Membership is FREE, giving all registered users unlimited access to every Acorn Domains feature, resource, and tool! Optional membership upgrades unlock exclusive benefits like profile signatures with links, banner placements, appearances in the weekly newsletter, and much more - customized to your membership level!
Sedo Global Domain Report

Hacked Sites

Status
Not open for further replies.
S

stender

Joined
Nov 8, 2005
Posts
2,495
Reaction score
32
I've had a few sites hacked whereby IFRAMES have been placed within index files which causes google to block your site due to malware. It smells like there are virus' which snoop ftp traffic although i've picked nothing up on my pc. I use dreamwaver to do all my sites which is obviously a security risk, so can anyone recommend a user friendly way of managing my sites say using sftp?

Thanks.
 
Have you checked the html files on your PC? There is a virus around that adds the iframe to html files stored locally on your pc rather than it being done on your server.

Grant
 
Hi Stender

check your ftp settings thats whan caused the probelm last year with me. with the iframe virus. better to use direct log in from server
 
Have scanned my pc several times with various apps and hijack this and found nothing.

What do you mean check my ftp settings dk?
 
I was using a payed ftp program and was hacked into giving my login details ect ect for about 300 sites. took me about 6 weeks to get all sorted and we traced it back to the ftp software.

so from now on we only do work now direct to server
 
To rule out a virus on your pc you just need to look at a html file and see if the iframe is there, if it isn't then it's probably not a virus on your pc.

Grant
 
i've found iframes on html and php pages.
1 plain html site, 1 gallery2 site, 1 brand new wordpress site (just started luckily). normally a url to some .ru site in the frame.
It's gonna be a pain in the arse developing in dreamweaver but uploading using something else!
worst thing is how long it takes to spot. 1 site was ranked page 1 of google and now nowhere.
 
Where are you hosting the sites Stender - it could be that the server they are on is compromised?

Also if you have used your own or any 3rd party PHP code (scripts, software) you should check that it isn't vulnerable in any way.

We once had a very old version of Twiki hidden away on an old domain name... It had several known security issues which were all fixed in the latest version, but we were running the old version. Some git in Turkey found it and exploited it and managed to deface four other sites (running Wordpress).

If you're on a shared server it could be that another user's site has been hacked and this in turn has let the attacker insert the code into your site.

Food for thought, good luck with sorting it all out.
 
I've just seen that one of the sites which was hit and that I reinstalled has just been hit again, and thats after me changing the password.
It's smelling more of a virus. I'll have to scan my work pc.
The site in question has had an iframe stuck in the top of the body of index,php and is running gallery 2 and the index.php under that has an iframe at the bottom and the rest of the code has been deleted.

The site was first hacked on 1 host, i then moved it to another and it's happened again. Which again smells of a virus as grant has suggested.

I did notice delalien has just posted he's been hacked via ftp though.
 
stender said:
I've just seen that one of the sites which was hit and that I reinstalled has just been hit again, and thats after me changing the password.
It's smelling more of a virus. I'll have to scan my work pc.
Click to expand...

Hard to say without knowing a lot more but that smells to me like the server is compromised rather than it being a virus on your PC.
 
It's happened again! I have a site running gallery2 and again it's had iframes added and been marked as unsafe by google.

I scanned my pc's with malware bytes and found a trojan, removed it and then changed my passwords and changed dreamweaver so it didnt store them. All fine for weeks until 01:56 on the 3rd!
 
Status
Not open for further replies.

Similar threads

it.com
it.com How To Launch a Website for an IT Startup: A 3-Step Guide
Replies
0
Views
221
it.com
it.com
KevDI
Domain Incite .home, .mail and .corp could get unbanned
Replies
1
Views
615
cloud
C
it.com
it.com How to Optimize Your Website for ChatGPT Search
Replies
0
Views
406
it.com
it.com
it.com
it.com How to Fix “Your Connection To This Site Is Not Secure” Issue: A Guide for Website Owners
Replies
0
Views
326
it.com
it.com
it.com
it.com Why Is Your Website Traffic Down? 5 Ways To Analyze And Fix Traffic Drops
Replies
0
Views
241
it.com
it.com
Domain Summit Europe 2025

The Rule #1

Do not insult any other member. Be polite and do business. Thank you!

Members online

Total: 354 (members: 7, guests: 347)
IT.com

Premium Members

Sedo Global Domain Report
Aucdom Auctions
Catch Club
dot Hiphop

Latest Comments

Upcoming events

New Threads

Domain Forum Friends

DNForum
ConsultDomain.de
Domaineforum.fr
Domainforum.ro
DN.ca
DomainFragen.de
Inforum.in

Our Mods' Businesses

DomainUI Mod
*the exceptional businesses of our esteemed moderators
General chit-chat
Help Users
  • No one is chatting at the moment.
      There are no messages in the current room.
      Top Bottom