Announcement

**cbarling** · 19-Jun-2012, 06:40 AM

There are no known security issues with SellerDeck (Actinic) if you are on the latest build of v10.

One thing that has consistently shown up is where there is a worm on a PC and it picks up the FTP user name and password from your PC. It then sends this to a central collection point somewhere on the web. Later, it FTP's it's dangerous payload to your site. It's very hard to detect because the installation of the nasty stuff is "normal" as far as all monitoring systems are concerned, and the security breech happens completely separately from the problem and at a different time.

The solution is first to change your FTP password, then to scan your PC. After that, change your password again.

Of course, it could be something different but this particular one has come up a number of times.

Chris

**fergusw** · 19-Jun-2012, 09:01 AM

We posted about how to deal with a similar issue some time ago.
http://www.teclan.com/blog/latest/ma...-your-website/
Hopefully it will help - it explains a way to test and check for such attacks.

**Sean Williams** · 19-Jun-2012, 10:36 AM

Something else to look out for is accessing your site via a search result.
We were blissfully unaware that visitors clicking on a search result were being directed to a porn site, whereas whenever the site was accessed directly (via URL) it showed perfectly well.
So we do daily checks on our sites via search engines.

We think the site was compromised for a day or two - it was a customer who rang to tell us; he wasn't affronted, just being neighbourly.

**Mike Hughes** · 19-Jun-2012, 10:59 AM

You also have to check any htaccess files on your site. These do all the background work in redirecting pages and urls and any hacks to them will not be fixed by doing a refresh.

Mike

**Sean Williams** · 19-Jun-2012, 11:03 AM

Mike - agreed - it was the .htaccess file that was hacked (no idea how)

**nickr** · 19-Jun-2012, 01:48 PM

Thank you for the suggestions, my knowledge of how to look at htaccess files etc is zero so if you could come back to me and explain further where I need to look to see this I would be pleased. I block trackers, use proprietary anti-virus software and avoid dodgy browsing so am puzzled how it could be indirect but accept that it could be.

**guccij** · 19-Jun-2012, 03:12 PM

Access your files on the server. Look for the .htaccess file. Download it. Open it with notepad or similar. Check for dodgy urls/redirects. Repair. FTP the file back to the server.

**Mike Hughes** · 19-Jun-2012, 03:21 PM

The files you want to check are called '.htaccess'

These files are used to tell the web server what to do under certain circumstances and have several commonly used functions. Things like:

- What file to serve/display under error conditions
- What file to show as a default for a directory (index.html, etc)
- What redirects to perform (to show the right pages if an old page is called for)
- etc

To see if you have any on your server and what they're doing:

1. ftp into your server and look in both the root and the /acatalog/ folder.
2. You should see a file called .htaccess (if not, try setting your ftp software to show hidden/system files).
3. Copy and rename the file to something else - htaccess1.txt for example
4. transfer to your PC where you can then view with a text editor

If you see anything suspicious (such as redirecting to an external site or even code/scripting that may be hiding what it's really doing) then contact your web host for advice. Remember .htaccess files have valid usage so you can't just delete them if you find any.

Mike

**Sean Williams** · 19-Jun-2012, 03:52 PM

One note - IIRC Actinic doesn't install an .htaccess file automatically (if at all) so unless you or your Host have put one there, it might not be present.

**Steve G Griggs** · 19-Jun-2012, 08:59 PM

Htaccess

No it doesn't Sean... That's should be done by the hosting company.

Announcement

site hacked- how to prevent it recurring

site hacked- how to prevent it recurring

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment