Web Hosting Forum | Lunarpages


*
Welcome, Guest. Please login or register.
Did you miss your activation email?


Login with username, password and session length
February 09, 2012, 03:54:02 PM

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: My website was hacked too  (Read 2262 times)
Paulo
Newbie
*
Offline Offline

Posts: 5
« on: September 18, 2009, 02:57:42 PM »
I have a regular .html website, no scripts, and all the pages have been hacked.  They all have an I-frame in them and when you go to the site, it tries to download a .pdf.  AVG also gave a warning that my site had malicious code. 

My computer is clean so it is happening server-side.  I re-uploaded my backup, and a few days later it was hacked again.  When I was on the other hosting company, there was a setting on there control panel where nobody could write to the server.  Does Lunarpages have something similar? 

Not sure if changing the file-attributes of folders will help using Filezilla; right-click the folder and modify the read, write, and execute checks. 

 I found a "Password Protect Directories" in CPanel, but then you need a password to access them.  I just want to block writing to the site.  Any suggestions on how to do this?


***Note: Linux host running Apache/1.3.41 Server
Logged
MrPhil
Berserker Poster
*****
Offline Offline

Posts: 5083
« Reply #1 on: September 18, 2009, 05:17:02 PM »
OK, this is a static HTML site with no scripts, so no-one injected code via the usual means. Someone had to have your account and password to sign on via control panel or FTP. You say your computer is "clean"... you've scanned not only for viruses but also for spyware such as password sniffers and keystroke loggers? Is your PC behind a firewall, too? Does it share a LAN with other PCs behind a firewall? WiFi access? I've heard of other machines on a network being taken over, and being used to sniff passwords and such. Scan all other machines that are "intimate" with yours. Change every password in sight. Hopefully that should do it, and it's not an inside job of some sort. You don't have any directories or files that are writable by others (such as xx6 or xx7 permissions), do you? Another, compromised, account on your server could get in that way. Since you're not running PHP, I don't know if suPHP will protect you against such permissions.
Logged
Paulo
Newbie
*
Offline Offline

Posts: 5
« Reply #2 on: September 19, 2009, 02:00:08 PM »
Thanks MrPhil, I left out part of what that might be important.  My site is currently html with no php or scripts, but I did have Simple Machines Forums and it was hacked.  I uninstalled it via Fantastico and re-installed it and it was hacked again so I gave up on the forum and started using static web pages. 

I don't notice untill yesterday that even though I uninstalled SMF with Fantastico it left the SMF folder on the server, so I deleted the files in the "CGI-BIN" folder.  There was one folder called Mine and there was also a file called "hostchk.cgi"  I googled "hostchk.cgi" and that might be the problem.  Also, according to Google, the specific virus I have is the "HTML/Framer virus".

I will delete this file and see if I keep on getting hacked.
Logged
MrPhil
Berserker Poster
*****
Offline Offline

Posts: 5083
« Reply #3 on: September 19, 2009, 02:43:10 PM »
Yeah, that file sounds like a hack. Did you thoroughly clean out EVERYTHING from SMF -- all its files, and its database? Some of the recent SMF hacks put nasty stuff in avatars, themes, and the database, which would keep on reinfecting you. Anyway, the latest version of SMF is 1.1.10 -- do not install anything older. If Fantastico is still backlevel, visit simplemachines.org to download the latest and greatest, and read up on security exploits.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: