Re: Warning: Iframe based attacks using stolen FTP access info
I got hit too. I am at Hands-On - so it seems not likely a vulnerability with the hosts.
I never give out the root ftp passwords, but have created ftp accounts for QT and various vendors - perhaps the compromise was there. My host is suggesting they may have intercepted email somehow. I did email ftp information to some vendors.
I saw the iframe edit in the main index file - am putting in a ticket to find all index files that were modified recently. (I don't have shell access - so I am having to look at directories one by one. So far - I have not found anything else.
Can anyone describe any other files or functionality that were modified? I'll be looking at all files that were changed today.
__________________
X-CART (4.1.9,12/4.2.2-3/4.3.1-2/4.4.1-5)-Gold
(CDSEO, Altered-Cart On Sale, BCSE Preorder Backorder, QuickOrder, X-Payments, BCSE DPM Module)
|