Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Warning: Iframe based attacks using stolen FTP access info
 
Reply
   X-Cart forums > News and Announcements
 
Thread Tools
  #251  
Old 08-07-2009, 08:21 AM
  BCSE's Avatar 
BCSE BCSE is offline
 

X-Man
  
Join Date: Apr 2003
Location: Ohio - bcsengineering.com
Posts: 2,885
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Just don't ever use FTP. It is completely insecure. If your hosts refuses to set up sFTP then you need to get another host. Most people don't understand that with FTP, your username and password are sent over the internet every time you connect to it. So those hosting companies that disconnect you every 5 minutes just make their hosting environment even more insecure as you have to reconnect all the time, sending your password even more times unencrypted (plain text) across the internet from your PC to the server. Anyone watching traffic on your PC or on the Server or the network in between could see your password in plain text.

We have only secure connections to our servers, including secure mail connections (secure pop or secure IMAP). It just reduces your risk this way. If you get a keylogger virus on your computer, they could still get into the server even with an sFTP connection, but your risk is lower using only secure connections to the server.

Sorry to hear about your troubles!

Carrie
__________________
Custom Development, Custom Coding and Pre-built modules for X-cart since 2002!

We support X-cart versions 3.x through 5.x!

Home of the famous Authorize.net DPM & CIM Modules, Reward Points Module, Point of Sale module, Speed Booster modules and more!


Over 200 X-cart Mods available & Thousands of Customizations Since 2002 - bcsengineering.com

Please E-Mail us for questions/support!
Reply With Quote
  #252  
Old 08-07-2009, 10:33 AM
 
sambamu sambamu is offline
 

Senior Member
  
Join Date: Jan 2008
Location: New York, USA
Posts: 165
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

my site was hacked on 7/10/09 and was using version 4.2.
Reply With Quote
  #253  
Old 08-23-2009, 02:31 PM
 
Pegasis Pegasis is offline
 

Member
  
Join Date: Apr 2009
Posts: 10
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Same here hacked over and over..using all suggested htaccess and security settings!!!!
__________________
X-Cart Gold 4.2.0
X-AOM 4.2
X-RMA 4.2
X-CONF 4.2
Reply With Quote
  #254  
Old 08-23-2009, 04:26 PM
  cflsystems's Avatar 
cflsystems cflsystems is offline
 

Veteran
  
Join Date: Apr 2007
Posts: 13,534
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Did they hack the site or the hosting account?
__________________
Steve Stoyanov
CFLSystems.com
Web Development
Reply With Quote
  #255  
Old 08-23-2009, 05:06 PM
  bigredseo's Avatar 
bigredseo bigredseo is offline
 

X-Man
  
Join Date: Oct 2002
Location: Omaha, NE, USA
Posts: 2,367
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Also, have you run the scans for the Grumblar virus? Maybe it's your computer that's infected and that is uploading the information to the server (we've see a lot of this).

Check out this article, and the link at the bottom of the article to get a free tool to remove any trojans or keyloggers. It's what I use on a DAILY basis on my own computers;
http://billing.handsonwebhosting.com/knowledgebase.php?action=displayarticle&id=220
__________________
Conor Treacy - Big Red SEO - @bigredseo
Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding!
If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet.
Omaha SEO Office with National & Local SEO Services
Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance
Reply With Quote
  #256  
Old 08-23-2009, 05:17 PM
 
Pegasis Pegasis is offline
 

Member
  
Join Date: Apr 2009
Posts: 10
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Quote:
Originally Posted by cflsystems
Did they hack the site or the hosting account?
Still trying to figure this one out. I just got done with a fresh reload of all files and in less then 1 minute...hacked with iframes..
__________________
X-Cart Gold 4.2.0
X-AOM 4.2
X-RMA 4.2
X-CONF 4.2
Reply With Quote
  #257  
Old 08-28-2009, 01:36 PM
  bigredseo's Avatar 
bigredseo bigredseo is offline
 

X-Man
  
Join Date: Oct 2002
Location: Omaha, NE, USA
Posts: 2,367
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

Did you scan your computer like I posted in the above link? you must make sure your computer (or any that has FTP access to your site) has a CLEAN server with no virus or trojans on it.

This is the most common iframe injection we're seeing - especially if it's happening within a short amount of time.
__________________
Conor Treacy - Big Red SEO - @bigredseo
Search Engine Optimization & Internet Marketing - We Bring Your Website Out Of Hiding!
If you can't be found on Google, Bing or Yahoo, you pretty much don't exist on the Internet.
Omaha SEO Office with National & Local SEO Services
Hourly Consulting - great for SEO Disaster Recovery, Audits and DIY Guidance
Reply With Quote
  #258  
Old 09-08-2009, 07:10 PM
 
Riz Riz is offline
 

Newbie
  
Join Date: Oct 2007
Posts: 5
 

Default Re: Warning: Iframe based attacks using stolen FTP access info

For everyone's information, Its not an Xcart problem. I have dozens of sites from Oscommerce and multiple other e-commerce platforms. The hacker compromised a local machine and stole the FTP passwords from Windows with a DLL hack that is a vulnerability in WIN2k, XP and Vista. It installed IFRAME tags with malicious urls in every directory I had on 4 servers it took a minute to fix. thank GOD no data was compromised. I got to the root of the problem, rectified the damage and just wiped out my stored passwords from my FTP program. DONT STORE PASWORDS IN FTP they can be decrypted and stolen right out of windows. Just dont use auto login and store encryted passwords in your FTP program.
__________________
X-Cart version 4.1.9
Pet Meds
Reply With Quote
Reply
   X-Cart forums > News and Announcements


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -8. The time now is 06:36 PM.

   

 
X-Cart forums © 2001-2018