Journal #7436
Posted 12 years ago2011-10-12 17:51:20 UTC
I periodically visit the web sites I manage to make sure everything is going well. It's generally always the same and thus a rather boring activity. But yesterday I found one of them had been altered.
An <iframe> to an external site (something like aiowfuhewqifumalwieucfhnalwu.in/something.php) was planted in it. Not only on visible pages, also on test pages that were never linked to. The easiest way to fix them would be to reupload all the files again from my hard drive, so I started FileZilla, and found out a shitton of random asp pages (that linked to more spam) had been also uploaded.
Looked up the internet and the most likely cause was that my ftp password had been stolen. But... how? I've never given it to anyone.
Then I remembered. Assuming it had been this, it was safe to change the password and all would be good again.
Moral of the story: Change all passwords after all your internet traffic has been diverted through someone else's computer.
An <iframe> to an external site (something like aiowfuhewqifumalwieucfhnalwu.in/something.php) was planted in it. Not only on visible pages, also on test pages that were never linked to. The easiest way to fix them would be to reupload all the files again from my hard drive, so I started FileZilla, and found out a shitton of random asp pages (that linked to more spam) had been also uploaded.
Looked up the internet and the most likely cause was that my ftp password had been stolen. But... how? I've never given it to anyone.
Then I remembered. Assuming it had been this, it was safe to change the password and all would be good again.
Moral of the story: Change all passwords after all your internet traffic has been diverted through someone else's computer.
5 Comments
You must log in to post a comment. You can login or register a new account.
[EDIT] Nevermind, I was tricked by my memory. I clicked the link in this journal and then I 'recorded' the fact of this journal having comments because the other journal had. Then after coming back to TWHL I was confused to see your journal with 0 comments.
as soon as i THINK i might have a virus, i use a different computer (phone mostly) to change passwords, email, amazon, youtube, twhl... god forbid someone stole my TWHL identity