Re: Warning: Iframe based attacks using stolen FTP access info
 

Just don't ever use FTP. It is completely insecure. If your hosts refuses to set up sFTP then you need to get another host. Most people don't understand that with FTP, your username and password are sent over the internet every time you connect to it. So those hosting companies that disconnect you every 5 minutes just make their hosting environment even more insecure as you have to reconnect all the time, sending your password even more times unencrypted (plain text) across the internet from your PC to the server. Anyone watching traffic on your PC or on the Server or the network in between could see your password in plain text.

We have only secure connections to our servers, including secure mail connections (secure pop or secure IMAP). It just reduces your risk this way. If you get a keylogger virus on your computer, they could still get into the server even with an sFTP connection, but your risk is lower using only secure connections to the server.

Sorry to hear about your troubles!

Carrie

Re: Warning: Iframe based attacks using stolen FTP access info
 

my site was hacked on 7/10/09 and was using version 4.2.

Re: Warning: Iframe based attacks using stolen FTP access info
 

Same here hacked over and over..using all suggested htaccess and security settings!!!!

Re: Warning: Iframe based attacks using stolen FTP access info
 

Did they hack the site or the hosting account?

Re: Warning: Iframe based attacks using stolen FTP access info
 

Also, have you run the scans for the Grumblar virus? Maybe it's your computer that's infected and that is uploading the information to the server (we've see a lot of this).

Check out this article, and the link at the bottom of the article to get a free tool to remove any trojans or keyloggers. It's what I use on a DAILY basis on my own computers;
http://billing.handsonwebhosting.com/knowledgebase.php?action=displayarticle&id=220

Re: Warning: Iframe based attacks using stolen FTP access info
 

Still trying to figure this one out. I just got done with a fresh reload of all files and in less then 1 minute...hacked with iframes..8O

Re: Warning: Iframe based attacks using stolen FTP access info
 

Did you scan your computer like I posted in the above link? you must make sure your computer (or any that has FTP access to your site) has a CLEAN server with no virus or trojans on it.

This is the most common iframe injection we're seeing - especially if it's happening within a short amount of time.

Re: Warning: Iframe based attacks using stolen FTP access info
 

For everyone's information, Its not an Xcart problem. I have dozens of sites from Oscommerce and multiple other e-commerce platforms. The hacker compromised a local machine and stole the FTP passwords from Windows with a DLL hack that is a vulnerability in WIN2k, XP and Vista. It installed IFRAME tags with malicious urls in every directory I had on 4 servers it took a minute to fix. thank GOD no data was compromised. I got to the root of the problem, rectified the damage and just wiped out my stored passwords from my FTP program. DONT STORE PASWORDS IN FTP they can be decrypted and stolen right out of windows. Just dont use auto login and store encryted passwords in your FTP program.