly agree! Vivian Price Saffold State Coordinator The GAGenWeb Project At 04:09 PM 10/20/2009, you wrote: >As one of our Reps to the Advisory Board, I think that is a topic that needs >immediate attention before we lose all our patrons over it, should this >continue. Me thinks it has become a bit more serious than CC Guidelines at >this point. > >Jan >MIGenWeb > >----- Original Message ----- >From: <[email protected]> > > > > If you have changed the password for access to the account and they are > > still getting in, then they have been able to access the host's back door. > > Apparently the host has done nothing about it, it's time to move > > elsewhere. > > > > > > Dale Grimm > > OHGenWeb > > > > > >> Yupper - I just went to the National Page and the Adobe Flash Player came > >> up > >> and Windows shut it down. Same thing happened at my Broome Co., NY > >> website. > >> > >> I have already moved my Broome Co. website back to RW as I still had > >> that > >> site, but, will have to either load Banks Co. GA on to another RW site or > >> to > >> my own domain server. This is getting ridiculous. > >> > >> I also think that the National pages need to be placed on another server. > >> We are going to lose patrons if this keeps up. > >> > >> Jan > >> > >> > >> ----- Original Message ----- > >> From: "Karen De Groote-Johnson" <[email protected]> > >> To: <[email protected]> > >> Sent: Tuesday, October 20, 2009 2:36 PM > >> Subject: [STATE-COORD] REINFECTION > >> > >> > >>>I had already emailed Sherry but thought I would share with everyone > >>> else. MTGenWeb and USGenWeb pages are ringing the virus protection > >>> bells again today. The back door has NOT been nailed shut. Please > >>> advise! > >>> Karen > >>> > >>> ------------------------------- > >>> To unsubscribe from the list, please send an email to > >>> [email protected] with the word 'unsubscribe' without the > >>> quotes in the subject and the body of the message > >> > >> > >> > -------------------------------------------------------------------------------- > >> > >> > >> > >> No virus found in this incoming message. > >> Checked by AVG - www.avg.com > >> Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: > >> 10/20/09 > >> 03:55:00 > >> > >> > >> ------------------------------- > >> To unsubscribe from the list, please send an email to > >> [email protected] with the word 'unsubscribe' without the > >> quotes in the subject and the body of the message > >> > > > > > > > > ------------------------------- > > To unsubscribe from the list, please send an email to > > [email protected] with the word 'unsubscribe' without the > > quotes in the subject and the body of the message > > >-------------------------------------------------------------------------------- > > > >No virus found in this incoming message. >Checked by AVG - www.avg.com >Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: 10/20/09 >03:55:00 > > >------------------------------- >To unsubscribe from the list, please send an email to >[email protected] with the word 'unsubscribe' without >the quotes in the subject and the body of the message

    10/20/2009 10:13:48
    1. Re: [STATE-COORD] REINFECTION
    2. Jan Cortez

    3. As one of our Reps to the Advisory Board, I think that is a topic that needs immediate attention before we lose all our patrons over it, should this continue. Me thinks it has become a bit more serious than CC Guidelines at this point. Jan MIGenWeb ----- Original Message ----- From: <[email protected]> > If you have changed the password for access to the account and they are > still getting in, then they have been able to access the host's back door. > Apparently the host has done nothing about it, it's time to move > elsewhere. > > > Dale Grimm > OHGenWeb > > >> Yupper - I just went to the National Page and the Adobe Flash Player came >> up >> and Windows shut it down. Same thing happened at my Broome Co., NY >> website. >> >> I have already moved my Broome Co. website back to RW as I still had >> that >> site, but, will have to either load Banks Co. GA on to another RW site or >> to >> my own domain server. This is getting ridiculous. >> >> I also think that the National pages need to be placed on another server. >> We are going to lose patrons if this keeps up. >> >> Jan >> >> >> ----- Original Message ----- >> From: "Karen De Groote-Johnson" <[email protected]> >> To: <[email protected]> >> Sent: Tuesday, October 20, 2009 2:36 PM >> Subject: [STATE-COORD] REINFECTION >> >> >>>I had already emailed Sherry but thought I would share with everyone >>> else. MTGenWeb and USGenWeb pages are ringing the virus protection >>> bells again today. The back door has NOT been nailed shut. Please >>> advise! >>> Karen >>> >>> ------------------------------- >>> To unsubscribe from the list, please send an email to >>> [email protected] with the word 'unsubscribe' without the >>> quotes in the subject and the body of the message >> >> >> -------------------------------------------------------------------------------- >> >> >> >> No virus found in this incoming message. >> Checked by AVG - www.avg.com >> Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: >> 10/20/09 >> 03:55:00 >> >> >> ------------------------------- >> To unsubscribe from the list, please send an email to >> [email protected] with the word 'unsubscribe' without the >> quotes in the subject and the body of the message >> > > > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message -------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: 10/20/09 03:55:00

    10/20/2009 10:09:07
    1. Re: [STATE-COORD] REINFECTION

    3. If you have changed the password for access to the account and they are still getting in, then they have been able to access the host's back door. Apparently the host has done nothing about it, it's time to move elsewhere. Dale Grimm OHGenWeb > Yupper - I just went to the National Page and the Adobe Flash Player came > up > and Windows shut it down. Same thing happened at my Broome Co., NY > website. > > I have already moved my Broome Co. website back to RW as I still had that > site, but, will have to either load Banks Co. GA on to another RW site or > to > my own domain server. This is getting ridiculous. > > I also think that the National pages need to be placed on another server. > We are going to lose patrons if this keeps up. > > Jan > > > ----- Original Message ----- > From: "Karen De Groote-Johnson" <[email protected]> > To: <[email protected]> > Sent: Tuesday, October 20, 2009 2:36 PM > Subject: [STATE-COORD] REINFECTION > > >>I had already emailed Sherry but thought I would share with everyone >> else. MTGenWeb and USGenWeb pages are ringing the virus protection >> bells again today. The back door has NOT been nailed shut. Please >> advise! >> Karen >> >> ------------------------------- >> To unsubscribe from the list, please send an email to >> [email protected] with the word 'unsubscribe' without the >> quotes in the subject and the body of the message > > > -------------------------------------------------------------------------------- > > > > No virus found in this incoming message. > Checked by AVG - www.avg.com > Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: 10/20/09 > 03:55:00 > > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message >

