Chain of command- looking for reference

[UH60guy]

Another screen-shot.

And I saw this too- though you notice it's not saying it found those terms, it's saying "type this in to search for these terms." I tried a few, and even changing it to just "viagra site:www.vawg.cap.gov" and came up with nothing.

[Panache]

Doing a google site search for the terms "viagra" and "cialis" both indicate that those terms are SOMEWHERE on the site.

I did a search for "puppy", just to make sure it was throwing out false positives, and the search came back with no hits.

[Panache]

Another screen-shot.

And I saw this too- though you notice it's not saying it found those terms, it's saying "type this in to search for these terms." I tried a few, and even changing it to just "viagra site:www.vawg.cap.gov" and came up with nothing.

Try doing the site search with vawg.cap.gov, not www.vawg.cap.gov

[Panache]

Snippit of code.  (Taken remotely, 'cause I'm not going to the site personally)

[UH60guy]

OK, that narrows down the search- though as I'm not the admin all I can do is go through page source code page by page.

Too bad it doesn't narrow it down more though!

Did you have any hits with other scanners? My computer's not picking anything up, and I've tried a few other scanning sites and come up cold:
http://www.avgthreatlabs.com/website-safety-reports/domain/cap.gov/
https://www.virustotal.com/en/

Have you used Unmask Parasites before? I've never heard of them before- if you haven't either, keep in mind there is a common trick to give false positives to drum up antivirus business. Not saying I don't believe you- the state of the website definitely makes me believe it would be possible- but just I can't find the links in the source code.

[UH60guy]

Whomp, there it is. Found it.

Tricksy, tricksy hobbitses. I lost it again, but I definitely saw the spam code for all of a second until I accidentally closed the wrong window. At least now I know generally where to look...

[Panache]

I kicked in the Sandbox mode and went to the website and copied the page source.  I'll attach it here as a PDF file.

[UH60guy]

Yeah, that's the problem. It's the index page that brings up the frames that has the bad code. That's why right-clicking and viewing each frame's code was turning up nothing. It's on the index itself, not the content. That also explains how I got lucky with one click but lost it again

Thanks for the help with the search. I'll report this to VAWG right away.

[Panache]

Glad to have helped. 

[UH60guy]

Hey, at least we did something productive while I was procrastinating on CLC homework, right?

Edit:
Answer back from VAWG is they intend to shut down the website and use the other Virginia Wing website, so I'm not sure what action if any will be needed. Makes me wonder why we are going with a .com instead of the more official-looking .gov, but those decisions and the information feeding them are way above my pay grade.

I was also just offered a wing IT job... that'll teach me to open my mouth!

[Ed Bos]

Hey, at least we did something productive while I was procrastinating on CLC homework, right?

Edit:
Answer back from VAWG is they intend to shut down the website and use the other Virginia Wing website, so I'm not sure what action if any will be needed. Makes me wonder why we are going with a .com instead of the more official-looking .gov, but those decisions and the information feeding them are way above my pay grade.

I was also just offered a wing IT job... that'll teach me to open my mouth!

Is this the new website? Are you THAT fast?  :clap:
http://www.govirginiawingcap.com

[Panache]

I was also just offered a wing IT job... that'll teach me to open my mouth!

Woo-hoo!  An extra zero on your CAP paycheck!

[UH60guy]

I was also just offered a wing IT job... that'll teach me to open my mouth!

Woo-hoo!  An extra zero on your CAP paycheck!

I blame you for getting me into this mess, Panache

And no, some people with much more experience than me created that .com website a while ago... it's just now an opportunity for me to try to help out where they need it. I haven't done any website design in about 10 years, so this should be interesting... not to mention needing to read up on assorted regulations I've never cracked the surface of and a possible new specialty track.

[Panache]

I was also just offered a wing IT job... that'll teach me to open my mouth!

Woo-hoo!  An extra zero on your CAP paycheck!

I blame you for getting me into this mess, Panache

I regret nothing!

[Eclipse]

A number of years ago I was running the website for my Group and its units - most of them had very basic
contact and info pages based on the same Joomla templates with security and rights I had established personally.

One unit decided to do their own thing, format-wise, and its very non-technical CC and family built the site using
Frontpage...

...

...yeah.

Not only was it an ugly, non-compliant, nostalgic gateway to the '90's, but the templates they were
using were probably downloaded from a Warez site and had vulnerabilities the size of semi-trucks.   As it
happened I transitioned from Group CC right around this time and it was no longer my problem, though since
the hosting was "paid up" and I was the admin, I just maintained access until the contract ran out and they transitioned to Google sites.

When the contract with the provider ran out and I shut everything down, I did one final copy of the whole site
as a historical backup.  When that particular unit's directory hit my machine, the anti-virus went nuts and
quarantined a bunch of stuff.

I found a whole structure of pharma spam content that the unit had been "hosting" for several years.
Since we weren't running any analytics or traffic monitoring, we have no way of knowing how much
SPAM we were actually hosting, but it was likely a nice little "hidey hole" for someone.

Some days I hate computers.

[Panache]

I suspect that's what happened to the vawg.cap.gov domain.