BEV! 0 Report post Posted May 19, 2010 Few days ago I got an email from the Giant (Google) to let me know my site got hacked and all 2000 pages in it got infected.Of course the fool hacker injected something on my server infecting everything in it and Google had no other option but to block all my pages from being viewed because it appeared that the infection my pages had was that if anyone would view it, it would destroy their system.. I was not aware of this at all until it was too late. Anyway, my host could not help me fix the problem but Google was very helpful (I'm impressed) but still I was on my own with this nightmare.I contacted several professionals to help me get rid of the infection but they charge over $900 for the type of infection my site had because the injection was penetrated (via FTP) in a way that the virus were invisible so I can not spot them from the naked eye.How did this happen? I'm not 100% sure but I have a couple of thoughts I quickly took action and hit the net to learn everything I needed to learn about these infections and HOW to get rid of them.Took me a while but I have completely cleaned my own pages (site) MANUALLY from scratch and Google complimented me and said I did a great job I'm posting this so you know what can happen to your sites (if u have one or two), this can happen to anybody regardless of what anti virus you use on your system... Is recommended to always use SFTP (Secure FTP) instead of FTP when uploading to your server and to change your password frequently to avoid getting your site hacked. (Hacked Sites are an epidemic these days) Here's a good source to check for infection on your site (or use any other method you know of, as long as you take precautions).CLICK HERE Hope this doesn't happen to any of you. IT IS UGLY BEV! Share this post Link to post Share on other sites
MichaelC 160 Report post Posted May 19, 2010 Sorry to hear about your troubles, Bev. The internet is a dangerous place, populated by idiots with too much time on their hands and not enough brains to utilize that time. Sounds as if you had, for the most part, a happy ending. Good work! I'm doing my damnedest not to make a smart ass comment about Bev and a contagious infection. How am I doing so far?? Who loves ya, Bev?? Share this post Link to post Share on other sites
Jason (AL) 1 Report post Posted May 19, 2010 A 2,000 page site? Also, why would Google contact you about this?Why are they the only search engine that has contacted you?I'm sure your site is indexed with Bing, Yahoo, and the various others. All sounds fishy to me. Share this post Link to post Share on other sites
BEV! 0 Report post Posted May 19, 2010 Admin,Yes, happy ending but I'm not done yet. I'm now checking for backdoor that hackers usually leave behind on the site when they hack a site.If they left a backdoor, they can come in again and have their way with my site again and again even after I take all the precautions in the world. I'm sooooo exhausted, but I gotta do what I gotta do to Oh, and by the way, Lei è un uomo vecchio sporco Jason, Google and I come a long way.. I've been doing adsense for yrs for Google so they monitor my sites very carefully to make sure all is well.. (I guess), and besides, Google owns the world these days. Share this post Link to post Share on other sites
MichaelC 160 Report post Posted May 20, 2010 Oh, and by the way, Lei è un uomo vecchio sporco You wouldn't have it any other way. Share this post Link to post Share on other sites
BEV! 0 Report post Posted May 20, 2010 Oh admin, give it a rest Anyway, found out the infection was injected from one of my T/B's website's form.. I'm 99.9% sure. We all have these forms in our REI sites that ppl fill out with their names, etc.. all I can say is, if you ever get a filled out form from your site with bogus info like (r5joijgojoietjhiorublablabla with or without a link in it), take action asap. because this is a hack attack. That's exactly what happened to me with my forms couple of weeks ago and now it all makes sense BEV! Share this post Link to post Share on other sites
jlspartz 0 Report post Posted May 21, 2010 What was the virus called? I can probably tell you the exact methods used and what to check if I know what you had. There are many ways to hack a website, and it's not always through the website. The jackpot when hacking is your email account. You can change any passwords to any accounts online from a hacked email. Your computer is a weaker link than the website. Any website's registrar also has weaker security than any website host - and a huge security hole for registrar's was just leaked. There aren't many threats that travel through forms automatically - that takes much more high-end coding than most hackers are capable of. If it's through a form, it's most likely manually done through vulnerability testing, most likely in that case using nessus to scan and metasploit to exploit and drop the files, so you'd probably have a meterpreter backdoor placed. Share this post Link to post Share on other sites
BEV! 0 Report post Posted June 1, 2010 The biggest mistake I made which caused the hacker to come in, was to allow my form's text field to have unlimited characters. (HUGE MISTAKE!!) So when the hacker found out about this, he/she implemented a script through my form fields.. Scripts are very long and requires 100's of characters.Now I totally re-did my forms with more security AND limited characters (no more than 30).Forms are the easiest and most popular way to hack a site, specially if the form requires a password. I tried hacking my own site to test it (before I fixed it) and was successful at it. BEV! Share this post Link to post Share on other sites
amasters 0 Report post Posted July 28, 2010 Make sure that the permissions are set properly on your htaccess file. Also, make sure your authentication file is not accessible to the public. My hosting company here in Indianapolis, Indiana is pretty uptight about the security settings on their Apache servers, almost to the point of being ridiculous. But better safe than sorry. Share this post Link to post Share on other sites
BEV! 0 Report post Posted July 30, 2010 Make sure that the permissions are set properly on your htaccess file. Also, make sure your authentication file is not accessible to the public You make good points amsters. I must admit, I just love manipulating the htaccess.I have also stopped the bots from accessing all my private files and htaccess among other folders. Thanks, for the tips. It helps Bev! Share this post Link to post Share on other sites