swirt
Forum founder. Former Owner.
- Joined
- May 17, 2008
- Messages
- 3,210
- Reaction score
- 1
I've just run into two local websites that have been hijacked to spread malware. Their owners were not aware of it until I emailed them. The method is very similar to what Copperhead ran into in this post.
The method is basically that they gain control of your ftp username and password (largely because people make them way to simple) and they add some code to the bottom of your page that uses an iframe to link to their malware site which then tries to corrupt your computer. One side effect is that it usually damages the last bit of code on the page (which often happens to be google analytics code or some other tracker). The tracker code is not the cause, merely a casualty.
Please, if you are managing your own site using FTP, make sure you are using a long and complex password (think multiple words and numbers and other characters). If you are using something that is 8 characters or less, you may want to change it.
Google and the others are often delisting sites that they run into that have been hijacked until the hijacking has been repaired. Sometimes that can take a website out of the SERPS for a while so you want to avoid that.
The method is basically that they gain control of your ftp username and password (largely because people make them way to simple) and they add some code to the bottom of your page that uses an iframe to link to their malware site which then tries to corrupt your computer. One side effect is that it usually damages the last bit of code on the page (which often happens to be google analytics code or some other tracker). The tracker code is not the cause, merely a casualty.
Please, if you are managing your own site using FTP, make sure you are using a long and complex password (think multiple words and numbers and other characters). If you are using something that is 8 characters or less, you may want to change it.
Google and the others are often delisting sites that they run into that have been hijacked until the hijacking has been repaired. Sometimes that can take a website out of the SERPS for a while so you want to avoid that.