My site was hacked. Here is what I learned
I used to read these threads and think "oh, it won't happen to me".
Then it did. And it will happen to you also. Be ready.
Here is what happened to me now for the 2nd time.
I have an account at Hostmonster that I use for some projects I'm outsourcing. The sites were hacked and we got a warning about trojans if we tried to visit the sites.
I logged in via FTP to look at what files were modified since I had last seen it running cleanly. Pretty much all index.php files had iframes injected in them. A big pain in the ass, but I cleaned up all files for all wordpress sites, theme files, etc. Took a couple of hours.
We changed our site passwords (FTP stuff, etc).
That was back in March. Today I got an email from my outsourcer that the same thing happened again. I login again, sure enough, same deal.
I clean the files AGAIN. But this time I go into hostmonster (cpanel) and I download my FTP access logs. I start looking through them and I can clearly see 100% verifiable proof that this was indeed done through FTP, so someone has my password and changed things on me.
All of the internet digging I've done suggests that there is a trojan on someone's PC, and when they login to FTP (via FileZilla), passwords are stolen.
I have FTP access as does one of my employees. We both use FileZilla. He's on a PC and I'm on Mac and PC. It could be either one of us. Problem is I have NO idea how to find out if my PC is infected with this trojan.
Anyone have any ideas?
I've changed my password again. I can see the logs. The attacker comes in through the primary FTP account.
Then it did. And it will happen to you also. Be ready.
Here is what happened to me now for the 2nd time.
I have an account at Hostmonster that I use for some projects I'm outsourcing. The sites were hacked and we got a warning about trojans if we tried to visit the sites.
I logged in via FTP to look at what files were modified since I had last seen it running cleanly. Pretty much all index.php files had iframes injected in them. A big pain in the ass, but I cleaned up all files for all wordpress sites, theme files, etc. Took a couple of hours.
We changed our site passwords (FTP stuff, etc).
That was back in March. Today I got an email from my outsourcer that the same thing happened again. I login again, sure enough, same deal.
I clean the files AGAIN. But this time I go into hostmonster (cpanel) and I download my FTP access logs. I start looking through them and I can clearly see 100% verifiable proof that this was indeed done through FTP, so someone has my password and changed things on me.
All of the internet digging I've done suggests that there is a trojan on someone's PC, and when they login to FTP (via FileZilla), passwords are stolen.
I have FTP access as does one of my employees. We both use FileZilla. He's on a PC and I'm on Mac and PC. It could be either one of us. Problem is I have NO idea how to find out if my PC is infected with this trojan.
Anyone have any ideas?
I've changed my password again. I can see the logs. The attacker comes in through the primary FTP account.
I run a few startups that address critical business problems. PM or Skype me about joining my direct affiliate programs. My products are business continuity and customer testimonials. Both are unique.
Experience Content Writer - PM Bretski!
Get quality MegaSpun Articles for less than $4 each!
I was making money in days with the 4 Day Money Making Blueprint
Why Struggle? http://www.onlinebusinessbuildingsuccess.com/ssas
..--> White Death : the Sniper Who Killed 705..in 100 Days. Will you be the next!..coming soon..
...
..-->*FREE WSO*<-- Beat Super Affiliates at their own game..Shocking! Sniper Affiliate Tools.[*FREE WSO*]