Note: The Rootsweb Mailing Lists will be shut down on April 6, 2023. (More info)
RootsWeb.com Mailing Lists
Home

Results for list 'state-coord'

Previous Page      Next Page
Total: 3400/8731
    1. [STATE-COORD] USGenWeb Sites Clean
    2. Sherri

    3. *********************** Please Share with Project Mail Lists *********************************** The USGenWeb National site and sites hosted on theusgenweb.org have been checked and double checked and they are clean of the malware that was discovered a few days ago. The only file types that we found affected were ones that were .html, .htm or .shtml. The 'techies' at the hosting service ran a script to remove the code on all files that were affected. In checking through files, we've found no affected files still remaining. The reports through some mail lists of files from the Archives and/or Tombstone Project have not been able to be confirmed. The Archives and TP Projects are not hosted on the same servers or at the same hosting service as the National site and/or theusgenweb.org. It is unlikely that a text file would be affected by the problems that were discovered on the National site since most files in the Archives are text files, not .html, .htm and/or .shtml files. The servers that the Archives and TP Project are on have been checked and no problems found. At this point, unless a specific URL is provided, we can't reproduce the reported problem. A few have asked what the hosting service is going to do about the recent infections, and their lack of security on the servers. The first infection was NOT caused by a lack of security on the servers. The hacker gained access to the National site by hacking into a computer that was connected to an unsecured network, creating a back door for him/herself and then using that backdoor to get in and do his/her dirty work. Once the backdoor was opened, they had access to all site folders, which allowed them to infect multiple sites. There was an auto-replicating file loaded, among other things, so as fast as we were removing infected files, more infected files were appearing. Files of many different type were affected. That was not the case this time. The files that were hacked were only those that had .html, .htm or .shtml extensions. No elaborate file manipulation was involved. If you looked at the upload dates, the affected files all had the same date on them - the day that the issue was first recognized and reported. It was easy to tell what files were affected if you checked them carefully. The infections were the same type that were being reported all across the web, including Rootsweb/Ancestry. Malware was causing a fake notice of an update to Adobe that should be made - and not through the Adobe site. If you actually downloaded the file, it 'stole' your cookies, enabling them to have access to your info/passwords stored on your computer. Most anti-virus programs that I've heard were actually not allowing the page to open because they detected the Trojan. I know my Norton's refused to allow the page to open, and I know someone reported the same of AVG. IX Webhosting's servers can't all be painted with the same bad name. Some accounts hosted at IX were not affected - I know that a couple of my personal accounts had no problem at all. Likewise, not all of the reports were from IX's servers alone. As I mentioned, there were issues with Rootsweb and Ancestry's files also not behaving as expected. Several other hosting services also had problems with the same malware issues. If you should continue to have any problems accessing pages on the National site or those that are hosted on theusgenweb.org domain, please let us know. Please provide the specific URL of the file that you received the warnings about from your anti-virus/anti-spyware software or that you experience warning you of a needed update to Adobe. For those that host their sites on theusgenweb.org, new passwords are being set and you should receive yours in the next couple of days. Sherri Bradley National Coordinator USGenWeb Project Information about the USGenWeb Project at http://usgenweb.org Advisory Board Agenda http://usgenweb.org/agenda2.php

    10/19/2009 01:46:38
    1. [STATE-COORD] MSGW link updates
    2. Jeff Kemp

    3. Hello All, The MSGenWeb has moved to www.msgw.org We would like to ask that surrounding States and their counties please update your links to the MSGenWeb. We also have the following counties up for adoption: Attala, Coahoma, Harrison, Holmes, Lauderdale, Lowndes, Pearl River, Quitman, and Yalobusha. Knowledge of html, graphics and FTP program is a basic requirement :-) Thanks All, MSGW Team

    10/16/2009 06:22:48
    1. Re: [STATE-COORD] Clarification
    2. Sherri

    3. Yes, CCs can now subscribe to this list on a read-only basis - just like they've been allowed to do with both BOARD and the USGenWeb-ALL (what we use as the ABCHAT list) previously. Sherri Bradley National Coordinator USGenWeb Project Information about the USGenWeb Project at http://usgenweb.org Advisory Board Agenda http://usgenweb.org/agenda2.php -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Cheryl Rothwell Sent: Friday, October 16, 2009 9:51 AM To: [email protected] Subject: [STATE-COORD] Clarification Do I understand correctly that CCs may now subscribe on a read only basis? It follows then that we can post anything on this list to our state lists if we deem it appropriate without further permission. Do I have this right? Cheryl Rothwell ASC, ILGenWeb ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

    10/16/2009 02:12:18
    1. Re: [STATE-COORD] How to Tell
    2. Jan Cortez

    3. Excellent advice Betsy. Thank you, Jan ----- Original Message ----- From: "Betsy" <[email protected]> > What I have been finding - use your browser, go to your main web page > and View Source. Scroll to the bottom of the code. If you see: > <script function - followed by some gibberish letters > the page has been hacked. > However, please note - we have found some subpages that have been > hacked also, so please continue to monitor your webpages. > > My recommendation is for everyone to stop all FTP'ing and change your > email passwords to brand new secure passwords. Do NOT use your > mother's maiden name, your birth date, your social security number, > your children's names or your dog's. Include letters - both upper > and lower case - and numbers. If you need help designing a password > that is still memorable while still being more secure, contact me > privately. > > And if anyone got the message to "Update Adobe" and clicked on it, > please immediately scan your computer and once you are sure it is > clean, change your passwords. > > Lastly, take this time to take a break. Visit a cemetery, transcribe > some records, or even just turn around and visit with your > family. They may be surprised to know what your face looks > like!! (Yes, my kids took a picture of the back of my head one time > and labelled it "Mom." Aren't they funny???) > > Betsy > > > >>From: Joan Asche >>Date: 10/16/2009 6:10:29 AM >>To: [email protected] >>Subject: Re: [STATE-COORD] Hacker Attack (Again) >> >>How can we tell if our sites are infected. Will it set off antivirus >>programs? >> >>J. Asche >> > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message -------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.421 / Virus Database: 270.14.20/2439 - Release Date: 10/15/09 20:39:00

    10/16/2009 09:48:58
    1. Re: [STATE-COORD] Hacker Attack (Again)

    3. Right click on a text part of the page, then click "view source". If you see something that you didn't put there, you've been hacked. In my previous experiences with malicious code, they have been toward the bottom of the page. Dale Grimm > I checked my pages hosted on usgenweb and my antivirus did not alert > me to anything wrong. Can I trust my antivirus and assume that my > pages are clean? > > J. Asche > > > On Fri, Oct 16, 2009 at 7:47 AM, Karen De Groote-Johnson > <[email protected]> wrote: >> Joan, I am not sure how we tell but I will share this bit from one of my >> people.  I am terribly alarmed because I was on Ancestry last night and >> a >> fake looking Adobe update window came up.  I think we need to know the >> extent of this hacking and need to know as soon as the information is >> available. >> > > > ------------------------------- > To unsubscribe from the list, please send an email to > [email protected] with the word 'unsubscribe' without the > quotes in the subject and the body of the message >

    10/16/2009 09:24:25
    1. Re: [STATE-COORD] How to Tell
    2. Betsy

    3. Yes, permission to forward is certainly granted. Betsy At 08:30 AM 10/16/2009, you wrote: >Betsy, > >Some good advice here. Could I post this to the GAGenWeb list? > >Thanks, > >Vivian Price Saffold >State Coordinator >The GAGenWeb Project > >At 08:57 AM 10/16/2009, you wrote: > >What I have been finding - use your browser, go to your main web page > >and View Source. Scroll to the bottom of the code. If you see: > ><script function - followed by some gibberish letters > >the page has been hacked. > >However, please note - we have found some subpages that have been > >hacked also, so please continue to monitor your webpages. > > > >My recommendation is for everyone to stop all FTP'ing and change your > >email passwords to brand new secure passwords. Do NOT use your > >mother's maiden name, your birth date, your social security number, > >your children's names or your dog's. Include letters - both upper > >and lower case - and numbers. If you need help designing a password > >that is still memorable while still being more secure, contact me privately. > > > >And if anyone got the message to "Update Adobe" and clicked on it, > >please immediately scan your computer and once you are sure it is > >clean, change your passwords. > > > >Lastly, take this time to take a break. Visit a cemetery, transcribe > >some records, or even just turn around and visit with your > >family. They may be surprised to know what your face looks > >like!! (Yes, my kids took a picture of the back of my head one time > >and labelled it "Mom." Aren't they funny???) > > > >Betsy > > > > > > > > >From: Joan Asche > > >Date: 10/16/2009 6:10:29 AM > > >To: [email protected] > > >Subject: Re: [STATE-COORD] Hacker Attack (Again) > > > > > >How can we tell if our sites are infected. Will it set off antivirus > > >programs? > > > > > >J. Asche > > > > > > >------------------------------- > >To unsubscribe from the list, please send an email to > >[email protected] with the word 'unsubscribe' without > >the quotes in the subject and the body of the message > > >------------------------------- >To unsubscribe from the list, please send an email to >[email protected] with the word 'unsubscribe' without >the quotes in the subject and the body of the message

