Thursday, July 21, 2011

Google Your computer appears to be infected

SkyHi @ Thursday, July 21, 2011
A warning appears at the top of the search results page when we believe that the computer you're using is infected with malicious software, also known as "malware." Malware can be used to intercept your computer's connection to Google and other sites. When Google's system detects that a connection has been intercepted, it's likely that the computer was previously infected with malicious software.
An infected computer can result in deleted data, stolen personal information, and a slower connection to many websites. We showed you the warning so that you can scan your computer and take any necessary action to protect yourself.

How do I fix my computer?

1. Install or update your antivirus software. Antivirus software can detect and remove malware from your computer. While we don't make or support antivirus software ourselves, here are some tips:
  • If you don't have any antivirus software, you can either search Google for "antivirus" or try one of our suggested antivirus products. If you prefer to find your own, be wary of fake antivirus software that may actually be malicious; common examples that you should not install include "My Security Shield," "Security Master AV," and "CleanUp Antivirus." Before choosing to install any software, look online for reviews or forum posts to make sure that the software is not a malicious program.
  • Even if you already use antivirus software, it's possible that your existing version cannot catch all potential issues. We recommend that you update this software to make sure that you're using the most recent version.
2. Perform a system scan using your up-to-date antivirus or anti-spyware software. If any issues are found, use the software to fix the problem. When the problem is solved, your antivirus scans should not find any issues and you should not see the warning on Google again.
If you continue to see the malware warning, it's possible that your antivirus software didn't clean the entire infection, and you will need to fix it yourself. See the technical instructions for Windows users 3. Help us learn about new forms of malware. You can provide feedback about what you found while scanning your computer. Please also use that link if you have any feedback or would like to tell us anything about this experience.
If everyone in your organization sees this warning but you're certain that your computers are not infected, please talk to your network administrator. Your organization's proxy may be infected, causing all users to see the warning.

Why does Google think my computer is infected?

Some forms of malicious software will alter your computer settings to redirect some or all of your traffic through a proxy controlled by the attacker. When you use Google, the proxy forwards your query to the real Google servers to fetch the search results. If our system detects that a search came through one of these proxies, we display the warning.
You may have been tricked into downloading this software when visiting a site or reading an email. For more tips on how to stay safe online, see our security advice.

REFERENCES
http://www.google.com/support/websearch/bin/answer.py?answer=1182191

Tuesday, July 19, 2011

HTML Server Side Include

SkyHi @ Tuesday, July 19, 2011
Solution:
1. Use XbitHack on , but you have to rewrite the /html/cgi-bin/ cgi scripts to javascript because of vulnerability https://www.owasp.org/index.php/Server-Side_Includes_%28SSI%29_Injection
 <Directory /var/www/>
                ##includes addded by d
               #$Options -Indexes FollowSymLinks MultiViews +Includes
                Options -Indexes FollowSymLinks MultiViews +IncludesNOEXEC
                #AllowOverride None
                AllowOverride All
                Order allow,deny
                allow from all
                #AddType text/html .shtml
                #AddOutputFilter INCLUDES .html .shtml
                XbitHack on
        </Directory>

<Directory "/var/www/html/whitt.com/html">
    Options FollowSymLinks +Includes
    AllowOverride All
    AddType text/html .shtml
    DirectoryIndex index.php index.html index.html.var index.shtml
</Directory>

Create a SSI test file and save it under /var/www/ssi-test.shtml.
Test it works
<html>
<head>
<title>SSI Test Page
</head>
<body>
<!--#echo var="DATE_LOCAL" -->
</body>
</html>

2. use mod_rewrite, http://corz.org/serv/tricks/htaccess2.php to rewrite php to html, this could have you penalized by the search engines.
REFERENCES
//IncludesNOEXEC
//How to use SSI