1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacker Keeps Infecting my Sites

Discussion in 'Black Hat SEO' started by Spaceman, Oct 18, 2010.

  1. Spaceman

    Spaceman Regular Member

    Joined:
    Aug 8, 2009
    Messages:
    435
    Likes Received:
    53
    Hi,

    Some c**t keeps hacking my sites. The latest one places a fakeAV trojan in my index file.

    It doesnt always seem to be served though with the index file - only sometimes which is strange and makes me wonder if they have hacked the webserver.

    Anyways - I want to prosecute this criminal - can anyone help me out?

    I suspect its my competitor but cant prove it.

    Cheers
     
  2. tshin810

    tshin810 Junior Member

    Joined:
    Jun 16, 2009
    Messages:
    163
    Likes Received:
    668
    enhance your website security:
    1. by update to newest version of platform.
    2. Try to change your file permission.
    3. Change all hosting and platform passwords.
    4. scan your computer if your OS is hiding some trojans or keyloggers.
     
    • Thanks Thanks x 1
  3. ExtraWinner

    ExtraWinner BANNED BANNED

    Joined:
    Jun 18, 2010
    Messages:
    2,346
    Likes Received:
    3,463
    Change pass to 20 random letter, number and signs - thats way he wouldnt be able to infect you...
     
    • Thanks Thanks x 1
  4. Spaceman

    Spaceman Regular Member

    Joined:
    Aug 8, 2009
    Messages:
    435
    Likes Received:
    53
    Guys - I just went up to the server (FTP) and checked out my index.php file and its clean. The date stamps are right aswell - theres been NO tampering.

    Does this mean the host is infected and intermittently serving up this shit inside my pages?

    Its a small script that goes in a 0 size iframe - I cant put it here obviously. Next time I infect my PC with it i'll try and get more info.

    Again tho - do you guys think the hosts infected somehow - cos my index isnt!!!!

    Cheers - I appreciate any help on this.
     
  5. asiriusthoth

    asiriusthoth Jr. VIP Jr. VIP Premium Member

    Joined:
    Oct 4, 2010
    Messages:
    999
    Likes Received:
    761
    Occupation:
    If your on here, might as well friend me. Let's sh
    Location:
    Fort Worth, TX
    Contact your provider right away. The server could easily be infected and affecting every single account on the host.
     
    • Thanks Thanks x 1
  6. wpbacklinks

    wpbacklinks Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 27, 2010
    Messages:
    3,397
    Likes Received:
    1,339
    Gender:
    Male
    Occupation:
    Affiliate Marketer
    Location:
    Everywhere
    do you use wordpress? scan your wp-includes directory. or try online scanner.

    Code:
    http://www.google.com/search?hl=id&client=opera&hs=QaE&rls=en&q=website+scanner&btnG=Telusuri&aq=f&aqi=&aql=&oq=&gs_rfai=
     
    • Thanks Thanks x 1
  7. Mage

    Mage Junior Member

    Joined:
    Jan 31, 2008
    Messages:
    150
    Likes Received:
    18
    I had a nightmare for months. Had some 20 autoblogs doing really well and suddenly one by one they were hacked. Later I found out through reverse checking that many sites on the same server were hacked including a government site as well.
     
    • Thanks Thanks x 1
  8. lewi

    lewi Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 5, 2008
    Messages:
    2,309
    Likes Received:
    818
    I has the same problem on every single domain on my account!

    Contacted hostgator and they removed it within 24 hours.

    Turns out it was my pc that was infected and it exploited any ftp connections that i had saved or used on my pc in the past... so that meant it replicated itself on my server in the background!

    So i would check your pc and then change the ftp/cpanel password and talk to your host to get it cleaned up.

    Lewi
     
    • Thanks Thanks x 1
  9. Spaceman

    Spaceman Regular Member

    Joined:
    Aug 8, 2009
    Messages:
    435
    Likes Received:
    53
    Thanks all - I contact the host and they said they found a virus in a php file which was invoked by my index.php file.
    They say its fine now - I'll wait and see.

    The thing is - theres never any action against hackers is there? Why dont I just go and hack a few sites at pr5 and stuff a couple of links in then?

    I wont - but you get the picture.
     
  10. wannabie

    wannabie Elite Member

    Joined:
    Mar 11, 2009
    Messages:
    3,807
    Likes Received:
    2,954
    Occupation:
    Seo and Marketing Suprisingly
    Location:
    Your bedroom window
    Home Page:
    Was this wordpress btw?
     
  11. Spaceman

    Spaceman Regular Member

    Joined:
    Aug 8, 2009
    Messages:
    435
    Likes Received:
    53
    No Dan - it was a PHP Oscommerce install.

    Spaceman