Virus infected |
Post Reply |
Author | |
matle
Newbie Joined: 19-November-2009 Status: Offline Points: 0 |
Post Options
Thanks(0)
Posted: 18-January-2010 at 8:53pm |
Hi all,
I have successful installed and customized our website with ProductCart more than month ago. Unfortunately, last week, we got infected with virus named Trojan.Malscript B, another noted with Trojan-Downloader.JS.Agent.ewo (Kaspersky AVP) & (ZoneAlarm) I Checked our sourrces and saw that all of our .js, .asp and .html were infected. Those files were modified at the same time and date. Does any body know how our site was infected? Is it because the hacker inserted a script in one of our input fields and this script was executed by our ProductCart software? or the hosting was infected? Our code produced something that were noted as virus?, any possibilities and how to protect our site for the second time? Thanks, Edited by matle - 18-January-2010 at 8:59pm |
|
netprofits
Certified ProductCart Developers Joined: 05-January-2006 Location: United States Status: Offline Points: 22 |
Post Options
Thanks(0)
|
Hi Matle,
Most likely your site was hacked by someone who "sniffed" your FTP credentials when you connected to your web site to either upload files or make additional updates to the web site. We have heard of this happening more often over the past several months.
The best solution is to ask your web hosting service to restore a backup from before the date the files were hacked.
Additionally you should contact you web host to see if there is a way to either access your site with Secure FTP or to restrict FTP access to your computer's IP address.
Hope this helps!
Dan
|
|
Greg Dinger
Certified ProductCart Developers Joined: 23-September-2006 Location: United States Status: Offline Points: 238 |
Post Options
Thanks(0)
|
I second the suggestion at locking FTP to known IPs, perhaps that from both your home and office.
There was an attack last year where servers were being compromised by FTP, and regardless of changing the FTP password one day, the site was successfully attached the next day. The hackers would insert IFRAME code into pages. Locking FTP to known IPs will help limit your exposure to such a re-occurrance.
Good luck.
|
|
Hamish
Admin Group Joined: 12-October-2006 Location: United Kingdom Status: Offline Points: 56 |
Post Options
Thanks(0)
|
Hi Matle,
My suspicion is that the problem is server related, or another app on the same server. Either that or an FTP account with sufficient privileges has been cracked. Our own site and that of many customers are scanned regularly for vulnerabilities and there are no known vulnerabilities in the code. The hosting company should be able to examine the server logs to help ID the source/route of infection. |
|
matle
Newbie Joined: 19-November-2009 Status: Offline Points: 0 |
Post Options
Thanks(0)
|
Thanks all for prompt reply.
|
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |