an fyi about my LL's

[plateman]

yeah I was hacked and my luck I get some google love and I have that warning message that my site may harm there computer

so I now gotta fix that problem, this biz really can get under your skin

then some of your submitters may think I put that stuff on my sites

anybody that really knows me, would know I would never stoop to that level, sure money got tight, but I went back to rebuilding transmissions non hourly months ago to make up the loss in my income, now its tuff with all my musculoskeletal problems to do both

sure I can review my lists but thats about it, and sure I take some hefty meds but there not magic

[Bill]

what type of hack?

[plateman]

Quote:

Originally Posted by Bill

what type of hack?

browser attacks and use of I frames, my host phatservers said most likely they found a hole in one of my scripts

[Bill]

Any clues to which one, which script? It seems to me that it would be useful information to everyone to know how they can be attacked.

I gather there are those two main types of hacks - ftp password thefts and using script weaknesses to inject something into the mysql (if I understand that second one correctly, and I likely don't).

We all fear the hack.

[plateman]

they didnt go into great detail, but after I got the email I thought - why didnt they tell me what script was it - LOL, but here is the email I got

PP has linkadmin and jmb AGP running it, I never heard linkadmin getting hacked on hardly any LL

It does look like some script on your site has a vulnerability. You'll see iframe tags added to your .htm files that are group writable by the www user (apache). Your ftp account does not look like it's been compromised. Your ** user has only logged in once this month. I've removed permissions for apache to write to your files and removing the iframes for you now.

[cd34]

comus thumbs anywhere on your system?

[plateman]

nope, thanks for posting

[Ramster]

plateman, I had a site have that warning from google and I sent them an email/message and explained I was hacked and it was removed and the hole was plugged and the warning was removed within a few days.

[ed_banger]

I'd still change your passwords and have your local machine scanned for viruses anyways, and possibly look into not saving your FTP passwords and/or switching to SFTP for uploading.

[plateman]

Quote:

Originally Posted by Ramster

plateman, I had a site have that warning from google and I sent them an email/message and explained I was hacked and it was removed and the hole was plugged and the warning was removed within a few days.

yeah? in webmaster tools it said it could take weeks, anyway life is good after the hack, making sales, collecting epasses, and have that G love again

I just checked some terms I am ranking for, and yesterday the warning was on my listing - but now there gone

[smutguy]

I got hit by this last month undetected malware that steals all your ftp logins.This malware looks for the following top 10 FTP programs on your system and steals all your login info/passwords.

1. CoffeeCup Direct FTP
2. TransSoft FTP Control 4
3. Core FTP
4. GlobalScape CuteFTP
5. Far Manager (with FTP plugin)
6. FileZillagot me
7. FlashFXP
8. SmartFTP
9. FTP Navigator
10. Total Commander

Read more about this scumware and how to take precautionary steps.

http://blog.unmaskparasites.com/2009...dentials-from/

hope this helps

[plateman]

Quote:

Originally Posted by smutguy

I got hit by this last month undetected malware that steals all your ftp logins.This malware looks for the following top 10 FTP programs on your system and steals all your login info/passwords.

1. CoffeeCup Direct FTP
2. TransSoft FTP Control 4
3. Core FTP
4. GlobalScape CuteFTP
5. Far Manager (with FTP plugin)
6. FileZillagot me
7. FlashFXP
8. SmartFTP
9. FTP Navigator
10. Total Commander

Read more about this scumware and how to take precautionary steps.

http://blog.unmaskparasites.com/2009...dentials-from/

hope this helps

here check out this http://www.greenguysboard.com/board/...ote=1&p=470078

and sure enough I had a virus called html/framer

[plateman]

my host is doing the clean right now, I just can't believe this shit came from my PC

[Bill]

We all fear that kind of thing. Well I do anyway.

Any thoughts on how you might have been infected, and/or how they got your ftp, etc etc?

[plateman]

Quote:

Originally Posted by Bill

We all fear that kind of thing. Well I do anyway.

Any thoughts on how you might have been infected, and/or how they got your ftp, etc etc?

4. Provided your system is clean at this point, upgrade your Flash player. This is the most likely source of the compromise. You can do so here: http://get.adobe.com/flashplayer/

[plateman]

here is how this works, your PC gets the virus and finds out your a webmaster, then it sniffs out your ftp pass, then starts uploading php files through your scripts that writes I-frames on your pages

so

so this morning other webmasters say my pages on my LL/tgp has malware on them, so I login to my dedicated server and look at my script pages and see the I-frames, and I also see the php files that the virus on my PC has uploaded to my server

so I get ahold of my host and has me read this

If your site has been infected with malicious iframe inserts and has been flagged on Google, you most likely have a virus on your PC. These exploits can keylog and steal FTP passwords, and use FTP to modify your files. This is _not_ a server exploit, it is your PC that is infected, or the PC of someone who has access to your account details. Here are the steps you can take to (hopefully) clean your PC.

1. Ensure you are using a _quality_ Anti Virus application. Avira (http://www.avira.com) and Avast (http://www.avast.com) are excellent free virus scan that detect these types of infections. Kaspersky (http://www.kaspersky.com) is an excellent paid AV app, and has a free online java scanner. If you are using AVG Free, or another free AV app, we reccomend you remove it first and then install Avira or a paid AV app. We also reccomend you install Malware Bytes (http://www.malwarebytes.com) or another quality Spyware scanner.

3. Once you have the above complete ensure these applications have the latest updates, and are set to auto update daily. Most should do this automatically, but you should check and make sure.

3. Do a quick scan with the AV and spyware apps. This should detect any running applications that are malicious or suspicious. Remove or quarantine them. Once the scan completes, you should reboot your PC and do a full system scan with the AV and spyware apps when that completes. Hopefully at this point your PC is clean. If not, you may want to consider a clean install of your PC, or search for more in depth exploit removal methods that are not covered here.

4. Provided your system is clean at this point, upgrade your Flash player. This is the most likely source of the compromise. You can do so here: http://get.adobe.com/flashplayer/


5. Ensure your PC is set to automatically update daily and has all the most recent updates installed. If you use Firefox, ensure it's set to automatically update as well. If your operating system did not come from a reputable source you should consider purchasing a genuine copy or consider some of the freely available alternatives.

6. Change all of your passwords. Not just your passwords for your Amerinoc FTP accounts, but every single online account you have be it Outlook email, Web based email, your internet banking, your MSN accounts, and so on. Once your system has been compromised with a keylogger/password sniffer you must presume someone has access to all of them and it's only a matter of time before they realize it and begin exploiting it. Use _quality_ passwords. You can google "choosing a password" to find dozens of resources about this.



7. Be proactive. Change your passwords regularly, keep your systems up to date

at first I didnt buy it untill I ran some scans on my PC and found the virus it's called "html framer"

I have been a little lax lately with #7

my server was hacked a few weeks ago and my host cleaned it out, then my still infected PC goes to work on my server again

see I kinda fucked up, my motherboard went bad a good while back and I reinstalled XP back on my PC and reinstalled most all my programs, except 1 program that found the html framer virus

let this be a warning about letting your guard down for not even a minute

[Fob]

wow, scary. That's it, no more surfing questionable porn sites for me!