I have AVG on my laptop and it was set off when I visited National. I was not at home to check my main computer which has Norton Professional. AnnieG Delaware ASC -------Original Message------- From: Joan Asche Date: 10/16/2009 6:10:29 AM To: [email protected] Subject: Re: [STATE-COORD] Hacker Attack (Again) How can we tell if our sites are infected. Will it set off antivirus programs? J. Asche On Thu, Oct 15, 2009 at 7:30 PM, Sherri <[email protected]> wrote: > ********************* Please forward to all Project Lists > ********************************** > > The National USGenWeb Project site and all sites hosted on theusgenweb.org > domain, as well as a few other Project sites have been hit again by a > hacker that has included some malware code at the end of the majority of the > pages on each site. We are working with the hosting service right now to > get the sites cleaned and the code removed. Please ask ALL Project > Coordinators that have their sites hosted on theusgenweb.org or anyone that > specifically gets notices that they're sites are infected to not connect by > ftp to the sites until at least the 16th as we work to try to ensure that we > have the sites cleaned once again. > > For folks that have only visited the USGenWeb National site or any of the > other affected sites using their browser, the risk is very minor that your > computer has been infected. If you've connected by ftp and downloaded files > from any of the infected sites, I'd suggest running a full virus scan on > your computer and I'd also recommend running at least a couple of spyware > scans to add an additional level of confidence that your system is clean. > > All sites that are hosted on theusgenweb.org server will have the passwords > changed before you can log in again. I'll be starting on this immediately > so that the downtime will be minimized as much as possible. > > If anyone has any specific questions or problems, please let me know. > > Sherri Bradley > National Coordinator > USGenWeb Project > Information about the USGenWeb Project at http://usgenweb.org > Advisory Board Agenda http://usgenweb.org/agenda2.php > > > > > > ------------------------------- > To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message > ------------------------------- To unsubscribe from the list, please send an email to [email protected] with the word 'unsubscribe' without the quotes in the subject and the body of the message

What I have been finding - use your browser, go to your main web page and View Source. Scroll to the bottom of the code. If you see: <script function - followed by some gibberish letters the page has been hacked. However, please note - we have found some subpages that have been hacked also, so please continue to monitor your webpages. My recommendation is for everyone to stop all FTP'ing and change your email passwords to brand new secure passwords. Do NOT use your mother's maiden name, your birth date, your social security number, your children's names or your dog's. Include letters - both upper and lower case - and numbers. If you need help designing a password that is still memorable while still being more secure, contact me privately. And if anyone got the message to "Update Adobe" and clicked on it, please immediately scan your computer and once you are sure it is clean, change your passwords. Lastly, take this time to take a break. Visit a cemetery, transcribe some records, or even just turn around and visit with your family. They may be surprised to know what your face looks like!! (Yes, my kids took a picture of the back of my head one time and labelled it "Mom." Aren't they funny???) Betsy >From: Joan Asche >Date: 10/16/2009 6:10:29 AM >To: [email protected] >Subject: Re: [STATE-COORD] Hacker Attack (Again) > >How can we tell if our sites are infected. Will it set off antivirus >programs? > >J. Asche >

Betsy, Some good advice here. Could I post this to the GAGenWeb list? Thanks, Vivian Price Saffold State Coordinator The GAGenWeb Project At 08:57 AM 10/16/2009, you wrote: >What I have been finding - use your browser, go to your main web page >and View Source. Scroll to the bottom of the code. If you see: ><script function - followed by some gibberish letters >the page has been hacked. >However, please note - we have found some subpages that have been >hacked also, so please continue to monitor your webpages. > >My recommendation is for everyone to stop all FTP'ing and change your >email passwords to brand new secure passwords. Do NOT use your >mother's maiden name, your birth date, your social security number, >your children's names or your dog's. Include letters - both upper >and lower case - and numbers. If you need help designing a password >that is still memorable while still being more secure, contact me privately. > >And if anyone got the message to "Update Adobe" and clicked on it, >please immediately scan your computer and once you are sure it is >clean, change your passwords. > >Lastly, take this time to take a break. Visit a cemetery, transcribe >some records, or even just turn around and visit with your >family. They may be surprised to know what your face looks >like!! (Yes, my kids took a picture of the back of my head one time >and labelled it "Mom." Aren't they funny???) > >Betsy > > > > >From: Joan Asche > >Date: 10/16/2009 6:10:29 AM > >To: [email protected] > >Subject: Re: [STATE-COORD] Hacker Attack (Again) > > > >How can we tell if our sites are infected. Will it set off antivirus > >programs? > > > >J. Asche > > > >------------------------------- >To unsubscribe from the list, please send an email to >[email protected] with the word 'unsubscribe' without >the quotes in the subject and the body of the message