Announcement

Collapse
No announcement yet.

Site hacked and can't upload

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Site hacked and can't upload

    Hi there

    I seem to have had a customer's home (index) page hacked with loads of words and hyperlinks inserted at the bottom of the home page. This seems to be the only page affected.

    When I try to upload the website again from Actinic (using the Update button), it gets to the 4th item in the window 'checking search indices' then bombs out. I'm guessing that someone has changed the FTP details so this process isn't completing?

    Can't access using FTP software either.

    This is the website;
    Code:
    http:// www . morethancoffee . co . uk  /index . html
    Moderator: I have removed the linking from your post as it may infect visitors also.

    Note that the page on my pc looks fine.

    I've requested the customer get the host company to investigate urgently but does anyone have any other useful advice please?

    Thanks

    #2
    Also check the PC that is used to upload with for any virus or malware.

    Comment


      #3
      This is the advice we have as a helpfile for pinbrook clients - the steps are the same for anyone with a pc based virus/trojan

      Steps to take to clear a virus from your PC and clear your website.

      1 Download Kaspersky Anti Virus, uninstall any antivirus software from your PC, uninstall any anti spyware programs from your PC. Reboot PC, install Kaspersky, allow Kaspersky to update itelf with the latest AV definitions.

      2 Disconnect your PC from the internet.

      3 Run a thorough scan of your PC/system. Allow Kaspersky to detect and clear all viruses/known threats from the PC.

      4 When Kaspersky reports your system to be clean, reconnect to the net.

      5 Change your FTP password (Control Panel, FTP User from top grey bar, password).

      6 Change network settings in Actinic to reflect the new password, do a complete site refresh from Troubleshooting menu.

      7 If your index page (or any other webpages) are outside Actinic upload clean versions of these pages.

      8 Return to Kaspersky, make sure it is set to routinely download new AV definitions, (there is an auto setting for this) Also set Kaspersky up to scan your system on a daily basis.

      9 Remember to regularly change your FTP password. Your password should be 8 characters or more, includes letters and numbers, upper and lowercase.

      Comment


        #4
        Thanks for your tips.

        I don't think it's my pc - I haven't uploaded to the site in 5 months and this problem occured on Friday. I have run another virus check just in case. Next stop is the host company.

        Comment


          #5
          Have you tried

          Help | Troubleshooting | Website purge

          May just be something that has got corrupted and not a virus
          Chris Ashdown

          Comment


            #6
            Originally posted by mcullen View Post
            Thanks for your tips.

            I don't think it's my pc - I haven't uploaded to the site in 5 months and this problem occured on Friday. I have run another virus check just in case. Next stop is the host company.
            Indeed, if you haven't uploaded for 5 months it may be that the incursion is serverwide, thus your host has closed down FTP. In this situation you will be issued with a new FTP password, once they have cleaned the server.

            Comment


              #7
              Host company have reset FTP and I can now successfully upload via Actinic. However, this doesn't get rid of the bad script on the home page so nothing has changed really. I want to try uploading the index.html manually but can't locate it on my pc (I can only find the index for the shop itself). There seem to be quite a few files that have been uploaded about 9 days ago that are unauthorised however it only seems to be the home page that is affected. The site is still successfully taking orders.

              The other option is to do a 'website purge' but I'm not confident with this. Do I risk deleting the Perl files?

              Thanks for your help.

              Comment


                #8
                Site sorted - I manually downloaded the index.html page and re-uploaded it again. There were quite a few weird php files present on the site which I've now deleted/renamed.

                Comment


                  #9
                  You need to check all files with the same datestamp as the infected index HTML page with a view to replacing them.

                  If you are unsure then just let us know the filenames involved and we can advise. At some time you will need to gain some familiarity with the upload procedure as refreshing the site is often a solution to other issues that you will come across as some stage in your actinic career

                  Comment

                  Working...
                  X