    10/16/2009 08:50:31
    1. Re: [STATE-COORD] Hacker Attack (Again)
    2. Deloris Williams

    3. There is definitely something wrong on the Ancestry/Rootsweb sites. I've been on the Message Boards this morning and my browser keeps crashing after a couple of minutes. This doesn't happen on other sites, so I've run AVG & Spybot and nothing shows wrong, and I use Firefox and this hasn't happened before, it could be that they detect a malicious page and I believe this has something to do with the hacking problem. Deloris Williams NCGenWeb ASC NCGenWeb, CC-Vance County http://www.ncgenweb.us/vance/index.htm NCGenWeb, Co-CC Granville County http://www.ncgenweb.us/ncgranville/ My North Carolina Roots: http://wc.rootsweb.com/cgi-bin/igm.cgi?db=dwilliams-1

    10/16/2009 06:35:24
    1. Re: [STATE-COORD] How to Tell
    2. Michael and Vivian Saffold

    3. Betsy, Some good advice here. Could I post this to the GAGenWeb list? Thanks, Vivian Price Saffold State Coordinator The GAGenWeb Project At 08:57 AM 10/16/2009, you wrote: >What I have been finding - use your browser, go to your main web page >and View Source. Scroll to the bottom of the code. If you see: ><script function - followed by some gibberish letters >the page has been hacked. >However, please note - we have found some subpages that have been >hacked also, so please continue to monitor your webpages. > >My recommendation is for everyone to stop all FTP'ing and change your >email passwords to brand new secure passwords. Do NOT use your >mother's maiden name, your birth date, your social security number, >your children's names or your dog's. Include letters - both upper >and lower case - and numbers. If you need help designing a password >that is still memorable while still being more secure, contact me privately. > >And if anyone got the message to "Update Adobe" and clicked on it, >please immediately scan your computer and once you are sure it is >clean, change your passwords. > >Lastly, take this time to take a break. Visit a cemetery, transcribe >some records, or even just turn around and visit with your >family. They may be surprised to know what your face looks >like!! (Yes, my kids took a picture of the back of my head one time >and labelled it "Mom." Aren't they funny???) > >Betsy > > > > >From: Joan Asche > >Date: 10/16/2009 6:10:29 AM > >To: [email protected] > >Subject: Re: [STATE-COORD] Hacker Attack (Again) > > > >How can we tell if our sites are infected. Will it set off antivirus > >programs? > > > >J. Asche > > > >------------------------------- >To unsubscribe from the list, please send an email to >[email protected] with the word 'unsubscribe' without >the quotes in the subject and the body of the message

    10/16/2009 03:30:36
    1. [STATE-COORD] Clarification
    2. Cheryl Rothwell

    3. Do I understand correctly that CCs may now subscribe on a read only basis? It follows then that we can post anything on this list to our state lists if we deem it appropriate without further permission. Do I have this right? Cheryl Rothwell ASC, ILGenWeb

    10/16/2009 02:50:54
    1. Re: [STATE-COORD] Hacker Attack (Again)
    2. Joan Asche

    3. I checked my pages hosted on usgenweb and my antivirus did not alert me to anything wrong. Can I trust my antivirus and assume that my pages are clean? J. Asche On Fri, Oct 16, 2009 at 7:47 AM, Karen De Groote-Johnson <[email protected]> wrote: > Joan, I am not sure how we tell but I will share this bit from one of my > people.  I am terribly alarmed because I was on Ancestry last night and a > fake looking Adobe update window came up.  I think we need to know the > extent of this hacking and need to know as soon as the information is > available. >

    10/16/2009 02:43:59
    1. [STATE-COORD] How to Tell
    2. Betsy

    3. What I have been finding - use your browser, go to your main web page and View Source. Scroll to the bottom of the code. If you see: <script function - followed by some gibberish letters the page has been hacked. However, please note - we have found some subpages that have been hacked also, so please continue to monitor your webpages. My recommendation is for everyone to stop all FTP'ing and change your email passwords to brand new secure passwords. Do NOT use your mother's maiden name, your birth date, your social security number, your children's names or your dog's. Include letters - both upper and lower case - and numbers. If you need help designing a password that is still memorable while still being more secure, contact me privately. And if anyone got the message to "Update Adobe" and clicked on it, please immediately scan your computer and once you are sure it is clean, change your passwords. Lastly, take this time to take a break. Visit a cemetery, transcribe some records, or even just turn around and visit with your family. They may be surprised to know what your face looks like!! (Yes, my kids took a picture of the back of my head one time and labelled it "Mom." Aren't they funny???) Betsy >From: Joan Asche >Date: 10/16/2009 6:10:29 AM >To: [email protected] >Subject: Re: [STATE-COORD] Hacker Attack (Again) > >How can we tell if our sites are infected. Will it set off antivirus >programs? > >J. Asche >

