Malware Related > Compromised Servers
It instals it's self in my index.htm file on my website
kris:
Hi Stven if I give you my username and password would you go to my account -base directory and look at all the files there-when you have time.I don't really know what is a "shell " and where to look for it -is it a separete file or is it "implementes" in some of thje other files and sort of hidden.I have looked at all my files there and exept for the "Lwarere.class " I removed all the others are my own.
I changed my pass word last time from my phone internet conection -it's supposed to be clean-I hope - and didn't visit my account delibaretly just to see if it's gona happen again.I'm about to change to a new server to a new host but I'm afraid it will happen there too -that's why I'm so eager to find out how this exactly happens and how to prevent it.As it looks like it's not so much my server's fold.But still when I did my last backup with filezilla I had to use my oldest password ,which means my ftp pass doesn't change automaticaly when I change my account pass word.On the other hand the host doesn't give me a option to change my ftp pass separately.They say connect to the ftp server using your account pass word,but if I connect with filezilla it works only with my old password.
One other thing gives me a BIG QUESTION MARK??? -who would want to do this to me -I 2wonder who wants to scrue up my website?!?I have no such enemies... ???
And last but not less important - Steven,I can't thank you enough for what you're doing for me.Thanks for all your time and good heart.Kriss
P/S and now I remember that I have this function of windows rememberring my passwords ,enabled - but of course not for the last ones of my website host account -should i disable this function as well -completely?
MysteryFCM:
--- Quote from: kris on June 19, 2009, 11:24:14 am ---Hi Stven if I give you my username and password would you go to my account -base directory and look at all the files there-when you have time.I don't really know what is a "shell " and where to look for it -is it a separete file or is it "implementes" in some of thje other files and sort of hidden.I have looked at all my files there and exept for the "Lwarere.class " I removed all the others are my own.
--- End quote ---
I'll be more than happy to do so, yes, but please don't post them here. Instead either PM the account details (I'll need the FTP hostname, username and password) to me, or send them to me via e-mail (mdl_users @ it-mate.co.uk)
--- Quote from: kris on June 19, 2009, 11:24:14 am ---But still when I did my last backup with filezilla I had to use my oldest password ,which means my ftp pass doesn't change automaticaly when I change my account pass word.On the other hand the host doesn't give me a option to change my ftp pass separately.They say connect to the ftp server using your account pass word,but if I connect with filezilla it works only with my old password.
--- End quote ---
If changing your account password did not change your FTP password aswell, then that will be how they got back in, which means, until the FTP password itself is changed, they'll be able to keep doing this (your host should be providing a facility to change the FTP password). If your host is telling you to connect to FTP using the account password, but you are only able to do such using the old password, you MUST inform them of this as soon as possible as they are the only ones that have the relevant facilities to look into and resolve this for you.
--- Quote from: kris on June 19, 2009, 11:24:14 am ---One other thing gives me a BIG QUESTION MARK??? -who would want to do this to me -I 2wonder who wants to scrue up my website?!?I have no such enemies... ???
--- End quote ---
The good thing, and not much comfort, is that this is not personal - they aren't targetting you directly or personally. They do this specificaly to make more money for themselves, that is their ultimate goal, they don't care who they step on to do such.
--- Quote from: kris on June 19, 2009, 11:24:14 am ---And last but not less important - Steven,I can't thank you enough for what you're doing for me.Thanks for all your time and good heart.Kriss
--- End quote ---
It's a pleasure :)
--- Quote from: kris on June 19, 2009, 11:24:14 am ---P/S and now I remember that I have this function of windows rememberring my passwords ,enabled - but of course not for the last ones of my website host account -should i disable this function as well -completely?
--- End quote ---
I'd very strongly recommend disabling that, yes.
Navigation
[0] Message Index
[*] Previous page
Go to full version