Csound Csound - General

Csounds Site

classic Classic list List threaded Threaded
10 messages Options
Michael Rhoades
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Csounds Site

Michael Rhoades
Hello all,

Thought I would mention that the header description on the downloads
page at csounds.com contains text that I cannot put in this email
because it is rejected by the Bath list server if I do.... It may be a
remnant of the previous hacking...

Cheers!!

Michael

--
http://www.perceptionfactory.com
http://www.rhoadesfineart.com



Send bugs reports to the Sourceforge bug tracker
            https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email [hidden email] with body "unsubscribe csound"

jclements
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Csounds Site

jclements

Thank you Michael, I will have a look at that right now.

John

On Feb 16, 2012 1:31 PM, "Michael Rhoades" <[hidden email]> wrote:
Hello all,

Thought I would mention that the header description on the downloads page at csounds.com contains text that I cannot put in this email because it is rejected by the Bath list server if I do.... It may be a remnant of the previous hacking...

Cheers!!

Michael

--
http://www.perceptionfactory.com
http://www.rhoadesfineart.com



Send bugs reports to the Sourceforge bug tracker
          https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email [hidden email] with body "unsubscribe csound"
jclements
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Csounds Site

jclements

Michael, to be clear -  you are referring to the header of csounds.com/downloads ?

I cannot find any offensive content, or script, in the html header or in the linked content....
Any more info that you can offer is super helpful at this point. 
Dr. Boulanger and I really appreciate any heads up on issues with the site as we prepare to make a major upgrade.

Thank you,

John Clements

On Thu, Feb 16, 2012 at 3:07 PM, J Clements <[hidden email]> wrote:

Thank you Michael, I will have a look at that right now.

John

On Feb 16, 2012 1:31 PM, "Michael Rhoades" <[hidden email]> wrote:
Hello all,

Thought I would mention that the header description on the downloads page at csounds.com contains text that I cannot put in this email because it is rejected by the Bath list server if I do.... It may be a remnant of the previous hacking...

Cheers!!

Michael

--
http://www.perceptionfactory.com
http://www.rhoadesfineart.com



Send bugs reports to the Sourceforge bug tracker
          https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email [hidden email] with body "unsubscribe csound"




--
John Clements

[hidden email]
<a href="tel:401-835-6050" value="+14018356050" target="_blank">401-835-6050
Michael Rhoades
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Csounds Site

Michael Rhoades
That is interesting. I tried on two different machines with two different browsers, two different OS to make sure before I email the list about it. If you use Firefox and tabs browse to the page and look at the description in the top on the tab. The word Ciali$ is in it and if I do a page info on it there is a long, two long sentences, regarding it.

When I view the Page Source it is obvious in the <meta name="description" content= ...      section of the code.

Hope this helps.



On 2/16/12 3:30 PM, J Clements wrote:

Michael, to be clear -  you are referring to the header of csounds.com/downloads ?

I cannot find any offensive content, or script, in the html header or in the linked content....
Any more info that you can offer is super helpful at this point. 
Dr. Boulanger and I really appreciate any heads up on issues with the site as we prepare to make a major upgrade.

Thank you,

John Clements

On Thu, Feb 16, 2012 at 3:07 PM, J Clements <[hidden email]> wrote:

Thank you Michael, I will have a look at that right now.

John

On Feb 16, 2012 1:31 PM, "Michael Rhoades" <[hidden email]> wrote:
Hello all,

Thought I would mention that the header description on the downloads page at csounds.com contains text that I cannot put in this email because it is rejected by the Bath list server if I do.... It may be a remnant of the previous hacking...

Cheers!!

Michael

--
http://www.perceptionfactory.com
http://www.rhoadesfineart.com



Send bugs reports to the Sourceforge bug tracker
          https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email [hidden email] with body "unsubscribe csound"




--
John Clements

[hidden email]
<a moz-do-not-send="true" href="tel:401-835-6050" value="+14018356050" target="_blank">401-835-6050


-- 
http://www.perceptionfactory.com
http://www.rhoadesfineart.com
jclements
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Csounds Site

jclements

Very helpful Michael.  Will track it down and keep you updated.  Thanks again,

John

On Feb 16, 2012 3:37 PM, "Michael Rhoades" <[hidden email]> wrote:
That is interesting. I tried on two different machines with two different browsers, two different OS to make sure before I email the list about it. If you use Firefox and tabs browse to the page and look at the description in the top on the tab. The word Ciali$ is in it and if I do a page info on it there is a long, two long sentences, regarding it.

