Spyware Warrior

ramya

Hi All,

I hace a website and as soon as it is opened it gets redirected to a spy site . I don't really understand whether my site is hijacked.

It happens very often.I did vulnerability check and fixed the javascript which was injected in my home page, due to which google had abandoned my site.

My site was in 2nd position in google search ,now its in 9th position, which is ridiculous..

I installed anti spyware software , due to which it won't redirect on that particular system. But at the same time if I open the url in a different machine, in fractions of seconds its redirected to Suspicious site.

So is it something been affected to FTP itself or I don't have any idea what should be done?

Please I need a urgent solutions because its long time I'm struggling to solve this Problem.

Thanks in advance

Regards,
Ramya

suzi · Posted: Fri Jun 06, 2008 6:30 am Post subject:

Hi ramya,

Your site may have been hacked. It's happening a lot lately. You should contact your hosting provider and you should check all your content for new pages or changes to your web pages and code. I don't have time right now, but if you want to PM me with the URL for your website, I might be able to check it later this evening.

Also change all your passwords to your FTP account, control panel, etc.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile

ramya · Posted: Sat Jun 07, 2008 2:44 am Post subject:

Hi Suzi,

I checked each and every file to see that files with names default, home, index were injected a javascript gban(x).

Inspite of changing username and password, this is occuring. I don't really understand what to do? Is there a way to scan the ftp or to block such injection to site?

Regards,
Ramya

suzi · Posted: Sat Jun 07, 2008 2:18 pm Post subject:

Ramya,

It's hard to say how it is happening, expecially without knowing what kind of content is on your site. Do you have your own dedicated server, or do you have shared hosting? Either way, you should contact your hosting company and tell them what is happening and they may be able to tell you what to do to stop it. If you are on shared hosting, it may be a problem with the hostng company's security and no fault of yours or your site.

There are a lot of ways this can happen. If you have a blog, there are vulnerabilities in WordPress. If you are using Coppermine Photo Gallery, there are holes in it. If you have a forum, is the forum software up to date? There are security issues with outdated web apps and hackers take every advangate to use those holes. Does your site content use a database like sql or mysql? There is info about sql injections.

http://en.wikipedia.org/wiki/SQL_injection

You may be the victim of a cross-site scripting attack.

http://en.wikipedia.org/wiki/Cross-site_scripting

I can't stress enought that you should contact your hosting company about what is happening. Some are good about helping, others not so good but they should know. You should check all your web apps, like forums, blogs, etc. to make sure you are using the latest version. You should also check your own computer to make sure you haven't been infected from your own site.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile