Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
|
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. |
|
Thread Tools |
06-20-2009, 01:42 AM | #1 |
Too lazy to set a custom title
Industry Role:
Join Date: Nov 2005
Posts: 10,012
|
IFrame Virus/Trojan experiences & question.. Please share yours
Few months ago, I had to deal with this problem..
Some weird piece of code affected almost all my sites on a shared hosting, but it happened on my dedicated too. Somehow it injects code in .html and .php pages, usually ones with "index" and "home" names. Some antiviruses detects them, some aren't, but google stamps "warning" at your site which, you have to admit is pretty bad and decreases the traffic a lot (in my case, 6 times less traffic). I tried to clean this code and update almost every CMS software I had on my host, but the problem was still occurring. Contacted hosting support too, and they told me to change all my passwords (cpanel & ftp accounts). I've done that and everything seemed to be fine. Forgot to mention that I spent lots of time using google webmasters tools to request review after the cleanup. Yesterday, I noticed this code being injected again. I cleaned it up, but I'm getting a bit worried now, so I'd like to stop it once forever (ok, at least for some time). In order to isolate my side in this problem, I worked 2 months on newly installed linux machine with all new passwords for host, but some sites still got infected. What's your experience about this and similar thingies? Is it hosting issue or something else? Any prevention tips? |
06-20-2009, 02:08 AM | #2 |
So Fucking Banned
Industry Role:
Join Date: Apr 2003
Location: online
Posts: 8,766
|
Clean your PC, trust me... !
I had the same situation it gets your ftp pass and then reupload infected files |
06-20-2009, 02:45 AM | #3 |
Confirmed User
Industry Role:
Join Date: Aug 2006
Location: Poland
Posts: 9,214
|
I've had a few clients have a problem like this. It's a computer virus that sniffs out ftp info and either sends it off to another machine which in turn injects this code onto index.html/index.php files, or it causes your own machine to ftp in.
Run Virus scanner, Change all your ftp passwords afterwards
__________________
Mechanical Bunny Media Mechbunny Tube Script | Mechbunny Webcam Aggregator Script | Custom Web Development |
06-20-2009, 03:11 AM | #4 |
Too lazy to set a custom title
Industry Role:
Join Date: Nov 2005
Posts: 10,012
|
Thanks for your answers.. I might left over some ftp accounts, going to change their passwords too.
Anyway I'll recheck my own security too. Thanks! |
06-20-2009, 04:21 AM | #5 | |
Bollocks
Industry Role:
Join Date: Jun 2007
Location: Bollocks
Posts: 2,792
|
Quote:
Yep, I'm pretty sure I had the same. It was happening on two different servers even after changing the passwords but after I scanned my PC with Kaspersky a couple of times it stopped.
__________________
Interserver unmanaged AMD Ryzen servers from $73.00 |
|
06-20-2009, 09:49 PM | #6 |
Confirmed User
Industry Role:
Join Date: Aug 2005
Location: NEW ZEALAND
Posts: 1,654
|
change your ftp passwords asap and then change them evey week or so
|
06-20-2009, 10:13 PM | #7 |
Just a happy man
Industry Role:
Join Date: Oct 2001
Location: ICQ 159948094
Posts: 10,889
|
...and if you want to resolve the problem for some time, chmod your index.html or index.php to 444 (no writing possible, but also for the owner).
When you'll update your index files you'll need to delete them first (or chmod again), but also any virus will not have way to come to to index files. If your site is updated automatic, it can be a problem.
__________________
Always Paid On Time |
06-20-2009, 10:37 PM | #8 |
Confirmed User
Industry Role:
Join Date: Jul 2001
Location: 127.0.0.1
Posts: 9,266
|
I posted the solution here, check it out. We cleaned 3 PC and everybody that asked for help could clean it with no problem and the fucking thing never got back. Lots of steps, but well, you gotta do it
__________________
This post is endorsed by CIA, KGB, MI6, the Mafia, Illuminati, Kim Jong Il, Worldwide Ninjas Association, Klingon Empire and lolcats. Don't mess around with it, just accept it and embrace the truth |