When I view the Page Source it is obvious in the <meta name="description" content= ...      section of the code.

Hope this helps.



On 2/16/12 3:30 PM, J Clements wrote:

Michael, to be clear -  you are referring to the header of csounds.com/downloads ?

I cannot find any offensive content, or script, in the html header or in the linked content....
Any more info that you can offer is super helpful at this point. 
Dr. Boulanger and I really appreciate any heads up on issues with the site as we prepare to make a major upgrade.

Thank you,

John Clements

On Thu, Feb 16, 2012 at 3:07 PM, J Clements <[hidden email]> wrote:

Thank you Michael, I will have a look at that right now.

John

On Feb 16, 2012 1:31 PM, "Michael Rhoades" <[hidden email]> wrote:
Hello all,

Thought I would mention that the header description on the downloads page at csounds.com contains text that I cannot put in this email because it is rejected by the Bath list server if I do.... It may be a remnant of the previous hacking...

Cheers!!

Michael

--
http://www.perceptionfactory.com
http://www.rhoadesfineart.com



Send bugs reports to the Sourceforge bug tracker
          https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email [hidden email] with body "unsubscribe csound"




--
John Clements

[hidden email]
<a href="tel:401-835-6050" value="+14018356050" target="_blank">401-835-6050


-- 
http://www.perceptionfactory.com
http://www.rhoadesfineart.com
David-399
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Csounds Site

David-399
I just tried the link and Norton flagged it as "Malicious Web Site
Blocked". Here's a link to their description:

http://safeweb.norton.com/report/show?url=http:%2F%2Fcsounds.com%2Fdownloads&product=NIS&version=19.5.0.145&layout=Retail&lang=0901&source=toolbar

David.

On Thu, Feb 16, 2012 at 3:57 PM, J Clements <[hidden email]> wrote:

> Very helpful Michael.  Will track it down and keep you updated.  Thanks
> again,
>
> John
>
> On Feb 16, 2012 3:37 PM, "Michael Rhoades" <[hidden email]>
> wrote:
>>
>> That is interesting. I tried on two different machines with two different
>> browsers, two different OS to make sure before I email the list about it. If
>> you use Firefox and tabs browse to the page and look at the description in
>> the top on the tab. The word Ciali$ is in it and if I do a page info on it
>> there is a long, two long sentences, regarding it.
>>
>> When I view the Page Source it is obvious in the <meta name="description"
>> content= ...      section of the code.
>>
>> Hope this helps.
>>
>>
>>
>> On 2/16/12 3:30 PM, J Clements wrote:
>>
>> Michael, to be clear -  you are referring to the header of
>> csounds.com/downloads ?
>>
>> I cannot find any offensive content, or script, in the html header or in
>> the linked content....
>> Any more info that you can offer is super helpful at this point.
>> Dr. Boulanger and I really appreciate any heads up on issues with the site
>> as we prepare to make a major upgrade.
>>
>> Thank you,
>>
>> John Clements
>>
>> On Thu, Feb 16, 2012 at 3:07 PM, J Clements <[hidden email]> wrote:
>>>
>>> Thank you Michael, I will have a look at that right now.
>>>
>>> John
>>>
>>> On Feb 16, 2012 1:31 PM, "Michael Rhoades"
>>> <[hidden email]> wrote:
>>>>
>>>> Hello all,
>>>>
>>>> Thought I would mention that the header description on the downloads
>>>> page at csounds.com contains text that I cannot put in this email because it
>>>> is rejected by the Bath list server if I do.... It may be a remnant of the
>>>> previous hacking...
>>>>
>>>> Cheers!!
>>>>
>>>> Michael
>>>>
>>>> --
>>>> http://www.perceptionfactory.com
>>>> http://www.rhoadesfineart.com
>>>>
>>>>
>>>>
>>>> Send bugs reports to the Sourceforge bug tracker
>>>>           https://sourceforge.net/tracker/?group_id=81968&atid=564599
>>>> Discussions of bugs and features can be posted here
>>>> To unsubscribe, send email [hidden email] with body "unsubscribe
>>>> csound"
>>>>
>>
>>
>>
>> --
>> John Clements
>>
>> [hidden email]
>> 401-835-6050
>>
>>
>>
>> --
>> http://www.perceptionfactory.com
>> http://www.rhoadesfineart.com


Send bugs reports to the Sourceforge bug tracker
            https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email [hidden email] with body "unsubscribe csound"

Panos Katergiathis-5
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Csounds Site

Panos Katergiathis-5

The malicious code is not visible via Safari on the Mac.

