PDA

View Full Version : Advice On Stopping Hackers Changing Files On My Webserver



PaulBrUk09
02 Aug 2009, 07:00 AM
Yesterday i noticed all my websites that i have built in the last year had a large blank space above the websites content, on inspection via FTP clienet, the index.php files ahd been modified on 29/07/2009 by somebody else..

one of the sites has now been tagged by google as having malware and brings up the red warning box.

I removed the line of dodgy code and have asked google to review the site again to remove this, I have changed my control pannel password & changed the FTP password to hopefully stop any attempt again to change my files..

I guess the files were changed via FTP, is there anyway to protect my sites further? the only write access is giving to the the owner, all others are set to read only..

Thanks Paul.

alvo
02 Aug 2009, 02:42 PM
There are ways other than FTP to hack into websites: http://securitylabs.websense.com/content/Alerts/3421.aspx

If the sites are hosted on servers that you don't own and maintain, then contact the host company so that they are aware of the issue and can address it. It's likely, especially if your sites are all from the same host and especially if they are all on the same server, that the issue isn't specifically with your websites, but rather with the server having a venerability that has allowed intruders access to files.

Changing all site passwords is the first step. Switching from using FTP to Secure FTP (sFTP) is something you should also do. If your host doesn't offer sFTP, ask them why (sFTP encrypts passwords so they can't be intercepted like they can with FTP where they are sent as plain text).

Is there a script in common with the sites hacked? If so, look into whether they may be the source and see if there is an upgrade for it.