Hacked Big Time, Can't Figure Out How

Dennis, You might find Google's info on the subject useful.
Google Safe Browsing diagnostic page for addonrock.ru

Also you should contact HostGator if you haven't already done so. They may be able to isolate and repair your sites from with in their Hosts.

Good Luck. If I find more info I'll send it to you.

Have a Great Day!
Michael

It might be related to the recent exploit found in 64-linux operating system. The exploit was found over the weekend, and servers have been hacked right and left for the past several days.

Details about the exploit - http://www.zdnet.co.uk/news/security...177/?s_cid=116

Check with your hosting provider and make sure all of your servers have been patched.

... by default; (and most hosts don't change the defaults); your SSH port is set to 22. That's what its set to for a good percentage of hosts on the net.

If you're on a shared server; might take a little persuading to get the provider to change the port... but, on a VPS or dedicated you can have them change it immediately.

Change it to some ambiguous port; that's how I have mine set. I see hack attempts all the time and always thank the Gods for my host.

Changing the SSH port and having your host throw up a firewall around your server will save you from many many headaches. Hackers on that level don't like to work too hard.

HTH
PLP,
tecHead

I had this problem a while back on several sites - it's very annoying and time consuming fixing them (take regular back-ups of files and databases!!). Turns out a PC I was using had a virus that was reading my ftp client site settings, logging in and infecting files, hundreds of them within a few seconds.

What's worse though is when you don't realize until someone emails you to tell you Google is saying they will catch a nasty virus if they visit your site - that's like the Online Plague.

Two things have changed now which have prevented this (other than a better anti-virus). My hosting company now locks FTP as standard, to use it I have to log in to a site's Control Panel and turn FTP on - I can set it for an hour, 2 hours, a day etc and it's a very god security feature.

I also use John Sikora's Site Warder - Site Warder - Website File Monitoring Script - this little script emails you if any changes have been made to files on your site. Prior to the FTP lock system it notified me 3 times in one day on 2 sites and was correct every time. One site I had just restored was hacked again within 4 hours!!

Hope this helps for the future but I sympathise with you for now.

David

Hi!

This seems to be a FTP attack. I had it some months ago.

It should be a trojan in your computer that connect to you hosting with your own username / password (filezilla per example).

Scan your pc for viruses / trojans and change all your passwords. Otherwise you could be hacked again if remote intruder decide to reactivate that trojan.

Good luck!

Download Spybot - Search and Destroy, its free software that scans your computer for malware, spyware etc....also agree sounds like a FTP attack. Change your passwords, access details the works and do a full system scan for any nasty trojans still lurking around.

It is an FTP issue.

Do not use FTP to upload pages. They get your password from the ftp you use and get in that way.

Start by logging into Hostgator and change your password.

I found this neat plugin for word press that will monitor your site:

WordPress File Monitor – Matt Walters

it's free as well...hope this helps.

I too had my sites hacked a while back (not on Hostgator) and believe they came through via FTP...a shared hosting account.

ileneg

Found this via Google:

Scripts from addonrock.ru and alienradar.ru get inserted via FTP.

Some Windows malware picks up the FTP login info from Filezilla and other common FTP clients.

So basically:

1) Clean your client machine. 2) Change all passwords on server. 3) Replace all infected files. If you don't have access to a log, just replace all of them.

I just started changing everything and I completely deleted my FTP program.

All part of the game I guess,

Dennis

HostGator confirms that it came from my computer.

I remember about 2 weeks I was searching for an artist for a new line of shirts on deviantart.com and my computer picked up the virus and really did a number on my machine. I never clicked on anything and didn't let the ActiveX controller download. I just remember a JavaScript program launch on screen and the rest is history. It took my local computer repair shop about 4 days to clean everything up.

What really sucks is I don't feel like I did anything wrong. I didn't download anything, click on a bad/stupid link or visit some "questionable" site.

Oh well, just have to keep moving forward,

Dennis

Dennis,

If you want to know what happened... I'm going to have to tell you the story..

I'm pretty sure you had the exact same as me, since you have confirmed it came from your computer.. So let me explain..

A friend of mines site got hacked, he had a forum. I decided to go into the vBulletin Admin area, and attempt to fix it. Only to find out, later; that I had downloaded a ton of viruses in that time.

Then, I left for a couple hours, with my computer on... When I came home, my sites had all been hacked by russian websites.

Guess what? The only sites that got hacked, were the ones that had saved information in programs like FileZilla for FTP Connection..

And then guess what? On top of having to hire a guy to repair all the sites/viruses on my server, my computer was completely fried from it..

I had to reformat, and lose 2-3 months of Internet Marketing work in one day.. I've never seen any of those products again...

But, hey this was a couple months ago, it's sad to see this bug still going around.

Lesson Learned? Don't use windows defender.

Caleb