Forum Moderators: phranque
And one of my friend's site which is hosting with the same host company is hacked as well.
I conteact one of hosting server, they provided facility to allow me to restore all contents back to one of their backup points, but another host company only reply me said "The only way that your website can be attacked is if your scripting and permissions have not been secured. This is not an attack on the server but your contents specifically...All we can recommend is to delete all the contents from the server and then secure your scripting before uploading...this issue is not related to any kind of security issue related to the hosting services we provide."
Is that not server's security problem at all? How did virus access/modefy my webpages? And how to script and set permission in a secure way?
I tried via ftp set CHMOD public read only on my web folder, but it will not let me do it, it alway goes back to 707, what number is best setting anyway?
Somebody geek please help!
Thank you!
I suggest you update or replace any scripts that are running on both sites.
How did virus access/modefy my webpages?
Don't be as concerned about your server permissions. If you don't know what you are doing, you can do more harm than good, leave them at the defaults.
I say this because what your ISP is telling you, really, is your site is getting hacked because whatever scripts you are running are vulnerable to injection of some sort.
What is the nature of your web site scripts, did you write them yourself or are they open source software?
If it's open source, search Google for [software name] vulnerabilities, keep it updated and patched.
If you wrote them yourself, or had someone do it for you and any variables are allowed to pass through unfiltered, you are vulnerable to both cross site scripting and, if you use a database, mysql injection.
Example:
<input type="text" name="searchterm">
echo "$_POST['searchterm']";
I could send data in the field searchterm that could inject a malicious script, add data to your database, tons of things.
This has nothing to do with your host or any of your file permissions.
It is a definitely case of your "Personal Computer" hacked. The PC from which you used to do the FTP is hacked by the virus and now the Virus is uploading files with it's own embedded code.
Lately this virus has attacked on so many PCs and websites and I have resolved more than 50 issues in the last 2 months.
Now, what you need to do is:
1) First thing, VERY Important, Change all the FTP passwords.
2) Do NOT save password in your FTP program. Put your password each time when you connect using FTP.
3) Download All the files and folders of your website and first search for the index files. There you will see <iframe> coding.. remove that. It also puts echo"<iframe ...." in PHP.. so search for that also.
4) These Iframe codes would have been embedded into <Body> Tags too .. remove that
Let me know if I can do anything more for you.
Regards