    10/16/2009 01:57:52
    1. Re: [STATE-COORD] Hacker Attack (Again)
    2. Betsy

    3. I should also have added that IX has a script they are running to find and remove the malicious code from the webpages. So, if you find that your website has been hacked, please contact your hosting service to see if they will do that for you also. Betsy At 06:59 AM 10/16/2009, you wrote: >According to a tech from IX, this attack is "internet-wide" - meaning >it has affected many hosting services. It may be connected to this: >http://www.kval.com/news/tech/63768427.html > >I find it interesting that although I use both gmail and earthlink, I >was not notified of this. > >The "Update Adobe" is what I am hearing is the indicator that the >page has been hacked. So, it does sound like Ancestry/RootsWeb has >also been compromised. I know ARGenWeb is on a totally different >server from USGenWeb and we were also hacked. > >Betsy > > >At 06:47 AM 10/16/2009, you wrote: > >Joan, I am not sure how we tell but I will share this bit from one of my > >people. I am terribly alarmed because I was on Ancestry last night and a > >fake looking Adobe update window came up. I think we need to know the > >extent of this hacking and need to know as soon as the information is > >available. > > > >Quote: > >earlier tonight, I was checking my county links, and my virus scan picked up > >a malware on the usgenweb site when I entered it, and when I entered one of > >neighboring websites when I checked that link. It appears to be a fake > >"Upload Adobe Flashplayer Now" scam, that appears as a pop up. I am advising > >folks (as I've always done) to never click on these items or similiar items > >when browsing the net. My virus scanner indicated that it was a Trojan > >program and very malicious. > > > >Karen > > > >-----Original Message----- > >From: [email protected] > >[mailto:[email protected]] On Behalf Of Joan Asche > >Sent: Friday, October 16, 2009 6:10 AM > >To: [email protected] > >Subject: Re: [STATE-COORD] Hacker Attack (Again) > > > >How can we tell if our sites are infected. Will it set off antivirus > >programs? > > > >J. Asche > > > >On Thu, Oct 15, 2009 at 7:30 PM, Sherri <[email protected]> wrote: > > > ********************* Please forward to all Project Lists > > > ********************************** > > > > > > The National USGenWeb Project site and all sites hosted on > theusgenweb.org > > > domain, as well as a few other Project sites have been hit again by a > > > hacker that has included some malware code at the end of the majority of > >the > > > pages on each site. We are working with the hosting service right now to > > > get the sites cleaned and the code removed. Please ask ALL Project > > > Coordinators that have their sites hosted on theusgenweb.org or anyone > >that > > > specifically gets notices that they're sites are infected to not connect > >by > > > ftp to the sites until at least the 16th as we work to try to ensure that > >we > > > have the sites cleaned once again. > > > > > > For folks that have only visited the USGenWeb National site or any of the > > > other affected sites using their browser, the risk is very > minor that your > > > computer has been infected. If you've connected by ftp and downloaded > >files > > > from any of the infected sites, I'd suggest running a full virus scan on > > > your computer and I'd also recommend running at least a couple of spyware > > > scans to add an additional level of confidence that your system is clean. > > > > > > All sites that are hosted on theusgenweb.org server will have the > >passwords > > > changed before you can log in again. I'll be starting on this > immediately > > > so that the downtime will be minimized as much as possible. > > > > > > If anyone has any specific questions or problems, please let me know. > > > > > > Sherri Bradley > > > National Coordinator > > > USGenWeb Project > > > Information about the USGenWeb Project at http://usgenweb.org > > > Advisory Board Agenda http://usgenweb.org/agenda2.php > > > > > > > > > > > > > > > > > > ------------------------------- > > > To unsubscribe from the list, please send an email to > >[email protected] with the word 'unsubscribe' without the > >quotes in the subject and the body of the message > > > > > > > > >------------------------------- > >To unsubscribe from the list, please send an email to > >[email protected] with the word 'unsubscribe' without the > >quotes in the subject and the body of the message > > > > > > > >------------------------------- > >To unsubscribe from the list, please send an email to > >[email protected] with the word 'unsubscribe' without > >the quotes in the subject and the body of the message > >------------------------------- >To unsubscribe from the list, please send an email to >[email protected] with the word 'unsubscribe' without >the quotes in the subject and the body of the message

    10/16/2009 01:25:10
    1. Re: [STATE-COORD] Hacker Attack (Again)
    2. Joan Asche

    3. How can we tell if our sites are infected. Will it set off antivirus programs? J. Asche On Thu, Oct 15, 2009 at 7:30 PM, Sherri <[email protected]> wrote: > ********************* Please forward to all Project Lists > ********************************** > > The National USGenWeb Project site and all sites hosted on theusgenweb.org > domain, as well as  a few other Project sites have been hit again by a > hacker that has included some malware code at the end of the majority of the > pages on each site.  We are working with the hosting service right now to > get the sites cleaned and the code removed.  Please ask ALL Project > Coordinators that have their sites hosted on theusgenweb.org or anyone that > specifically gets notices that they're sites are infected to not connect by > ftp to the sites until at least the 16th as we work to try to ensure that we > have the sites cleaned once again. > > For folks that have only visited the USGenWeb National site or any of the > other affected sites using their browser, the risk is very minor that your > computer has been infected.  If you've connected by ftp and downloaded files > from any of the infected sites, I'd suggest running a full virus scan on > your computer and I'd also recommend running at least a couple of spyware > scans to add an additional level of confidence that your system is clean. > > All sites that are hosted on theusgenweb.org server will have the passwords > changed before you can log in again.  I'll be starting on this immediately > so that the downtime will be minimized as much as possible. > > If anyone has any specific questions or problems, please let me know. > > Sherri Bradley > National Coordinator > USGenWeb Project > Information about the USGenWeb Project at http://usgenweb.org > Advisory Board Agenda http://usgenweb.org/agenda2.php > > > > > > ------------------------------- > To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message >

    10/16/2009 01:09:36
    1. Re: [STATE-COORD] Hacker Attack (Again)
    2. AnnieG

    3. I have AVG on my laptop and it was set off when I visited National. I was not at home to check my main computer which has Norton Professional. AnnieG Delaware ASC -------Original Message------- From: Joan Asche Date: 10/16/2009 6:10:29 AM To: [email protected] Subject: Re: [STATE-COORD] Hacker Attack (Again) How can we tell if our sites are infected. Will it set off antivirus programs? J. Asche On Thu, Oct 15, 2009 at 7:30 PM, Sherri <[email protected]> wrote: > ********************* Please forward to all Project Lists > ********************************** > > The National USGenWeb Project site and all sites hosted on theusgenweb.org > domain, as well as a few other Project sites have been hit again by a > hacker that has included some malware code at the end of the majority of the > pages on each site. We are working with the hosting service right now to > get the sites cleaned and the code removed. Please ask ALL Project > Coordinators that have their sites hosted on theusgenweb.org or anyone that > specifically gets notices that they're sites are infected to not connect by > ftp to the sites until at least the 16th as we work to try to ensure that we > have the sites cleaned once again. > > For folks that have only visited the USGenWeb National site or any of the > other affected sites using their browser, the risk is very minor that your > computer has been infected. If you've connected by ftp and downloaded files > from any of the infected sites, I'd suggest running a full virus scan on > your computer and I'd also recommend running at least a couple of spyware > scans to add an additional level of confidence that your system is clean. > > All sites that are hosted on theusgenweb.org server will have the passwords > changed before you can log in again. I'll be starting on this immediately > so that the downtime will be minimized as much as possible. > > If anyone has any specific questions or problems, please let me know. > > Sherri Bradley > National Coordinator > USGenWeb Project > Information about the USGenWeb Project at http://usgenweb.org > Advisory Board Agenda http://usgenweb.org/agenda2.php > > > > > > ------------------------------- > To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message > ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

    10/16/2009 01:00:14
    1. Re: [STATE-COORD] Hacker Attack (Again)
    2. Betsy

    3. According to a tech from IX, this attack is "internet-wide" - meaning it has affected many hosting services. It may be connected to this: http://www.kval.com/news/tech/63768427.html I find it interesting that although I use both gmail and earthlink, I was not notified of this. The "Update Adobe" is what I am hearing is the indicator that the page has been hacked. So, it does sound like Ancestry/RootsWeb has also been compromised. I know ARGenWeb is on a totally different server from USGenWeb and we were also hacked. Betsy At 06:47 AM 10/16/2009, you wrote: >Joan, I am not sure how we tell but I will share this bit from one of my >people. I am terribly alarmed because I was on Ancestry last night and a >fake looking Adobe update window came up. I think we need to know the >extent of this hacking and need to know as soon as the information is >available. > >Quote: >earlier tonight, I was checking my county links, and my virus scan picked up >a malware on the usgenweb site when I entered it, and when I entered one of >neighboring websites when I checked that link. It appears to be a fake >"Upload Adobe Flashplayer Now" scam, that appears as a pop up. I am advising >folks (as I've always done) to never click on these items or similiar items >when browsing the net. My virus scanner indicated that it was a Trojan >program and very malicious. > >Karen > >-----Original Message----- >From: [email protected] >[mailto:[email protected]] On Behalf Of Joan Asche >Sent: Friday, October 16, 2009 6:10 AM >To: [email protected] >Subject: Re: [STATE-COORD] Hacker Attack (Again) > >How can we tell if our sites are infected. Will it set off antivirus >programs? > >J. Asche > >On Thu, Oct 15, 2009 at 7:30 PM, Sherri <[email protected]> wrote: > > ********************* Please forward to all Project Lists > > ********************************** > > > > The National USGenWeb Project site and all sites hosted on theusgenweb.org > > domain, as well as a few other Project sites have been hit again by a > > hacker that has included some malware code at the end of the majority of >the > > pages on each site. We are working with the hosting service right now to > > get the sites cleaned and the code removed. Please ask ALL Project > > Coordinators that have their sites hosted on theusgenweb.org or anyone >that > > specifically gets notices that they're sites are infected to not connect >by > > ftp to the sites until at least the 16th as we work to try to ensure that >we > > have the sites cleaned once again. > > > > For folks that have only visited the USGenWeb National site or any of the > > other affected sites using their browser, the risk is very minor that your > > computer has been infected. If you've connected by ftp and downloaded >files > > from any of the infected sites, I'd suggest running a full virus scan on > > your computer and I'd also recommend running at least a couple of spyware > > scans to add an additional level of confidence that your system is clean. > > > > All sites that are hosted on theusgenweb.org server will have the >passwords > > changed before you can log in again. I'll be starting on this immediately > > so that the downtime will be minimized as much as possible. > > > > If anyone has any specific questions or problems, please let me know. > > > > Sherri Bradley > > National Coordinator > > USGenWeb Project > > Information about the USGenWeb Project at http://usgenweb.org > > Advisory Board Agenda http://usgenweb.org/agenda2.php > > > > > > > > > > > > ------------------------------- > > To unsubscribe from the list, please send an email to >[email protected] with the word 'unsubscribe' without the >quotes in the subject and the body of the message > > > > >------------------------------- >To unsubscribe from the list, please send an email to >[email protected] with the word 'unsubscribe' without the >quotes in the subject and the body of the message > > > >------------------------------- >To unsubscribe from the list, please send an email to >[email protected] with the word 'unsubscribe' without >the quotes in the subject and the body of the message

    10/16/2009 12:59:29
    1. Re: [STATE-COORD] Hacker Attack (Again)
    2. Karen De Groote-Johnson

    3. Joan, I am not sure how we tell but I will share this bit from one of my people. I am terribly alarmed because I was on Ancestry last night and a fake looking Adobe update window came up. I think we need to know the extent of this hacking and need to know as soon as the information is available. Quote: earlier tonight, I was checking my county links, and my virus scan picked up a malware on the usgenweb site when I entered it, and when I entered one of neighboring websites when I checked that link. It appears to be a fake "Upload Adobe Flashplayer Now" scam, that appears as a pop up. I am advising folks (as I've always done) to never click on these items or similiar items when browsing the net. My virus scanner indicated that it was a Trojan program and very malicious. Karen -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joan Asche Sent: Friday, October 16, 2009 6:10 AM To: [email protected] Subject: Re: [STATE-COORD] Hacker Attack (Again) How can we tell if our sites are infected. Will it set off antivirus programs? J. Asche On Thu, Oct 15, 2009 at 7:30 PM, Sherri <[email protected]> wrote: > ********************* Please forward to all Project Lists > ********************************** > > The National USGenWeb Project site and all sites hosted on theusgenweb.org > domain, as well as  a few other Project sites have been hit again by a > hacker that has included some malware code at the end of the majority of the > pages on each site.  We are working with the hosting service right now to > get the sites cleaned and the code removed.  Please ask ALL Project > Coordinators that have their sites hosted on theusgenweb.org or anyone that > specifically gets notices that they're sites are infected to not connect by > ftp to the sites until at least the 16th as we work to try to ensure that we > have the sites cleaned once again. > > For folks that have only visited the USGenWeb National site or any of the > other affected sites using their browser, the risk is very minor that your > computer has been infected.  If you've connected by ftp and downloaded files > from any of the infected sites, I'd suggest running a full virus scan on > your computer and I'd also recommend running at least a couple of spyware > scans to add an additional level of confidence that your system is clean. > > All sites that are hosted on theusgenweb.org server will have the passwords > changed before you can log in again.  I'll be starting on this immediately > so that the downtime will be minimized as much as possible. > > If anyone has any specific questions or problems, please let me know. > > Sherri Bradley > National Coordinator > USGenWeb Project > Information about the USGenWeb Project at http://usgenweb.org > Advisory Board Agenda http://usgenweb.org/agenda2.php > > > > > > ------------------------------- > To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message > ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

