Was my website hacked?

[kjx]

A friend of a friend got an alert from avg when they tried to access a page on my site (I've not yet found out if it's there on every page but here's what AVG told them):

http://twitpic.com/19h0kd/full

The link to the page in question is: http://www.koshyjohn.com/life/index.html

It's an empty page with just a header and footer, and a link to the external addthis javascript file (worth investigating? I've seen a lot of big sites use this and that's the only basis for my trust).

I looked at the source code of the page in question on my machine and neither did NIS2010 alert me, nor did I find any url as shown in that image in the source of that page.

My webhosting passwords are secure (alpha-numeric, punctuation, longish, the works), but I'll probably change them anyway.

First of all, is this a false positive? If so, what is causing it? If not, how should I go about fixing the problem (a sketchy outline would be enough, I can work out the rest or ask if I have a question)?

(I did a quick check of the file against my secure local copy and they are identical)

[Draconian Guppy]

Doesn't trigger anything for me using AVG 9

[kjx]

Doesn't trigger anything for me using AVG 9

Thank you for that... As long as I can be convinced that my website is not compromised, I can sleep well.

If anyone else has thoughts or anything to report, I'll be checking back here often.. Thank you!

[AnthonySterling]

The alert details the URL in question, although not your site per se, it *could* be an external call to this location from your site.

Are you sure it's not the other tab which appears to be still loading?

[kjx]

The alert details the URL in question, although not your site per se, it *could* be an external call to this location from your site.

Are you sure it's not the other tab which appears to be still loading?

Yeah, I've considered that.. The only things external to my site are addthis (which powers the toolbar) and amazingcounters which powers the page counters. To the best of my knowledge, they are fairly big, used by a lot of reputable sites (particularly addthis) and if they were compromised in some way, more people would know about it.

I only have that image to work with, so I'm going to guess that it is my page being referred to unless AVG is just sloppy about how it reports things. I get at least 2000 hits to the site daily so if there was a problem, I would have heard from more people about it I guess.

And seeing that the peron is on Windows XP and using AVG, I wouldn't be surprised if their system was the compromised one - maybe a malicious add-on to firefox perhaps?

[ilev]

Chrome blocked third-part cookies on the page

[Magpie]

McAfee Virus Scan Enterprise Workstation

Version Number 8.5.0.781 No problems/Warnings to see anything on you site.

[unintentional]

My AV didn't pull up, so your site seems to be clean. AVG has been known to generate false-positives in the past, so I would tell your friend to switch to Avira, Avast!, Security Essentials, or something else. It's also possible it's the site loading in the first tab...

[-Alex-]

Another one with AVG not showing any warning.

[cork1958]

Nothing showing up here using Avira AV.

When I tried to save your page to file though, got SEVERAL errors saying stuff couldn't be read.

Here's one of the errors:

C:\Tunes\index_files\lg-share-en.gif could not be saved, because the source file could not be read.

Try again later, or contact the server administrator.

Also,

There is absolutely nothing showing up in the body of the page, but that's probably due to adblockplus? Is that site one big advertisement or something?

I'm using the Seamonkey web browser on XP Pro, fwiw.

[Farchord]

There's nothing malicious on your site. There's the addthis referrer to post your site on social networking sites and an amazingcounter thingy which I guess is just a simple visit counter. But there's nothing malicious here.

[Phenom II]

Avast is happy with it, and Avast is usually quick to stop any access to exploited pages