Peter Bargh

Sights & Sounds
September 2nd, 2009

Cat amongst the pigeons

Well it wasn’t pigeons that I heard squawking today in the garden. When I heard the loud shrieks I thought “oh no the kitten’s got another bird”, but this time it was quite the opposite. To my surprise I saw a very worried kitten running away while being dive bombed by a thrush.

The kitten, called Diesel, eventually froze in the centre of the garden and stared in amazement as the thrush began to hop closer in circular motions, shrieking all the time. In the background, in just about every bush, was a group of blackbirds, seemingly egging the thrush on to attack. It was a surreal moment that I’ve never seen before.

After some time Diesel plucked up courage to attack. The bird missed the leap and proceeded to taunt poor Diesel from a nearby bush before diving down like a Spitfire over the kitten’s head. I decided to get the camera and managed to take a few quick snaps before Diesel came to running to me all shook up.

cat and thrush

I’m not sure how they situation had occurred but I think tonight maybe he will have nightmares.

Tags: , ,
Posted in Diary | No Comments »

December 28th, 2008

Malware and 7speed.info

You have found this post because you’re trying to find out about an attack from 7speed.info a malware site that has somehow infected your web site causing virus alert warnings from programs such as Avast. I struggled to find out information searching Google for an answer when it happened to me yesterday. I fumbled around and eventually found the way to resolve it thanks to Scott of MTMinds.

The site has managed to get to your directory (web folders) and added some javascript to certain pages so that the malware (combination of malicious and software) is activated.  You need to do two things.

First make your site secure using new stronger passwords on your server access point and when using ftp. Change these passwords immediately. Use passwords with 8 to 12 character length that are not meaningful words just a string of letters (upper & lower), punctuation and numbers. I now use this site to generate ones automatically  for me: PC Tools Secure Password Generator.

Second find any files that have been “infected” and remove the offending javascript.

The javascript from 7speed.info was placed in the first line of the body on most of my sites, and finding it on ones I’d created using html and basic structures was easy…once I knew what I was looking for! But on sites built using templates such as WordPress and Drupal it was a more challenging discovery. So I’ve written this blog to help speed up your investigation and repair.

The javascript looks like this at the beginning <script language=JavaScript> then the functiion follows with function hilbnb25(z) the hilbnb bit might be a different set of charachters on your page but it always seems to follow with (z) Next is  {var c=z.length,m=1024 and then a huge string of letters and numbers ending with </script><!– your domain host –>
If you take all this out the problem is resolved.  Back up just in case you make a mistake.

To find the javascript
I have several sites and found the easiest way to see if my site was infected was to use the information menu on FireFox Web Developer extension. And then searched for 7speed.info. It highlighted any code on the site. I could then locate the page via ftp and delete the code.

Pages affected
In my experience it was Index.html and index.php pages infected on basic sites
Header.php and Footer.php on basic sites with include files.

On Drupal templates you need to go into the directory of the theme you are using and locate the page.tpl.php file

On PHP Fusion edit the subheader.php and footer.php files

On WordPress go into the theme directory and edit the header.php and footer.php files.

Hope that helps.

Tags: , , ,
Posted in Helping Hand | No Comments »