Comments on: My Sites Are Hacked – Here’s How I Fixed It http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/ The life of an Internet entrepreneur and stay-at-home dad Wed, 05 May 2010 10:04:16 -0500 http://wordpress.org/?v=2.8 hourly 1 By: Eurania http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/comment-page-1/#comment-1372 Eurania Sun, 13 Dec 2009 14:53:20 +0000 http://www.abelcheng.com/?p=37#comment-1372 I think this guy can help with that problem you have http://www.eduardobaret.com/2009/12/07/my-site-was-hacked-and-my-files-were-changed-reported-attack-site/ I think this guy can help with that problem you have

http://www.eduardobaret.com/2009/12/07/my-site-was-hacked-and-my-files-were-changed-reported-attack-site/

]]> By: Brian http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/comment-page-1/#comment-1351 Brian Wed, 08 Jul 2009 16:36:55 +0000 http://www.abelcheng.com/?p=37#comment-1351 hi, i had a keylogger trojan on my home pc they caputured my username and password of ftp, then attack it using the iframe attack i pulled the whole site down, what a nightmare, you need to download keyscrambler straight away, this plugin will scramble letters your typing into the browser. Do not login to your ftp or website from anyones elses computer or internet cafe etc, incase the trojan is present, if it happens change your email passwords too, store username and password on a piece of paper, do a weekly scan of computer with super anti spyware, trust me you will pull you head off if happens. hi, i had a keylogger trojan on my home pc they caputured my username and password of ftp, then attack it using the iframe attack i pulled the whole site down, what a nightmare, you need to download keyscrambler straight away, this plugin will scramble letters your typing into the browser. Do not login to your ftp or website from anyones elses computer or internet cafe etc, incase the trojan is present, if it happens change your email passwords too, store username and password on a piece of paper, do a weekly scan of computer with super anti spyware, trust me you will pull you head off if happens.

]]> By: Mike http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/comment-page-1/#comment-1350 Mike Mon, 08 Jun 2009 21:20:55 +0000 http://www.abelcheng.com/?p=37#comment-1350 My sites are being hacked. I'm using FileZilla. I've searched and found out that most of the hacked sites were suing FileZilla AND an older version of Adobe Reader 8. Is everybody using Adobe Reader 8 when their sites were hacked? http://blog.unmaskparasites.com/2009/04/15/malicious-income-iframes-from-cn-domains/ thanks, Mike My sites are being hacked.

I’m using FileZilla. I’ve searched and found out that most of the hacked sites were suing FileZilla AND an older version of Adobe Reader 8.

Is everybody using Adobe Reader 8 when their sites were hacked?

http://blog.unmaskparasites.com/2009/04/15/malicious-income-iframes-from-cn-domains/

thanks,
Mike

]]> By: HyperXR | Advanced Hypertext Tool » Blog Archive » Gumblar .cn Exploit - 12 Facts About This Injected Script http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/comment-page-1/#comment-1348 HyperXR | Advanced Hypertext Tool » Blog Archive » Gumblar .cn Exploit - 12 Facts About This Injected Script Mon, 01 Jun 2009 02:05:46 +0000 http://www.abelcheng.com/?p=37#comment-1348 [...] by compromised FTP credentials. So start with your own computer. Scan it for spyware. Some people reported good results with [...] [...] by compromised FTP credentials. So start with your own computer. Scan it for spyware. Some people reported good results with [...]

]]> By: Jimi http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/comment-page-1/#comment-1345 Jimi Tue, 19 May 2009 02:26:43 +0000 http://www.abelcheng.com/?p=37#comment-1345 I suppose to reason he was asking question 2 was: if the passwords were saved then the script could have just been able to locate them once it was on your computer, thus identifying how the script works. I suppose to reason he was asking question 2 was: if the passwords were saved then the script could have just been able to locate them once it was on your computer, thus identifying how the script works.

]]> By: Admin http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/comment-page-1/#comment-1344 Admin Mon, 11 May 2009 05:27:25 +0000 http://www.abelcheng.com/?p=37#comment-1344 @ Dennis: Answers to your questions: 1. I used FTP mode only but I changed to SFTP after this incident. 2. It doesn't matter, I think. Either way is vulnerable as the login details are leaked via FTP connection. 3. No, I don't. But later I noticed Malwarebytes overlooked this spyware. I manually removed this culprit from the registry after I found out the exact spyware. I shoud have updated this post with the latest findings but didn't get the time to do it. @ Dennis: Answers to your questions:

1. I used FTP mode only but I changed to SFTP after this incident.

2. It doesn’t matter, I think. Either way is vulnerable as the login details are leaked via FTP connection.

3. No, I don’t. But later I noticed Malwarebytes overlooked this spyware. I manually removed this culprit from the registry after I found out the exact spyware. I shoud have updated this post with the latest findings but didn’t get the time to do it.