    10/16/2009 12:47:04
    1. Re: [STATE-COORD] How to Tell
    2. Gayle Triller

    3. Does it only get the passwords that are stored on your computer or can it find any that you have used. The only passwords I have stored on this one are the ones for my admin passwords for my mail list. But I did go to my bank accounts earlier this week but they are not stored on the computer so are they safe or should I change them? Gayle -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Betsy Sent: Friday, October 16, 2009 5:58 AM To: [email protected]; [email protected] Cc: [email protected] Subject: [STATE-COORD] How to Tell What I have been finding - use your browser, go to your main web page and View Source. Scroll to the bottom of the code. If you see: <script function - followed by some gibberish letters the page has been hacked. However, please note - we have found some subpages that have been hacked also, so please continue to monitor your webpages. My recommendation is for everyone to stop all FTP'ing and change your email passwords to brand new secure passwords. Do NOT use your mother's maiden name, your birth date, your social security number, your children's names or your dog's. Include letters - both upper and lower case - and numbers. If you need help designing a password that is still memorable while still being more secure, contact me privately. And if anyone got the message to "Update Adobe" and clicked on it, please immediately scan your computer and once you are sure it is clean, change your passwords. Lastly, take this time to take a break. Visit a cemetery, transcribe some records, or even just turn around and visit with your family. They may be surprised to know what your face looks like!! (Yes, my kids took a picture of the back of my head one time and labelled it "Mom." Aren't they funny???) Betsy >From: Joan Asche >Date: 10/16/2009 6:10:29 AM >To: [email protected] >Subject: Re: [STATE-COORD] Hacker Attack (Again) > >How can we tell if our sites are infected. Will it set off antivirus >programs? > >J. Asche > ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

    10/16/2009 12:44:06
    1. Re: [STATE-COORD] Hacker Attack (Again)
    2. Gayle Triller

    3. I wouldn't. Mine did not alert me when I opened my pages in Firefox but did when using IE. Norton did however clean a cookie off my computer and the alert I got from Norton when using IE later was that someone had tried to put a cookie on my site and it was an adobe update. I think my firefox might be set to not accept cookies because I tried to access a site last night that requires a password and I could not get in because cookies were not allowed and that site used them. I have checked my sites that were infected last night and the code is gone from the. Since this was so wide spread maybe it will increase the chances that this idiot will be caught. Gayle -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Joan Asche Sent: Friday, October 16, 2009 5:44 AM To: [email protected] Subject: Re: [STATE-COORD] Hacker Attack (Again) I checked my pages hosted on usgenweb and my antivirus did not alert me to anything wrong. Can I trust my antivirus and assume that my pages are clean? J. Asche On Fri, Oct 16, 2009 at 7:47 AM, Karen De Groote-Johnson <[email protected]> wrote: > Joan, I am not sure how we tell but I will share this bit from one of my > people.  I am terribly alarmed because I was on Ancestry last night and a > fake looking Adobe update window came up.  I think we need to know the > extent of this hacking and need to know as soon as the information is > available. > ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

    10/16/2009 12:35:30
    1. Re: [STATE-COORD] Hacker Attack (Again)
    2. Karen De Groote-Johnson

