|
Re: Warning: Iframe based attacks using stolen FTP access info
Quote:
I have my web guy looking into this for me. So far no repeat attacks, I've changed all passwords so far. WHM is the software that controls the server. I run my own. |
Re: Warning: Iframe based attacks using stolen FTP access info
The files on my server that were hacked in this way were limited to the mm_ bla bla bla.php files associated with firetank software. Cleaned the files many times and replaced them on the server and everything would run fine for a while then bam... Same text added to end of file echo ..... bla bla bla.. then firetank Marketing Manager software wouldn't run without errors attributable to the two hacked files. Each time I cleaned the files marketing manager would run for a while then give me an error message
Bear In mind that I almost always use CoreFTP lite to FTP up to MY Server Here is how I solved my problem. Scanned server found no trojans no virus's. Scanned pc hard drive picked up a few small files with addware no virus's. changed ftp passwords. FTP'd to site cleaned two files, ran marketing manager on and off for about 20 min.... then problem returned.. did this same thing four of five more times with very similar experience. Only the last time I did this I got an error message while ftp"d to the server.. The message looked to me to be partly in an asian language. Strange to me so I repaired the files again and everything worked ok for a while then hacked file again. As I said before, Normally I used CoreFTP lite to ftp up to the server. What I did to edit the bad line of code from the two hacked files was ftp'd up to the server using WS_FTP Pro. Ran marketing manager software multiple times for most of the day no problems.. Signed on to the server with CoreFTP lite searched a few directrories and about 10 min later ran Marketing manager software and it was corrupt. Closed CoreFTP lite and went back up to server using WS_FTP Pro, edited bad lines of code out of two files. saved them and then exited. Since I have not used CoreFTP lite, the marketing manager software has run flawlessly. SO FOR THOSE THAT HAVE THE PROBLEM IT MAY BE COMMING FROM THE FTP CLIENT YOU ARE USING.. IF IT IS Coreftp lite I can almost assure you that it is the problem. I am still running the firetank software and have not had a repeat of the problem since I have not invoked Coreftp lite. So for me it seems that whatever is hacking my files is doing it through the FTP client CoreFTP lite only when I load the software to ftp up to the server. It is not happening with WS_FTP Pro. Hope this helps some of you... |
Re: Warning: Iframe based attacks using stolen FTP access info
WOW!!! Like I didn't even know this was going on until now..... Ahhhhh it's nice to have Emerson watching my back. Best #@%^ host I ever had.
|
Re: Warning: Iframe based attacks using stolen FTP access info
My client that wants to remain anonymous wants this posted just for everyone's information.
Quote:
I would have to agree with this observation. When this first came out, only a few sites showed up in google as being infected and having this code embedded and now it is a significant amount more. :( Carrie |
Re: Warning: Iframe based attacks using stolen FTP access info
Our hack was discovered today by a friend who was surfing using Google's Chrome browser. A warning came up on his screen that our site was infected with hosttracker.net malware so he emailed me. I contacted EWD Hosting and Emerson did his usual exceptionally efficient job of confirming the problem then sanitizing the site. We have changed our FTP password. So this is still an ongoing problem.
|
Re: Warning: Iframe based attacks using stolen FTP access info
Hi,
My site was infected a few weeks back. Emerson took care of it (can't thank him enough). It was a surprise for me as I have all security programs up to date and am very careful. I also run scans all the time. Today I received an update from Windows and when I rebooted the computer, the following link was on the "Malicious Software Removal for Windows" http://www.microsoft.com/security/portal/Entry.aspx?name=Backdoor%3aWin32%2fHaxdoor My up to date expensive virus protection failed to protect my pc and to discover this problem after several upgrades and scans. I urge everyone on a PC with Windows to download this latest upgrade from Microsoft. |
Re: Warning: Iframe based attacks using stolen FTP access info
Hi Sandyscloset
Can you confirm that the hack itself is new, or just the discovery? Did Emerson say when the files had been hacked at all? Just wondering (hoping) that it's been there a while and has only just been discovered. |
Re: Warning: Iframe based attacks using stolen FTP access info
Hi Pauldodman the discovery was new. Emerson didn't say when the hack occurred but he's welcome to post here any details as he knows them. Whatever can help others is fine with me. Emerson?
|
Re: Warning: Iframe based attacks using stolen FTP access info
Just read this thread over in the LC forums - appears the Qualiteam logins were compromised there. Still wonder exactly what was compromised over there and if that had anything to do with this issue?
http://forum.x-cart.com/showthread.php?t=41296 |
Re: Warning: Iframe based attacks using stolen FTP access info
My assumption based on limited knowledge is that the x-cart staff are using the same logins on each store. Somebody who had work done on their store, could decrypt the password x-cart is using to access their store, and subsequently use it on the sites of others.
|
| All times are GMT -8. The time now is 04:18 AM. |
Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.