Online DNS lookup ip address location Full DNS lookup, find all subdomains


M-Walker

A tool to automatic monitor your site for running scripts.


Issue description

More than 640,000 Web sites and about 5.8 million pages are infected with malware.
Most of these sites are not intentionally distributing malware and have been compromised without knowledge of their webmasters. Read more...


Affecting website owners

When somebody try to open you site the message "This site may harm your computer" appears.
This message can come from Google search results, antivirus program or web browser. That means that search engine has detected malicious code at you website and your site is bloked from visitors. You lose page rank and your site visitors may lose trust in you and never return to your site.


Affecting website visitors

Malicious software is often installed without your visitor knowledge or permission when he or she visit these sites, and can include programs that delete data on computer, steal personal information such as passwords and credit card numbers, or alter search results.


How Hackers get In?

Very abstract we can classify these possibilitis in three levels:

  • Webserver level - when whole webserver is hacked.
  • User account level - when hacker can get one of another kind of read/write access to source of scripts used by a website through other scripts that also be used at this site.
  • Local user level - when local PC of webmaster is infected with a virus that can steal passwords or interact with FTP session.

    Some common lines about how this can occur:

  • Hackers look for weaknesses they can exploit in a blog or website, usually a CMS.
  • When hacker have got access to one of sites located on a shared webhosting - he can also get access to other sites located on same server.
  • Once a webserver is hacked - the complete user database can be sold to third party.


    What is a malicious code?

    This is one or another code inside a web page that can load an another code from remote server and this another code will install software at visitor PC using operation system or web browser bugs.

    We can abstract classify these bugs as next:

  • Known bugs, that can be fixed with updates from operating system manufacturer that are already exists, but PC is not yet updated.
  • Known bugs, that are not yet fixed and there are no updates for.
  • Unknown or new bugs, that can be used while operating system manufacturer do not know that thay are exist.

    Most commonly malicious code contain something with iframe, script src or base64, but there are to much other ways for a advanced people to compleet the goal and load something from another site. Because of this we do not think that this is a really good idea to look for some regular code in your page to ensure that your site is not infected. But we can capture which connections were made as a result of any executed code.


    What does M-Walker for website owners?

    We can visit your site with real web browser, capture all active connections that where made during this visit, check ip addresses of these connections in malware database and send you a report about it. This way you stay informed with what visitors browsers or web crawlers are see at you site and you can delete malicious code to prevent your website from blacklisting and your visitors computers from possible infection. For example, below is the report that was created during a visit of digitalpoint.com



    There are two connections that were active during this visit:

    One connection with IP address of digitalpoint.com, and another one whith IP of google-analytics.com.

    If you do not edit your site script you will resieve the same report each time, if you go place some banner or Google AD, or something else that located on another host you will see more IP addresses in our next report. But if you have nothing changed and you see some other IP addresses than were before - that means that somebody else has changed content of your site and you must take a look to your scripts.

    Below is the report of visiting www.times.com
    This report show that when somebody visit this site, he's webbrowser load some data from 18 different other hosts, and each of these IP addresses has been checked and not found in Malware IP database. Regardless these IP adresses are not listed in Malware IP database we believe and will recommend to webmasters to know and ensure about every connection that take a place. The reasons of this are shows below:

  • First of all, there is no single antivirus-program or database, that known about every virus or IP address that has ever been made or used.
  • Secondly, antivirus-programs and blacklists are always step behind real time. That's because there first have to be a virus or a alert about some IP address, before you can develop a method to eliminate or block it. This development is always hours (or even days or weeks) behind.




    And really bad report from one another site.




    What can Magic-Net do more for webmasters?

  • We can help you to locate and delete malicious code.
  • Using the same methods and skills as hackers we can run a penetration test against your site or server and tell you about found bugs.

    		•
    Email to send report:
    Web site and page URL:
    You want to: Sign In Sign Out
    CAPTCHA Image


    M-Walker is currently free.
    		 
      Online DNS records lookup Ip address location lookup PTR record reverse lookup Check mailserver in blacklist Traceroute Whois. Find domain owner M-Walker Contact  

    2009 © Magic-Net.nl