Re: Warning: Iframe based attacks using stolen FTP access info
 

There's two methods on the hosts list. While we don't use windows servers (only unix) and our staff mainly use Linux desktops, here's the deal on the windows hosts list:

The host (your web server guys) shoudl be checking that file for any anomilities, however the USERS file can also be affected:

http://en.wikipedia.org/wiki/Hosts_file

Basically the file should be BLANK or at a minimum, known IPs. These are generally used to speed up searches and destinations on the web. Some people edit this file when they are moving sites from one server to antoher and want to test things.

Anyway, the file shoudl be empty. Open the HOSTS file with Notepad and make sure the file doesn't have anything in it. If there's something in it, then esentially what it's doing is trying to reroute you to another location.

If for example it has "yahoo.com" and then an IP number beside it, then that's probably fraud. Delete the line, and let it pick up yahoo on it's own.

Re: Warning: Iframe based attacks using stolen FTP access info
 

/me hands you some stinky socks :lol:

Re: Warning: Iframe based attacks using stolen FTP access info
 

Emerson, I opened my "hosts" file with notepad and only found this:
127.0.0.1 localhost

I am OK then?

Re: Warning: Iframe based attacks using stolen FTP access info
 

Yes. If that's all that's in there, then you're fine.

Re: Warning: Iframe based attacks using stolen FTP access info
 

Ok now i understand my pc is all ok thank god.

I have looked at the ftp log file and it seems they gained access on the 1st october the only work i have had done in this period was by xcart support???

Re: Warning: Iframe based attacks using stolen FTP access info
 

Thank you!
But I guess I won't be doing any online banking until this whole thing blows over.

Re: Warning: Iframe based attacks using stolen FTP access info
 

Thanks for that info Emerson.

None of our units are compromised, it's driving us crazy how this punk has gotten access...

I wouldn't be surprised if he is an X-Cart copy holder and he's monitoring this forum...

Re: Warning: Iframe based attacks using stolen FTP access info
 

*Peter trying to decide which Tide to use, with or without Febreeze... These are some stinky socks!*

:-D

Re: Warning: Iframe based attacks using stolen FTP access info
 

Might wanna go for pure bleach lol

As far as safe don't feel to safe if your hosts file has not been tempered with as there still could be other problems.

As far as I see there are only 2 ways here that this information has been obtained by the crooks

1. there has been a major security breach where a concentration on logins have been reached. This could be from a helpdesk of any developer that you have done business with and provided them with FTP login so they could work on your site.

2. Your computer is infected with a keylogger that is sending the login info to the hackers.


Until we find out for sure how they are getting these logins no one is safe unfortunately.

Re: Warning: Iframe based attacks using stolen FTP access info
 

Just checked mine and it has the following two entries,

127.0.0.1 localhost
::1 localhost

is the 2nd one anything to be concerned about?

Thanks