[rawfunk]

Hello there geeks. I'm new to this place (which looks like a godsend, quite frankly), so please bear with me.

Yesterday I posted an item about an infected website folder on the HijackThis sub-forum. No response so far but I gather that's common.

What I'm wondering is: is it possible to use the various disinfect programs you recommend on this site using a Mac? If I were to download my site from the net into a folder which I then attacked with these programs, could this be a way of cleaning the files? Luckily I have a separate Mac other than my PC so I can continue doing my work. This possibility just occurred to me, though I doubt it is possible.

My site is in a directory that's not yet public, but I was scheduled to launch it within a few days. As it is, I'm terrified of even opening the site on my PC should it ruin everything again, let alone make the site public. It's a bit of a disaster.

Really, any help/advice/suggestions of any kind would be hugely, hugely appreciated.

Thankyou...

Edited by rawfunk, 18 February 2008 - 08:13 AM.

[Advertisements]

First, Welcome to Geeks-To-Go.

To answer your question, there are spyware programs for macs. The programs used here to remove malware are typically bound to Windows. Meaning that they wouldn't work on another operating system (mac, linux). Also, you should understand that the malware that infects a Windows computer, is more than likely not going to affect a mac in the same way. There are however, anti-spyware programs for Mac, one that I've used before is MacScan (http://macscan.securemac.com/).

If I understand the rest of your post correctly, you will be running a web server on your mac to serve your webpage? There is typically nothing wrong with this, just make sure that you have some sort of firewall turned on (with the appropriate holes opened for your web server) and that the mac is up-to-date. I'm assuming you know how to do these things. If not we can help.

[Gravity Gripp]

First, Welcome to Geeks-To-Go.

To answer your question, there are spyware programs for macs. The programs used here to remove malware are typically bound to Windows. Meaning that they wouldn't work on another operating system (mac, linux). Also, you should understand that the malware that infects a Windows computer, is more than likely not going to affect a mac in the same way. There are however, anti-spyware programs for Mac, one that I've used before is MacScan (http://macscan.securemac.com/).

If I understand the rest of your post correctly, you will be running a web server on your mac to serve your webpage? There is typically nothing wrong with this, just make sure that you have some sort of firewall turned on (with the appropriate holes opened for your web server) and that the mac is up-to-date. I'm assuming you know how to do these things. If not we can help.

[rawfunk]

Hello Gravity Gripp. Thanks for your reply.

I don't think I made my situation very clear! Sorry.

1) My PC is infected. I first noticed it when AVG detected an HTML/Framer virus in my Firefox profile, linked to the cache created for my Wordpress website, which I'm trying to set up as a CMS.

2) I realised this happened because malicious code (please excuse my layman's terminology) was written into my web files online (according to my web host), which I then accidentally downloaded to my PC when performing a backup operation.

3) I zipped-up all versions of my site (which I found were also infected), and realised I didn't have any way to edit my site any more! I couldn't even edit files in Dreamweaver, because the access was denied. I don't know why this is, maybe it's AVG? But this means my business is fast getting crippled.

4) I have a Mac, so can continue my work on that machine. However, the virus is still present on my site, I think. I was wondering whether I could clean my website using my Mac, as Macs are - as you say - less at risk. But if these programs are designed specifically to work on PCs, I'm guessing that won't work.

I'm at a loss really. I guess also that you can't clean online viruses without providing the passwords to the accounts, which is clearly a bad move.

This has all happened because I cannot change my Wordpress file permissions to anything other than 777 without locking myself out!

[Gravity Gripp]

Ok, what you'll need to do is restore from a known good backup copy of your website, then update the installation to the latest version. If you don't have a backup copy, then the only recommended way to proceed, is to start from scratch. I do not recommend trying to "fix" the version you have because there is no telling what has been put in.

I also hope that you keep backups of your database, you will need to restore it from a known good backup copy also.

To address the permissions issue with your website, I think your problems is related to the owner of the files. Let's assume that you use apache and run gentoo, as I have before. To get everyting working correctly and securely, I would have to change the owner of the websites to apache and then place the files in the apache group. "chown -R apache:apache /path/to/files"

Edited by Gravity Gripp, 18 February 2008 - 12:16 PM.

[rawfunk]

I feared that may be the only way forward.

I have several backups, the ones on my hard-drive all seem to be infected but I have some on my external hard-drive too which may be okay. I'll check them.

I do also have backups of my database.

Thanks very much for your help, at least now I know there's no easier solution.

re: the permissions note - I'm not entirely sure how to do what you said there. I am relatively new to this, and I'm not trained in building/maintaining websites. Previous to using Wordpress I had no problems whatsoever with my site - it's only since having the files as part of a Wordpress framework that I began receiving these attacks. The Wordpress help forum hasn't been very helpful unfortunately.

Edited by rawfunk, 18 February 2008 - 12:24 PM.

[Gravity Gripp]

Wordpress is a very nice and useful CMS. I use it for several different websites, including my own. You can think about it like this, why are there so many viruses for Windows and not as many for Linux and OSX? Because the majority of people run Windows. There are a great number of people who use wordpress and a lot of them do not keep the package up-to-date, thus leaving security holes open to the world.

[rawfunk]

Other than this security issue, I absolutely love it. It's transformed the way I work. Though I have only had it since Christmas, so I'm still getting to grips with how to keep it secure, and I understand that it is harder to 'harden' it than it is a site that's managed on a private system then uploaded via FTP.

Once I sort out how to keep it secure, it'll be a perfect solution I think.