HWF has a security incident

ArchiveEarlier this evening (October 22, 2007) I received an e-mail from a viewer of the channel website complaining that our site was causing her virus/trojan warning to reject it.

At first I was skeptical - but noticed at the bottom of the page a link to "download firefox" which I had not recalled being there. It pointed to a server in China (

Back in May there was a security update for the Media Gallery software. I did the update but only after the system had been compromised by a file being uploaded to the system - a fact that I did not know at the time. It was not successfully used at that time - even though they tried twice according to my logs - on May 15 and May 17.

The problem is that the update left the file there - and somebody went looking for it again on Oct 10 - and found it and used it to edit the footer.thtml file for the channel web site (not the forum here - the one with the videos on it) and drop this link in.

Unless a viewer of any of the pages under http://www.hancockwildlifechannel.org actually clicked on the link to this bogus firefox download page, it is not possible that anything on our system could cause a compromise of their computer. Of course if you clicked on it and also had up to date anti-virus software you would also likely be ok.

The link has been removed and the hole in our security removed - and I have an e-mail from the software team that writes the Geeklog software that we use on our main site that this problem is one they will ensure can't happen again. I initially chose Geeklog for our main sites because the writers are in fact security people and very dedicated to their task.

In my everyday job I see all manner of compromised systems - this is pretty much the most minor of them - but I know that any compromise is a potential headache to our viewers. If you clicked on the link I'd like to hear from you and will work to help you in any way I can.


Story Options



Please Donate

Please Donate!

Current & Ongoing Promotions





My Account

Sign up as a New User
Lost your password?