Please help: Java trying to access computer from my website

[AeroUK]

Hi everyone,

I use wordpress to host my site www.aaronshort.com

Recently when I load the site I have a Java applet to access my computer while on the main page. I have attached a screen grab. If someone could help me I would really appreciate it.

Best

Aaron

[CrickettGrrrl]

Quote:

Originally Posted by AeroUK

Hi everyone,

I use wordpress to host my site www.aaronshort.com

Recently when I load the site I have a Java applet to access my computer while on the main page. I have attached a screen grab. If someone could help me I would really appreciate it.

Best

Aaron

Did you install the latest Java patch in Software Update this week?

I was just reading this article about the java exploit in Ars, you might want to take a look at it:
http://arstechnica.com/apple/news/20...0#comments-bar

[AeroUK]

It is not that, I think it is a virus in my site but I have no idea what to do!

[jared_kipe]

Do you not have a local copy somewhere? Delete it from the host and re-upload your local copy.

[GGJstudios]

Quote:

Originally Posted by AeroUK

It is not that, I think it is a virus in my site but I have no idea what to do!

It's not a virus, since there are no Mac OS X viruses in the wild. It's simply a website requesting access to your computer. Just click "Deny". That's all you need to do.

[SandboxGeneral]

Quote:

Originally Posted by GGJstudios

It's not a virus, since there are no Mac OS X viruses in the wild. It's simply a website requesting access to your computer. Just click "Deny". That's all you need to do.

While true, the OP is saying that he didn't install this applet into his website, which means his site was possibly hacked and someone else put this applet in there. He wants to know what happened to his site and how to fix it.

That's what it sounds like he is saying to me anyway.

[GGJstudios]

Quote:

Originally Posted by SandboxGeneral

While true, the OP is saying that he didn't install this applet into his website, which means his site was possibly hacked and someone else put this applet in there. He wants to know what happened to his site and how to fix it.

That's what it sounds like he is saying to me anyway.

It appears to be something from WordPress, not a hacker.

[SandboxGeneral]

Quote:

Originally Posted by GGJstudios

It appears to be something from WordPress..

Right, and that's what the OP is inquiring about. OP owns the website from Wordpress and did not install this applet into his website. A Google search of the Java applet shows a Brazilian website as it's source. OP wants to know how to get this applet out of his website.

[GGJstudios]

Quote:

Originally Posted by SandboxGeneral

Right, and that's what the OP is inquiring about. OP owns the website from Wordpress and did not install this applet into his website. A Google search of the Java applet shows a Brazilian website as it's source. OP wants to know how to get this applet out of his website.

If you go to the site and click View > View Source you can see the HTML for the site. Also, you can right-click on any item and select "Inspect Element" to learn more.

[AeroUK]

Sandbox General, that is exactly right.

My site is hosted on Bluehost and is a WordPress site so I cannot scan the files offline.

The applet can be ignored on a PC with IE but my Mac asks to accept the applet every time. I just need to find out how to stop this happening. Does anyone know?

Best

Aaron

[SandboxGeneral]

Quote:

Originally Posted by AeroUK

Sandbox General, that is exactly right.

My site is hosted on Bluehost and is a WordPress site so I cannot scan the files offline.

The applet can be ignored on a PC with IE but my Mac asks to accept the applet every time. I just need to find out how to stop this happening. Does anyone know?

Best

Aaron

You're going to have to look over your code for the malicious code that doesn't belong and remove it.

Also, make sure you're using a strong password for administrative access, and change it right away, regardless. If anyone has delegated authority to the site, make sure you have them change their passwords and make them strong.

Then make sure you have any software you're using with Wordpress is fully up-to-date.

[CrickettGrrrl]

Quote:

Originally Posted by AeroUK

Hi everyone,

I use wordpress to host my site www.aaronshort.com

Recently when I load the site I have a Java applet to access my computer while on the main page. I have attached a screen grab. If someone could help me I would really appreciate it.

Best

Aaron

Hi AeroUK,

I hope your problem is resolved now. I just read the following on MacWorld, --remembered your post and thought you might be interested:

Quote:

“A lot of things happened at the same time,” said Mike Geide, senior security researcher at Zscaler ThreatLabZ. “There have been mass compromises of WordPress sites, and the controllers [for those hijacked websites] match the domain structure Doctor Web described. That’s been ongoing since at least early March.”

WordPress is a popular open-source blogging and content management platform used by about one in seven websites.

Those usurped WordPress sites have been redirecting users to malicious URLs, where hackers have hosted the Blackhole exploit kit. Blackhole tries multiple exploits, including several aimed at Java bugs on Macs, to compromise machines.

The sheer size of the WordPress installed base and the scope of the WordPress injection campaign means that it would not have been impossible for hackers to poison more than 600,000 Macs.

“The number is entirely feasible,” said Brett Stone-Gross, a security researcher with the Counter Threat Unit of Dell SecureWorks. Atlanta-based SecureWorks is well-known for its botnet research.

http://www.macworld.com/article/1166...on_target.html

[Consultant]

Quote:

Originally Posted by AeroUK

Sandbox General, that is exactly right.

My site is hosted on Bluehost and is a WordPress site so I cannot scan the files offline.

The applet can be ignored on a PC with IE but my Mac asks to accept the applet every time. I just need to find out how to stop this happening. Does anyone know?

Best

Aaron

You can access the files through FTP.

I am guessing you have a weak password and they brute forced it.

By the way saying this is wrong "I use wordpress to host my site" when you are "Using self-hosted wordpress"

[AeroUK]

OK so should I change my password and then try to get my files downloaded and scanned from the FTP server?

I have not had the problem for the past few days...