1. Home
  2. Forums Index
  3. Search Engines and SEO / Google Search and SEO 10:48 am Apr 24, 2026

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Malware Woes - Just finished cleaning my site

         

apauto

3:34 pm on Sep 10, 2010 (gmt 0)

10+ Year Member



Wow.

I got some iframe malware injection by a delightful Russian fellow that kept me on my toes. I saw my traffic drop by 2/3 and then noticed Google throwing up a warning under my links saying: "This site may harm your computer". Arg!

I cleaned the line of code from two default.asp files (in different folders) that was injected into the bottom of the file. I requested a Malware review from Google, and as of 15 min ago, I'm back in business, and can finally take a shower!

Here are my questions:

1) Since it looks like they only modified default.asp, I'm assuming their little script only looks for index files. How can I create an index file that's called blahblahyoucantfindme.asp and have this recongized as the default file? Since this is on IIS, I don't have .htaccess, and since I'm on shared hosting, I don't have access to IIS itself.

2) A few months ago I saw a site that said they have a remedy for malware. I didn't pay attention then, but now can't find the site. It said that the software scans for file changes via a CRON job I believe, and once detected, it copies over a clean file from a designated location. This seems perfect, so that if the file gets modified by these guys, within minutes the software will replace it with a good copy. Anyone know where to get this?

Ok, well, time to check my source code again, ensure for my own well being there is no malware, and go take a shower in peace.

TIA for your help.

tedster

5:36 pm on Sep 10, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I can't help but notice one obvious omission in your actions. Did you find and patch the security hole that allowed the hack in the first place?

1) These are technical questions about the IIS server. You'll find that knowledge is more concentrated in our Windows IIS Forum [webmasterworld.com]

2) A service like this is worthwhile - but you can't lean on it exclusively. You need to patch the security hole, too.

And since you're on shared hosting, my guess is that your hosting service needs to fix the security problem you just found - or you should move the site somewhere that will.

bwnbwn

5:48 pm on Sep 10, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



tedester is correct they will be back and more than likley it is a program running the script that goes out and searches for unpached servers. All index pages are then injected with the code. I bet if you have index.asp on the sever it has as well been injected.

Find the problem or as tedester said move to one that will.

apauto

6:06 pm on Sep 10, 2010 (gmt 0)

10+ Year Member



tedster, I found the iframe that was injected, changed my passwords, and looked around, but have no idea how they did it. All of my code is custom, nothing off the shelf like Wordpress that needs a patch.

I don't even allow user input.

It must have been from another site on my GoDaddy hosting server, but after contacting GoDaddy they said they can't help, and gave me a link to read about cleaning Malware. The link talked about patching my software and changing the password... very unhelpful.

tedster

6:59 pm on Sep 10, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The boilerplate response from web hosting service is that your password must be compromised. Well, maybe - but there are a lot of other possibilities, too. If your password was compromised and you didn't share it, then you've got malware on your own PC!

jimbeetle

7:18 pm on Sep 10, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



malware on your own PC

That was my unfortunate experience about a year ago and a few other folks on the board have experienced the same. Since then, this machine never connects to any of my sites; my dev machine never surfs the web; and I use an old laptop for sensitive personal stuff.

I mentioned this in another malware-related thread a month or so ago, but the fact is that -- no matter how good your AV or anti-malware stuff is -- it's always going to lag a bit behind what comes out in the wild. In my case I found the malware when doing an end of day scan, a couple of profile updates after I had last FTPd to one of my sites.

rowtc2

7:44 pm on Sep 10, 2010 (gmt 0)

10+ Year Member



There are computer viruses which upload malicious code automatically when you are connected with FTP or html editor.

Scan your PC with updated antivirus.

You can connect to FTP and see after that if the malicious code is there.

Do not save passwords in browser like Firefox etc.There are viruses who steals passwords from here too.

dstiles

10:04 pm on Sep 10, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Use SSL on FTP and any other file transfer connection. Not a complete blocker but it helps, especially if the remote only accepts SSL. And if possible force the remote FTP server to only accept YOUR IP (fixed IP helps here) and reject everyone else's.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Search Engines and SEO / Google Search and SEO 10:48 am Apr 24, 2026