    3. Are the other two hosting services also hosting USGW sites? Or is it not genealogy site related? I find the security at IX leaving much to be desired and not sure why we moved to this server. The move required a reload of at least one state and it's counties and unfortunately there were errors in the reload almost like it was taken from an earlier copy of all the files. It was not up to date. The move, the reload and now two hackings have taken place in the last 2 months. I don't know why we would want to stay with a company with this type of performance. I also think they owe us some satisfaction. I would like additional and more timely information this time around please. Karen De Groote-Johnson MTGenWeb SC -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Sherri Sent: Thursday, October 15, 2009 6:58 PM To: [email protected]; [email protected]; [email protected]; [email protected] Subject: Re: [ABChat] [BOARD] Hacker Attack (Again) Additional Information: This hacker attack is not confined to USGenWeb sites, nor to IXWebhosting, where the National site and theusgenweb.org domains are hosted. Nor does it affect all sites hosted at IXWebhosting. It's on at least two other hosting services that I found, just taking a quick peek. Sherri Bradley National Coordinator USGenWeb Project Information about the USGenWeb Project at http://usgenweb.org Advisory Board Agenda http://usgenweb.org/agenda2.php -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Sherri Sent: Thursday, October 15, 2009 7:30 PM To: [email protected]; [email protected]; [email protected]; [email protected] Subject: [BOARD] Hacker Attack (Again) Importance: High ********************* Please forward to all Project Lists ********************************** The National USGenWeb Project site and all sites hosted on theusgenweb.org domain, as well as a few other Project sites have been hit again by a hacker that has included some malware code at the end of the majority of the pages on each site. We are working with the hosting service right now to get the sites cleaned and the code removed. Please ask ALL Project Coordinators that have their sites hosted on theusgenweb.org or anyone that specifically gets notices that they're sites are infected to not connect by ftp to the sites until at least the 16th as we work to try to ensure that we have the sites cleaned once again. For folks that have only visited the USGenWeb National site or any of the other affected sites using their browser, the risk is very minor that your computer has been infected. If you've connected by ftp and downloaded files from any of the infected sites, I'd suggest running a full virus scan on your computer and I'd also recommend running at least a couple of spyware scans to add an additional level of confidence that your system is clean. All sites that are hosted on theusgenweb.org server will have the passwords changed before you can log in again. I'll be starting on this immediately so that the downtime will be minimized as much as possible. If anyone has any specific questions or problems, please let me know. Sherri Bradley National Coordinator USGenWeb Project Information about the USGenWeb Project at http://usgenweb.org Advisory Board Agenda http://usgenweb.org/agenda2.php USGenWeb Advisory Board Agenda: http://usgenweb.org/agenda2.shtml ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

    10/15/2009 02:43:09
    1. Re: [STATE-COORD] [BOARD] Hacker Attack (Again)
    2. Sherri

    3. Additional Information: This hacker attack is not confined to USGenWeb sites, nor to IXWebhosting, where the National site and theusgenweb.org domains are hosted. Nor does it affect all sites hosted at IXWebhosting. It's on at least two other hosting services that I found, just taking a quick peek. Sherri Bradley National Coordinator USGenWeb Project Information about the USGenWeb Project at http://usgenweb.org Advisory Board Agenda http://usgenweb.org/agenda2.php -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Sherri Sent: Thursday, October 15, 2009 7:30 PM To: [email protected]; [email protected]; [email protected]; [email protected] Subject: [BOARD] Hacker Attack (Again) Importance: High ********************* Please forward to all Project Lists ********************************** The National USGenWeb Project site and all sites hosted on theusgenweb.org domain, as well as a few other Project sites have been hit again by a hacker that has included some malware code at the end of the majority of the pages on each site. We are working with the hosting service right now to get the sites cleaned and the code removed. Please ask ALL Project Coordinators that have their sites hosted on theusgenweb.org or anyone that specifically gets notices that they're sites are infected to not connect by ftp to the sites until at least the 16th as we work to try to ensure that we have the sites cleaned once again. For folks that have only visited the USGenWeb National site or any of the other affected sites using their browser, the risk is very minor that your computer has been infected. If you've connected by ftp and downloaded files from any of the infected sites, I'd suggest running a full virus scan on your computer and I'd also recommend running at least a couple of spyware scans to add an additional level of confidence that your system is clean. All sites that are hosted on theusgenweb.org server will have the passwords changed before you can log in again. I'll be starting on this immediately so that the downtime will be minimized as much as possible. If anyone has any specific questions or problems, please let me know. Sherri Bradley National Coordinator USGenWeb Project Information about the USGenWeb Project at http://usgenweb.org Advisory Board Agenda http://usgenweb.org/agenda2.php USGenWeb Advisory Board Agenda: http://usgenweb.org/agenda2.shtml ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

    10/15/2009 01:58:03