Repairing A Hijacked Page

Repaired a hijacked community page.

A family member of mine reached out to me about their site being hijacked. A fake / pirate / knockoff Louis Vuitton website was loading instead of the proper community page. It is a very simple site, but it was created, managed, and maintained exclusively using a proprietary-looking, web-based site construction tool which I had never heard of. Looking at the source of the site, I found this JavaScript at the top, hijacking the site and redirecting visitors.

<script>
var s=document.referrer;
if(s.indexOf("google")>0 || s.indexOf("bing")>0 || s.indexOf("aol")>0 || s.indexOf("yahoo")>0)
{
self.location="[a fake Louis Vuitton site]";
}
</script>

Poking around the web-based website tool, I was able to locate direct access to the files for the website. While digging around in the actual files for the website, I was able to find an obfuscated default.aspx file (i.e. some characters were printed directly, most used ASCII character codes, multiple concatenations were made so the characters did not appear in the code in their final output order, etc.) which output that malicious JavaScript and then included the normal/original website index.html page. Removing this file solved the problem.

Website Security with SSL

Got a Secure Sockets Layer (SSL) certificate, acquired from Namecheap, issued by RapidSSL, installed on the Elastic Compute Cloud (EC2) web server instance hosting Devil Music.

Follow the tutorial How to Configure an SSL Certificate for Apache on Amazon EC2 on splittingelectrons. Also consult the relevant RapidSSL Technical Support articles RapidSSL – Generate Certificate Signing Request (CSR) and RapidSSL – Install SSL Certificate.

* Since the splittingelectrons blog has not been updated in 2 years, I’ve copied its contents into an HTML comment embedded in this post so it doesn’t get lost.

[UPDATE Monday, December 1, 2014]
Beginning next summer (2015), you should look into Let’s Encrypt as your *free* certificate authority!
See “Launching in 2015: A Certificate Authority to Encrypt the Entire Web” by Peter Eckersley on EFF.org, November 18, 2014
https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web

Sources

Devil Music EPUB Edition

The Devil Music ePub edition, DRM-free, is now available through Lulu.com. You can get it [HERE].

EPUB is a free and open e-book standard. I can read this edition using Calibre on my Windows PC. I’ve been told it also works with FBReader on Android, Google Books on Android, and iBooks on Apple’s iOS.

The Lulu self publishing project form page is simple enough. Make sure you already got your ISBN if you don’t want to use theirs. Although, as I note in that post, I’d recommend letting Lulu (and Amazon, etc.) provide you with free ISBNs at first and only buy and use your own later if anything you write gets popular. We chose to make Chapter One: Servitude the book preview and simply used the ebook cover as the marketing image.

Additional Reading

FTP Access to AWS EC2 Using FileZilla

Got File Transfer Protocol (FTP) access set up to the Devil Music web server instance on Elastic Compute Cloud (EC2), using FileZilla.

Having FTP access to web servers makes life easier for everyone. FileZilla is a great FTP program using well known computer interface elements. Assuming you have already gotten yourself set up with PuTTY then setting it up is even easier.

  1. Download and then run the FileZilla installer.
  2. Edit(Preferences) > Settings > Connection > SFTP > Add key file > browse to your .ppk key file and select it.
  3. File > Site Manager > New Site:
    Host: your instance’s public domain name (including “www” if you are using it)
    Protocol: SFTP
    Logon Type: Normal
    User: ec2-user
  4. press the Connect button

Alternatively, if you do not want to use your .ppk key or need to provide FTP access to anyone else, then you can create a new user in the system and limit its access to the /var/www/html directory (or a further web-accessible subdirectory).

Sources