News:

SMF 2.1.6 has been released! Take it for a spin! Read more.

Main Menu

Favicon.ico infected

Started by antler, January 21, 2013, 09:20:52 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

antler

January 21, 2013, 09:20:52 PM
2X2 Hosts sent me a message today. message follows:
      favicon.ico    Blocked: http://www.nwhunttalk.com/favicon.ico (analysis using the database of malicious URLs)

How can a favicon.ico become infected and how can I fix it?

Colin

#1
January 21, 2013, 09:22:26 PM
Will you please provide a link to your site?
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

Colin

#3
January 21, 2013, 09:51:09 PM
No and that is the issue. It is linking to a possibly malicious external site to pull the favicon from.
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

Colin

#4
January 21, 2013, 09:52:12 PM
Unless his host has detected his site as a malicious site. If so LOL.
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

antler

#5
January 21, 2013, 10:00:56 PM
it may be getting it from http://wfwforum,org

my host had me clone http://www.nwhunttalk.com from the above

Colin

#6
January 21, 2013, 10:17:27 PM
I am afraid I don't understand. Which one of those sites is actually yours?
"If everybody is thinking alike, then somebody is not thinking." - Gen. George S. Patton Jr.

Colin

antler

#7
January 22, 2013, 10:21:46 AM
both sites are mine. I wanted http://www.nwhunttalk.com to be just like http://wfwforum.org. Bluehost had me copy files from

http://wfwforum.org to http://www.nwhunttalk.com. I was not using the .org but didn't want to go thru re-installing the entire site and adding all the mods again.   Anyway, it is what it is now. It still puzzles me how an icon can get infected.

MrPhil

#8
January 22, 2013, 11:17:50 AM
I don't think they found the icon itself to be infected, but rather it's coming from a blacklisted site. Is your favicon on your site, and being referred to locally (if you have a <link> to it rather than using the default /favicon.ico)? Or is a shortcut icon <link> pulling it in from some other site that might be blacklisted?

Storman™

#9
January 22, 2013, 12:29:48 PM
This sometimes occurs when someone has inserted a call to a favicon file which isn't there. Subsequently the site quite correctly responds with a 404 error code and displays a custom 404 error page. Only problem is that the 404 html page has been doctored with an extra line of code that has a malicious link inserted. Essentially no actual favicon file is involved in the process which makes it confusing.

You should check the folder permissions in the root of your site, the custom 404 pages, plus also check the htaccess file for possible redirects. Also change your root and ftp passwords.

I'm not saying this is the definitely the reason but the above is a possibility, so worth checking out.   ;)

Print
Go Up Pages1
User actions
Advertisement: