Not sure if this is the correct forum section but;
My site was hacked into at around 0520 this morning and all of the html files were infected with the following malware;
detected: Trojan program Trojan-Downloader.HTML.Agent.mu
URL: gogo2me.net/.go/check.html
It is a hidden IFRAME that redirects users to some dodgy sites (above).
Luckily I was quite quick and the site was not trawled and marked as bad by Google etc.
I have cleaned the whole site and re-loaded files where necessary.
I have updated and strengthened my server password.
All file access codes are 644 or higher - I think.
Does anyone here have experience of this, especially about where the malicious script might be lurking? Or was it just a brute force attack on the server that got somebody user access rights?
My event logs don't show any evidence of access.
I hesitate to ask on the forum but - is there anything I need to check for corruption within my ACTv9 directories?
Any experienced guidance would be appreciated.
My site was hacked into at around 0520 this morning and all of the html files were infected with the following malware;
detected: Trojan program Trojan-Downloader.HTML.Agent.mu
URL: gogo2me.net/.go/check.html
It is a hidden IFRAME that redirects users to some dodgy sites (above).
Luckily I was quite quick and the site was not trawled and marked as bad by Google etc.
I have cleaned the whole site and re-loaded files where necessary.
I have updated and strengthened my server password.
All file access codes are 644 or higher - I think.
Does anyone here have experience of this, especially about where the malicious script might be lurking? Or was it just a brute force attack on the server that got somebody user access rights?
My event logs don't show any evidence of access.
I hesitate to ask on the forum but - is there anything I need to check for corruption within my ACTv9 directories?
Any experienced guidance would be appreciated.
Comment