Thursday, September 28, 2023

WS FTP site .ini file location

I use an older version of WSFTP (8.0). I wanted to backup the .ini file that holds all the site configurations. I was unable to locate it, but eventually search enough and found it.

WS support says the path is:

C:\Users\<username>\AppData\Roaming\Ipswitch\WS_FTP\Sites

Here is the path I needed to get the file.

C:\users\<username>\AppData\local\VirtualStore\Program Files(x86)\Common Files\Ipswitch\WS_FTP\Sites\WS_FTP.ini

I hope this helps someone.

More info on the Joomla Sejeal attack

I have another client’s site attacked by Sejeal. Again I found a “sejeal.JPG” file in the root directory. Client called me saying the hyperlinks don’t work. Browser was giving back 404 error.

I found this article that shed some light on the matter. One of my main tools “JCEditor” has a vulnerability that attackers are exploiting.

http://www.prolateral.com/news-section/news-news/289-has-your-joomla-website-been-hacked.html

 

 

Coupon Companion Plugin – adware / malware removal.

I recently installed a audio driver to fix a problem with the “what you hear” input device. Shortly after that when browsing hyperlinks would throw pop-up window linking to an ad for something. Here is an example.

At the bottom of the window was “Coupon Companion Plugin” banner. With some research I found this is adware.

http://malwaretips.com/blogs/remove-coupon-companion-ads/

I followed the steps to remove the adware. Hoping this works. I doing this I also discovered my machine also had “InfoAtoms” on it . More adware. I followed the following article to remove this as well.

http://www.uninstallgeek.com/programs/infoatoms-1-0-10-0-uninstall-tool.html

It seems we can expect more of this in the future. Stay safe my friends.