FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


My website is attacked(?)





nv1234
Hi there,

I would appreciate any help I can get please on the following matter.

I am the owner of the webpage: www.nicholasvasilakos.org My site was working fine till a week ago, when I first started receiving alers from my antivirus (Kaspersky) each time I was trying to browse it:

detected: Trojan program Trojan-Clicker.JS.Agent.h URL: http://www.nicholasvasilakos.org/index.html

Also kaspersky was detecting the following trojan trying to download itself from the same page: Trojan-Clicker HTML IFrame.ru (it also showed as Trojan-Clicker HTML IFrame.pl for a while), just like in the case described by www.frihost.com/forums/vt-89808.html

This was an annoyance for a while but did not appear to do any more hardm more than that (their trojan was blocked by my antivirus anyway). Suddenly yesterday the webpage (specifically the \index bit) was completely taken over, redirecting people to an obscure "attack"-like site (whatever lives in my webpage seems to actually redirect visitors to this attack site when they try to browse it). I also found some java-like gibberish script (the kind of gibberish-looking script that servers seem to understand) thrown in, which I have already removed.

The fact is that, when I re-upload, things get back to normal for a few hours, but then the same problems re-appear. I am almost certain that my site is hijacked.

I have contacted my hosts (123-reg.co.uk) and they deny having any of their servers hijacked recently (or they do not bather to check for all I know).

I have already requested a new password and I am going to change it, but I am not sure if this is going to stop the attack. Any suggestions please? Is there any kind of software that could help me avoid this and future hijacks (how about encrypted html for instance? would it help?)?
Please help!


PS1: Notice that if you try to browse any other page of the site (say http://www.nicholasvasilakos.org/home___nv.htm
or http://www.nicholasvasilakos.org/research.html they seem to work fine (it is the "index" file that causes the trouble!). There is no coding error on my part - the site was fine before this begun.

Thank you in advance, Nicholas.
Diablosblizz
Change your password for your control panel (DirectAdmin or cPanel) then see if it still continues. I would, normally, recommend securing your scripts but because you don't use PHP there is no need for it.

Also, a few things. When I go to your domain the index page is "home___nv.htm" with a picture of a person (which I am guessing is you) and some information about this person. When I go to index.html I get a 404 error (not found).

NOD32 has not detected a Trojan on your website. My best advice would be to change your password.
nv1234
Hi Diablos,

Many thanks for your response. "home_nv" is indeed the new index file that I had to create to replace my original one ("home"). The "index.html" you saw today is an uninvited file whoever is hacking this site must have uploaded.

Would it be of any value to encrypt my html? What can I do to avoid something like this happening again (I have already changed my password of course).

Many thanks again,
N
Related topics
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.