Please help: Java trying to access computer from my website

AeroUK · Apr 4, 2012

Hi everyone,

I use wordpress to host my site http://www.aaronshort.com

Recently when I load the site I have a Java applet to access my computer while on the main page. I have attached a screen grab. If someone could help me I would really appreciate it.

Best

Aaron

CrickettGrrrl · Apr 4, 2012

AeroUK said:
Hi everyone,

I use wordpress to host my site http://www.aaronshort.com

Recently when I load the site I have a Java applet to access my computer while on the main page. I have attached a screen grab. If someone could help me I would really appreciate it.

Best

Aaron

Did you install the latest Java patch in Software Update this week?

I was just reading this article about the java exploit in Ars, you might want to take a look at it:
http://arstechnica.com/apple/news/2012/04/flashback-trojan-reportedly-controls-half-a-million-macs-and-counting.ars?comments=1&start=0#comments-bar

AeroUK · Apr 5, 2012

It is not that, I think it is a virus in my site but I have no idea what to do!

jared_kipe · Apr 6, 2012

Do you not have a local copy somewhere? Delete it from the host and re-upload your local copy.

GGJstudios · Apr 6, 2012

AeroUK said:
It is not that, I think it is a virus in my site but I have no idea what to do!

It's not a virus, since there are no Mac OS X viruses in the wild. It's simply a website requesting access to your computer. Just click "Deny". That's all you need to do.

SandboxGeneral · Apr 6, 2012

GGJstudios said:
It's not a virus, since there are no Mac OS X viruses in the wild. It's simply a website requesting access to your computer. Just click "Deny". That's all you need to do.

While true, the OP is saying that he didn't install this applet into his website, which means his site was possibly hacked and someone else put this applet in there. He wants to know what happened to his site and how to fix it.

That's what it sounds like he is saying to me anyway.

GGJstudios · Apr 6, 2012

SandboxGeneral said:
While true, the OP is saying that he didn't install this applet into his website, which means his site was possibly hacked and someone else put this applet in there. He wants to know what happened to his site and how to fix it.

That's what it sounds like he is saying to me anyway.

It appears to be something from WordPress, not a hacker.

SandboxGeneral · Apr 6, 2012

GGJstudios said:
It appears to be something from WordPress..

Right, and that's what the OP is inquiring about. OP owns the website from Wordpress and did not install this applet into his website. A Google search of the Java applet shows a Brazilian website as it's source. OP wants to know how to get this applet out of his website.

GGJstudios · Apr 6, 2012

SandboxGeneral said:
Right, and that's what the OP is inquiring about. OP owns the website from Wordpress and did not install this applet into his website. A Google search of the Java applet shows a Brazilian website as it's source. OP wants to know how to get this applet out of his website.

If you go to the site and click View > View Source you can see the HTML for the site. Also, you can right-click on any item and select "Inspect Element" to learn more.

AeroUK · Apr 7, 2012

Sandbox General, that is exactly right.

My site is hosted on Bluehost and is a WordPress site so I cannot scan the files offline.

The applet can be ignored on a PC with IE but my Mac asks to accept the applet every time. I just need to find out how to stop this happening. Does anyone know?

Best

Aaron

SandboxGeneral · Apr 7, 2012

AeroUK said:
Sandbox General, that is exactly right.

My site is hosted on Bluehost and is a WordPress site so I cannot scan the files offline.

The applet can be ignored on a PC with IE but my Mac asks to accept the applet every time. I just need to find out how to stop this happening. Does anyone know?

Best

Aaron

You're going to have to look over your code for the malicious code that doesn't belong and remove it.

Also, make sure you're using a strong password for administrative access, and change it right away, regardless. If anyone has delegated authority to the site, make sure you have them change their passwords and make them strong.

Then make sure you have any software you're using with Wordpress is fully up-to-date.

CrickettGrrrl · Apr 9, 2012

AeroUK said:
Hi everyone,

I use wordpress to host my site http://www.aaronshort.com

Recently when I load the site I have a Java applet to access my computer while on the main page. I have attached a screen grab. If someone could help me I would really appreciate it.

Best

Aaron

Hi AeroUK,

I hope your problem is resolved now. I just read the following on MacWorld, --remembered your post and thought you might be interested:

A lot of things happened at the same time, said Mike Geide, senior security researcher at Zscaler ThreatLabZ. There have been mass compromises of WordPress sites, and the controllers [for those hijacked websites] match the domain structure Doctor Web described. Thats been ongoing since at least early March.

WordPress is a popular open-source blogging and content management platform used by about one in seven websites.

Those usurped WordPress sites have been redirecting users to malicious URLs, where hackers have hosted the Blackhole exploit kit. Blackhole tries multiple exploits, including several aimed at Java bugs on Macs, to compromise machines.

The sheer size of the WordPress installed base and the scope of the WordPress injection campaign means that it would not have been impossible for hackers to poison more than 600,000 Macs.

The number is entirely feasible, said Brett Stone-Gross, a security researcher with the Counter Threat Unit of Dell SecureWorks. Atlanta-based SecureWorks is well-known for its botnet research.

http://www.macworld.com/article/1166255/security_experts_600_000_plus_estimate_of_mac_botnet_likely_on_target.html

Consultant · Apr 11, 2012

AeroUK said:
Sandbox General, that is exactly right.

My site is hosted on Bluehost and is a WordPress site so I cannot scan the files offline.

The applet can be ignored on a PC with IE but my Mac asks to accept the applet every time. I just need to find out how to stop this happening. Does anyone know?

Best

Aaron

You can access the files through FTP.

I am guessing you have a weak password and they brute forced it.

By the way saying this is wrong "I use wordpress to host my site" when you are "Using self-hosted wordpress"

AeroUK · Apr 12, 2012

OK so should I change my password and then try to get my files downloaded and scanned from the FTP server?

I have not had the problem for the past few days...

Search

Search

Please help: Java trying to access computer from my website

AeroUK

macrumors 6502

Attachments

CrickettGrrrl

macrumors 6502a

AeroUK

macrumors 6502

jared_kipe

macrumors 68030

GGJstudios

macrumors Westmere

SandboxGeneral

Moderator emeritus

GGJstudios

macrumors Westmere

SandboxGeneral

Moderator emeritus

GGJstudios

macrumors Westmere

AeroUK

macrumors 6502

SandboxGeneral

Moderator emeritus

CrickettGrrrl

macrumors 6502a

Consultant

macrumors G5

AeroUK

macrumors 6502

Our Staff