    10/20/2009 10:02:03
    1. Re: [STATE-COORD] REINFECTION
    2. Jan Cortez

    3. Yupper - I just went to the National Page and the Adobe Flash Player came up and Windows shut it down. Same thing happened at my Broome Co., NY website. I have already moved my Broome Co. website back to RW as I still had that site, but, will have to either load Banks Co. GA on to another RW site or to my own domain server. This is getting ridiculous. I also think that the National pages need to be placed on another server. We are going to lose patrons if this keeps up. Jan ----- Original Message ----- From: "Karen De Groote-Johnson" <[email protected]> To: <[email protected]> Sent: Tuesday, October 20, 2009 2:36 PM Subject: [STATE-COORD] REINFECTION >I had already emailed Sherry but thought I would share with everyone > else. MTGenWeb and USGenWeb pages are ringing the virus protection > bells again today. The back door has NOT been nailed shut. Please > advise! > Karen > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message -------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: 10/20/09 03:55:00

    10/20/2009 09:15:32
    1. Re: [STATE-COORD] REINFECTION
    2. Mike & Diane

    3. I just got notice from a member that the National Home page is setting off her antivirus programs. Diane NCGenWeb SC NCGenWeb CC NCGenWeb Special Projects -------Original Message------- From: Jan Cortez Date: 10/20/2009 3:07:00 PM To: [email protected] Subject: Re: [STATE-COORD] REINFECTION Is Montana on IX Web Hosting? Let Sherri know what URL's are ringing the Bells if it is. Jan

    10/20/2009 09:11:17
    1. Re: [STATE-COORD] REINFECTION
    2. Jan Cortez

    3. Is Montana on IX Web Hosting? Let Sherri know what URL's are ringing the bells if it is. Jan ----- Original Message ----- From: "Karen De Groote-Johnson" <[email protected]> >I had already emailed Sherry but thought I would share with everyone > else. MTGenWeb and USGenWeb pages are ringing the virus protection > bells again today. The back door has NOT been nailed shut. Please > advise! > Karen > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message -------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: 10/20/09 03:55:00

    10/20/2009 09:06:34
    1. Re: [STATE-COORD] REINFECTION
    2. Karen De Groote-Johnson

    3. Yes and already sent. Thanks Jan -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jan Cortez Sent: Tuesday, October 20, 2009 2:07 PM To: [email protected] Subject: Re: [STATE-COORD] REINFECTION Is Montana on IX Web Hosting? Let Sherri know what URL's are ringing the bells if it is. Jan ----- Original Message ----- From: "Karen De Groote-Johnson" <[email protected]> >I had already emailed Sherry but thought I would share with everyone > else. MTGenWeb and USGenWeb pages are ringing the virus protection > bells again today. The back door has NOT been nailed shut. Please > advise! > Karen > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message ---------------------------------------------------------------------------- ---- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.422 / Virus Database: 270.14.23/2447 - Release Date: 10/20/09 03:55:00 ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

    10/20/2009 08:12:57
    1. [STATE-COORD] Infection
    2. Martha A Crosley Graham

    3. Hello, I was just getting ready to update on of my Los Angeles Bio Sites when Avast caught one of the infected USGW Sites. Avast recorded this URL as infected although this is not where I started: http://www.stortfordaircadets.org.uk/flash This is the URL where I started: http://theusgenweb org/ca/losangeles/Biographies/biographies.htm Martha A Crosley Graham SC CAGenWeb

    10/20/2009 07:56:39
    1. [STATE-COORD] REINFECTION
    2. Karen De Groote-Johnson

    3. I had already emailed Sherry but thought I would share with everyone else. MTGenWeb and USGenWeb pages are ringing the virus protection bells again today. The back door has NOT been nailed shut. Please advise! Karen

    10/20/2009 07:36:12
    1. Re: [STATE-COORD] REINFECTION
    2. Mike St. Clair

    3. By the way, the rumors were floating around last week that Rootsweb had incurred this infection as well. I've heard from an insider I trust that this is NOT true. Quite a number of IDGENWEB and MOGENWEB counties are located on Bluehost servers. We've watched this very carefully and there has been no sign of problem there either. I'm concerned that we have a much deeper problem than thought on the server that is hosting the national webpages. Mike St. Clair On Tue, October 20, 2009 12:36 pm, Karen De Groote-Johnson said: > I had already emailed Sherry but thought I would share with everyone > else. MTGenWeb and USGenWeb pages are ringing the virus protection > bells again today. The back door has NOT been nailed shut. Please > advise! > Karen

    10/20/2009 06:45:04
    1. [STATE-COORD] regarding the current motion before the AB
    2. Michael and Vivian Saffold

    3. Here's what my constituents are telling me: Rules should be in the bylaws. Guidelines are suggestions, not rules. The two should be clearly presented on the national Web site, so that coordinators can tell the difference and know what is required. Vivian Price Saffold State Coordinator The GAGenWeb Project

    10/20/2009 05:09:02