Quantcast

Website hijacking is on the rise

INNspiring.com | Innkeeper Forum & Innkeeping Resources

Help Support INNspiring.com | Innkeeper Forum & Innkeeping Resources:

swirt

Forum founder. Former Owner.
Joined
May 17, 2008
Messages
3,210
Reaction score
0
I've just run into two local websites that have been hijacked to spread malware. Their owners were not aware of it until I emailed them. The method is very similar to what Copperhead ran into in this post.
The method is basically that they gain control of your ftp username and password (largely because people make them way to simple) and they add some code to the bottom of your page that uses an iframe to link to their malware site which then tries to corrupt your computer. One side effect is that it usually damages the last bit of code on the page (which often happens to be google analytics code or some other tracker). The tracker code is not the cause, merely a casualty.
Please, if you are managing your own site using FTP, make sure you are using a long and complex password (think multiple words and numbers and other characters). If you are using something that is 8 characters or less, you may want to change it.
Google and the others are often delisting sites that they run into that have been hijacked until the hijacking has been repaired. Sometimes that can take a website out of the SERPS for a while so you want to avoid that.
 

Morticia

Administrator
Staff member
Administrator
Moderator
Joined
May 22, 2008
Messages
17,274
Reaction score
143
Other than what Copperhead described as happening, how would the website owner know? I mean, my website is my homepage for the web browser, would I see something happening when I started the browser? As an example, would my AV software suddenly engage and start telling me my computer is being attacked?
Ta, BTW, as last time you posted this I did change my FTP pw.
 

swirt

Forum founder. Former Owner.
Joined
May 17, 2008
Messages
3,210
Reaction score
0
Other than what Copperhead described as happening, how would the website owner know? I mean, my website is my homepage for the web browser, would I see something happening when I started the browser? As an example, would my AV software suddenly engage and start telling me my computer is being attacked?
Ta, BTW, as last time you posted this I did change my FTP pw..
In the case of the two I just stumbled into, my antivirus (Avast) came up and blocked it. I could tell by the cryptic message that it was the iframe attack. If your antivirus is up-to-date it should intercept it and notify you of a problem.
 

Morticia

Administrator
Staff member
Administrator
Moderator
Joined
May 22, 2008
Messages
17,274
Reaction score
143
Other than what Copperhead described as happening, how would the website owner know? I mean, my website is my homepage for the web browser, would I see something happening when I started the browser? As an example, would my AV software suddenly engage and start telling me my computer is being attacked?
Ta, BTW, as last time you posted this I did change my FTP pw..
In the case of the two I just stumbled into, my antivirus (Avast) came up and blocked it. I could tell by the cryptic message that it was the iframe attack. If your antivirus is up-to-date it should intercept it and notify you of a problem.
.
I've had that with 2 local sites here. I emailed both of them but found the problem recurring after they said it was fixed. So I emailed them again to explain what I was seeing. One of them has brand new owners. Great intro from me...hi, welcome to the community, your website is causing my AV software to light up like a Christmas tree.
My Av software has generally said something along the lines, 'blocked attack from suspicious Adobe download from this IP address,' giving an address overseas.
I could see that happen on every page on the site, except I didn't know that that it was that inn's website until after it locked up my web browser completely . But each separate page I had clicked had a subsequent 'attack blocked' message.
Now, if someone doesn't have any problems loading the same pages, would that mean that their AV software isn't picking it up and they are getting hit, or what?
 

Copperhead

Well-known member
Joined
Jun 24, 2008
Messages
5,969
Reaction score
0
Great Swit - everyone - read his words and take all the precaustions you can. It took DH several days to totally clear this from our site by changing our passward to a very complex one. Then looking at all script to make sure it was all removed. Don't fall victim like we did!
 

swirt

Forum founder. Former Owner.
Joined
May 17, 2008
Messages
3,210
Reaction score
0
Other than what Copperhead described as happening, how would the website owner know? I mean, my website is my homepage for the web browser, would I see something happening when I started the browser? As an example, would my AV software suddenly engage and start telling me my computer is being attacked?
Ta, BTW, as last time you posted this I did change my FTP pw..
In the case of the two I just stumbled into, my antivirus (Avast) came up and blocked it. I could tell by the cryptic message that it was the iframe attack. If your antivirus is up-to-date it should intercept it and notify you of a problem.
.
I've had that with 2 local sites here. I emailed both of them but found the problem recurring after they said it was fixed. So I emailed them again to explain what I was seeing. One of them has brand new owners. Great intro from me...hi, welcome to the community, your website is causing my AV software to light up like a Christmas tree.
My Av software has generally said something along the lines, 'blocked attack from suspicious Adobe download from this IP address,' giving an address overseas.
I could see that happen on every page on the site, except I didn't know that that it was that inn's website until after it locked up my web browser completely . But each separate page I had clicked had a subsequent 'attack blocked' message.
Now, if someone doesn't have any problems loading the same pages, would that mean that their AV software isn't picking it up and they are getting hit, or what?
.
If someone was hitting the same site without the AV alerting them it is likely that their AV was not intercepting it for whatever reason (out of date, up-to-date but wimpy, disabled...)
 

cmonahan

Member
Joined
Nov 24, 2008
Messages
17
Reaction score
0
Using numbers and letters (both lower and uppercase) is the way to go. Also, please don't use pet names, spouse names or birthdays. They may be hard to remember, but harder to guess. I have many passwords that I use, but a few of them are so complex that I will tell someone out loud (if they are logging into a website as me for instance) and they can never remember them.
 
Top