However, since my job is that of an IT manager, i have recently encountered a very similar problem with a web site, where there was a case of javascript injection, and the script was programmed in a way that it only showed up on IE and Firefox ONLY on Windows.

The reason (so to speak) is that the hacker had in mind the less-than-perfect security provided by some flavors of the Windows operating system,  and was used as a means to download and run some sort of virus on the client machine.

If this is the case, i think i have a very good idea on the cause and possible remedy.

Panos




On Feb 17, 2012, at 12:12 AM, David wrote:

> I just tried the link and Norton flagged it as "Malicious Web Site
> Blocked". Here's a link to their description:
>
> http://safeweb.norton.com/report/show?url=http:%2F%2Fcsounds.com%2Fdownloads&product=NIS&version=19.5.0.145&layout=Retail&lang=0901&source=toolbar
>
> David.
>
> On Thu, Feb 16, 2012 at 3:57 PM, J Clements <[hidden email]> wrote:
>> Very helpful Michael.  Will track it down and keep you updated.  Thanks
>> again,
>>
>> John
>>
>> On Feb 16, 2012 3:37 PM, "Michael Rhoades" <[hidden email]>
>> wrote:
>>>
>>> That is interesting. I tried on two different machines with two different
>>> browsers, two different OS to make sure before I email the list about it. If
>>> you use Firefox and tabs browse to the page and look at the description in
>>> the top on the tab. The word Ciali$ is in it and if I do a page info on it
>>> there is a long, two long sentences, regarding it.
>>>
>>> When I view the Page Source it is obvious in the <meta name="description"
>>> content= ...      section of the code.
>>>
>>> Hope this helps.
>>>
>>>
>>>
>>> On 2/16/12 3:30 PM, J Clements wrote:
>>>
>>> Michael, to be clear -  you are referring to the header of
>>> csounds.com/downloads ?
>>>
>>> I cannot find any offensive content, or script, in the html header or in
>>> the linked content....
>>> Any more info that you can offer is super helpful at this point.
>>> Dr. Boulanger and I really appreciate any heads up on issues with the site
>>> as we prepare to make a major upgrade.
>>>
>>> Thank you,
>>>
>>> John Clements
>>>
>>> On Thu, Feb 16, 2012 at 3:07 PM, J Clements <[hidden email]> wrote:
>>>>
>>>> Thank you Michael, I will have a look at that right now.
>>>>
>>>> John
>>>>
>>>> On Feb 16, 2012 1:31 PM, "Michael Rhoades"
>>>> <[hidden email]> wrote:
>>>>>
>>>>> Hello all,
>>>>>
>>>>> Thought I would mention that the header description on the downloads
>>>>> page at csounds.com contains text that I cannot put in this email because it
>>>>> is rejected by the Bath list server if I do.... It may be a remnant of the
>>>>> previous hacking...
>>>>>
>>>>> Cheers!!
>>>>>
>>>>> Michael
>>>>>
>>>>> --
>>>>> http://www.perceptionfactory.com
>>>>> http://www.rhoadesfineart.com
>>>>>
>>>>>
>>>>>
>>>>> Send bugs reports to the Sourceforge bug tracker
>>>>>           https://sourceforge.net/tracker/?group_id=81968&atid=564599
>>>>> Discussions of bugs and features can be posted here
>>>>> To unsubscribe, send email [hidden email] with body "unsubscribe
>>>>> csound"
>>>>>
>>>
>>>
>>>
>>> --
>>> John Clements
>>>
>>> [hidden email]
>>> 401-835-6050
>>>
>>>
>>>
>>> --
>>> http://www.perceptionfactory.com
>>> http://www.rhoadesfineart.com
>
>
> Send bugs reports to the Sourceforge bug tracker
>            https://sourceforge.net/tracker/?group_id=81968&atid=564599
> Discussions of bugs and features can be posted here
> To unsubscribe, send email [hidden email] with body "unsubscribe csound"
>



Send bugs reports to the Sourceforge bug tracker
            https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email [hidden email] with body "unsubscribe csound"

Fineberg, Jeffrey
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

RE: Csounds Site

Fineberg, Jeffrey
I wonder if obtaining a digital certificate (if there isn't one already) for the website would help reduce the flagging?

-----Original Message-----
From: Panos Katergiathis [mailto:[hidden email]]
Sent: Thursday, February 16, 2012 5:58 PM
To: [hidden email]
Subject: Re: [Csnd] Csounds Site


The malicious code is not visible via Safari on the Mac.

However, since my job is that of an IT manager, i have recently encountered a very similar problem with a web site, where there was a case of javascript injection, and the script was programmed in a way that it only showed up on IE and Firefox ONLY on Windows.

The reason (so to speak) is that the hacker had in mind the less-than-perfect security provided by some flavors of the Windows operating system,  and was used as a means to download and run some sort of virus on the client machine.

If this is the case, i think i have a very good idea on the cause and possible remedy.

Panos




On Feb 17, 2012, at 12:12 AM, David wrote:

> I just tried the link and Norton flagged it as "Malicious Web Site
> Blocked". Here's a link to their description:
>
> http://safeweb.norton.com/report/show?url=http:%2F%2Fcsounds.com%2Fdownloads&product=NIS&version=19.5.0.145&layout=Retail&lang=0901&source=toolbar
>
> David.
>
> On Thu, Feb 16, 2012 at 3:57 PM, J Clements <[hidden email]> wrote:
>> Very helpful Michael.  Will track it down and keep you updated.  Thanks
>> again,
>>
>> John
>>
>> On Feb 16, 2012 3:37 PM, "Michael Rhoades" <[hidden email]>
>> wrote:
>>>
>>> That is interesting. I tried on two different machines with two different
>>> browsers, two different OS to make sure before I email the list about it. If
>>> you use Firefox and tabs browse to the page and look at the description in
>>> the top on the tab. The word Ciali$ is in it and if I do a page info on it
>>> there is a long, two long sentences, regarding it.
>>>
>>> When I view the Page Source it is obvious in the <meta name="description"
>>> content= ...      section of the code.
>>>
>>> Hope this helps.
>>>
>>>
>>>
>>> On 2/16/12 3:30 PM, J Clements wrote:
>>>
>>> Michael, to be clear -  you are referring to the header of
>>> csounds.com/downloads ?
>>>
>>> I cannot find any offensive content, or script, in the html header or in
>>> the linked content....
>>> Any more info that you can offer is super helpful at this point.
>>> Dr. Boulanger and I really appreciate any heads up on issues with the site
>>> as we prepare to make a major upgrade.
>>>
>>> Thank you,
>>>
>>> John Clements
>>>
>>> On Thu, Feb 16, 2012 at 3:07 PM, J Clements <[hidden email]> wrote:
>>>>
>>>> Thank you Michael, I will have a look at that right now.
>>>>
>>>> John
>>>>
>>>> On Feb 16, 2012 1:31 PM, "Michael Rhoades"
>>>> <[hidden email]> wrote:
>>>>>
>>>>> Hello all,
>>>>>
>>>>> Thought I would mention that the header description on the downloads
>>>>> page at csounds.com contains text that I cannot put in this email because it
>>>>> is rejected by the Bath list server if I do.... It may be a remnant of the
>>>>> previous hacking...
>>>>>
>>>>> Cheers!!
>>>>>
>>>>> Michael
>>>>>
>>>>> --
>>>>> http://www.perceptionfactory.com
>>>>> http://www.rhoadesfineart.com
>>>>>
>>>>>
>>>>>
>>>>> Send bugs reports to the Sourceforge bug tracker
>>>>>           https://sourceforge.net/tracker/?group_id=81968&atid=564599
>>>>> Discussions of bugs and features can be posted here
>>>>> To unsubscribe, send email [hidden email] with body "unsubscribe
>>>>> csound"
>>>>>
>>>
>>>
>>>
>>> --
>>> John Clements
>>>
>>> [hidden email]
>>> 401-835-6050
>>>
>>>
>>>
>>> --
>>> http://www.perceptionfactory.com
>>> http://www.rhoadesfineart.com
>
>
> Send bugs reports to the Sourceforge bug tracker
>            https://sourceforge.net/tracker/?group_id=81968&atid=564599
> Discussions of bugs and features can be posted here
> To unsubscribe, send email [hidden email] with body "unsubscribe csound"
>



Send bugs reports to the Sourceforge bug tracker
            https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email [hidden email] with body "unsubscribe csound"




Send bugs reports to the Sourceforge bug tracker
            https://sourceforge.net/tracker/?group_id=81968&atid=564599
Discussions of bugs and features can be posted here
To unsubscribe, send email [hidden email] with body "unsubscribe csound"

Aric Sebastian
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Csounds Site

Aric Sebastian
In reply to this post by jclements
Hey John, 

I just did some testing on my end and heres what I've come up with. See the attached screen shots for reference.

I'm using Chrome v17 on OSX 10.6.8

The actual csounds.com/downloads page that is accessed through the sight (top nav) has the correct <title>Downloads | Csounds.com</title> tags. However it does NOT have a description tag at all, which is just a side issue. 

The cached version by google has the incorrect tags and description. (see screenshot). This is the version that was actually indexed (cached) by google's crawl bots and so the correct page needs to be submitted for re-index.  Until then Google will only show the incorrect version in it's listings. You can access the cached version from google's "preview page" arrows and clicking cached (see pic). Then if you go into source from that page you'll see the bad tags.

Though you can still access the correct Downloads page from the homepage, it doesn't seem as if it has been indexed at all by google since only the incorrect result is listed when using the query "site:www.csounds.com/downloads"

The really odd thing is that the link of the incorrect listing is still "csounds.com/downloads" and yet it's not a redirect or anything.  So my guess is at one point the site got hacked and changed it, and google simply hasn't re-indexed it yet.  I would also highly suggest making the correct page "canonical".  Which will tell the google bots that this is the one to index no matter how many sites redirect or have the same content. Check out ->

Hope this helps. 
- Aric



incorrect_google_results_listing.png (113K) Download Attachment
access_cached_version.jpg (755K) Download Attachment
Cached_Version_Source.png (117K) Download Attachment
jclements
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate
star

Re: Csounds Site

jclements

Aric, thank you very much for your help on this.  I had already requested a re-index of the page via Google webmaster tools, and they have apparently not done so yet.  I did request this for many of the pages on the site.  I pulled several scripts out of drupal's temp folder that were definitely responsible for providing access to whoever did this, and have changed all site passwords and tightened up the .htaccess file.   It looks like the attacker gained access on Christmas according to the logs, so I am uncertain if I have sealed every hole yet...

More later, and much much thanks,

John

On Feb 17, 2012 9:18 AM, "Aric Sebastian" <[hidden email]> wrote:
Hey John, 

I just did some testing on my end and heres what I've come up with. See the attached screen shots for reference.

I'm using Chrome v17 on OSX 10.6.8

The actual csounds.com/downloads page that is accessed through the sight (top nav) has the correct <title>Downloads | Csounds.com</title> tags. However it does NOT have a description tag at all, which is just a side issue. 

The cached version by google has the incorrect tags and description. (see screenshot). This is the version that was actually indexed (cached) by google's crawl bots and so the correct page needs to be submitted for re-index.  Until then Google will only show the incorrect version in it's listings. You can access the cached version from google's "preview page" arrows and clicking cached (see pic). Then if you go into source from that page you'll see the bad tags.

Though you can still access the correct Downloads page from the homepage, it doesn't seem as if it has been indexed at all by google since only the incorrect result is listed when using the query "site:www.csounds.com/downloads"

The really odd thing is that the link of the incorrect listing is still "csounds.com/downloads" and yet it's not a redirect or anything.  So my guess is at one point the site got hacked and changed it, and google simply hasn't re-indexed it yet.  I would also highly suggest making the correct page "canonical".  Which will tell the google bots that this is the one to index no matter how many sites redirect or have the same content. Check out ->

Hope this helps. 
- Aric
Loading...
Powered by Nabble See how NAML generates this page