]]> By: Name http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/comment-page-1/#comment-1343 Name Sun, 10 May 2009 07:57:33 +0000 http://www.abelcheng.com/?p=37#comment-1343 Never mind, they work if I enter email and website.. Here is original comment I was trying to post: First I didn't use my F-Secure anti-virus at all as it did slowdown my PC too much and I got wpv[NUMBERS].exe virus from my very own website, I immidently deleted it and 20 minutes later my computer crashed and didn't boot anymore. I fully reinstalled Windows and noticed 2 of my website had been infected by the virus. I removed the code from PHP and HTML files, it got hacked again and again! Its not keylogger as I fixed the website with FULLY clean Windows installion. (though I visited the website and noticed F-Secure block a virus) Im not using any CMS/Forum system, I just have infosniper IP query script and PJIRC, nothing else. I tried setting permissions to all my files to 555 but after it got hacked the permission were 755 again.. I also contacted my host, NO ONE has logged into cPanel or FTP with my logins! According to them its done remotetly via internet browser using glitch in PHP scripting, blaims my PHP scripts. Since no one logged in using my logins I though there were no use to change my passwords but now after getting hacked 3th time I finally changed myself and will see if it helps at all.. There is "solution" on cPanel forums which is similar to yours. http://forums.cpanel.net/showthread.php?t=78595 This post of yours or the one on cPanel didn't help me.. :( Never mind, they work if I enter email and website.. Here is original comment I was trying to post:

First I didn’t use my F-Secure anti-virus at all as it did slowdown my PC too much and I got wpv[NUMBERS].exe virus from my very own website, I immidently deleted it and 20 minutes later my computer crashed and didn’t boot anymore.
I fully reinstalled Windows and noticed 2 of my website had been infected by the virus. I removed the code from PHP and HTML files, it got hacked again and again!
Its not keylogger as I fixed the website with FULLY clean Windows installion. (though I visited the website and noticed F-Secure block a virus)
Im not using any CMS/Forum system, I just have infosniper IP query script and PJIRC, nothing else.
I tried setting permissions to all my files to 555 but after it got hacked the permission were 755 again..

I also contacted my host, NO ONE has logged into cPanel or FTP with my logins!
According to them its done remotetly via internet browser using glitch in PHP scripting, blaims my PHP scripts.
Since no one logged in using my logins I though there were no use to change my passwords but now after getting hacked 3th time I finally changed myself and will see if it helps at all..

There is “solution” on cPanel forums which is similar to yours.
http://forums.cpanel.net/showthread.php?t=78595

This post of yours or the one on cPanel didn’t help me.. :(

]]> By: Name http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/comment-page-1/#comment-1342 Name Sun, 10 May 2009 07:57:01 +0000 http://www.abelcheng.com/?p=37#comment-1342 Comments not working! Comments not working!

]]> By: UnderForge of Lack » Blog Archive » JUNIK.LV host malicious site instead of gumblar.cn http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/comment-page-1/#comment-1341 UnderForge of Lack » Blog Archive » JUNIK.LV host malicious site instead of gumblar.cn Fri, 08 May 2009 08:20:47 +0000 http://www.abelcheng.com/?p=37#comment-1341 [...] 04.30.2009) * dotcomnameshop .cn (added: 05.02.2009) orz... ??????????? My Sites Are Hacked – Here’s How I Fixed It ????MalwareByte ??????? [...] [...] 04.30.2009) * dotcomnameshop .cn (added: 05.02.2009) orz… ??????????? My Sites Are Hacked – Here’s How I Fixed It ????MalwareByte ??????? [...]

]]> By: Denis http://www.abelcheng.com/my-sites-are-hacked-%e2%80%93-heres-how-i-fixed-it/comment-page-1/#comment-1340 Denis Wed, 06 May 2009 22:22:00 +0000 http://www.abelcheng.com/?p=37#comment-1340 Hi, Great post! Just a few questions. Did you use the FileZilla in the FTP or SFTP mode? Did you store the passwords in FileZilla or typed them in every time you uploaded files? Do you remember the malware names found by Malwarebytes? Hi,

Great post!

Just a few questions.

Did you use the FileZilla in the FTP or SFTP mode?
Did you store the passwords in FileZilla or typed them in every time you uploaded files?
Do you remember the malware names found by Malwarebytes?

]]>