[BNM] Infected Site
Catherine Pope
me at catherinepope.co.uk
Tue Jun 2 09:36:33 BST 2009
Hello Alan
I dealt with a similar problem recently, and a small amount of
JavaScript had been inserted on every page, rather than in the
database. It wasn't hosted on Fasthosts, but you couldn't put a
cigarette paper between 'em, frankly.
Best wishes
Catherine
2009/6/1 Alan Braddish <alan at webspoke.co.uk>:
> I have a client whose web site has become infected with a virus (IFramer or
> something like that). So every time you try to visit a page, AVG pops up a
> warning.
>
> The site is written in ASP, with a MySQL back-end. There is very little
> database usage in the site, and I have checked all the data in the DB and
> nothing nasty seems to have been 'injected'.
>
> However, upon FTP'ing into the site, I can see that 2 days ago, the
> filestamp on all ASP files has been updated - so the file contents must have
> been re-written, with the nasty virus code. I have tried to download
> default.asp to open it in Notepad, but AVG won't let me anywhere near it.
>
>
> Any advice on why this might of happened? The site is hosted by...wait for
> it... Farcehosts.
>
> Could their security have been compromised somehow for this to happen? As
> far as I know, the FTP passwords are pretty secure (i.e. complex), unless
> someone has hacked Fasthosts again and robbed all their passwords!
>
> Anyone else on Fasthosts have any similar issues?
>
> Or am I overlooking another route into the site for someone to be able to
> modify all files in the site?
>
> Thanks for any help.
>
> Alan
>
>
>
More information about the BNMlist
mailing list. Powered by Wessex Networks