Has your Site been HACKED?

Reblogger
Real Estate Broker/Owner with Keller Williams Realty AB29400140

It's scarry how nefarious people find the time, energy and desire to tamper with other's computers.  If they put that effort into doing something worthwhile, I'd bet they make as much money and enjoy life a lot more!

Original content by Mike Mueller

Would you know?

The other day I went to my own site (http://AreWeConnected.com) using the Google Chrome Browser.  The page would load and just as it finished loading it would switch to Google.  Curious, I tried it on Firefox, and Safari, and Internet Explorer and a few others.  It was only Chrome and only my site.

I mentioned this on Facebook and one of my friends (Mark Elster of http://eye580.com/) suggested I remove the iframe after the tag.

That’s funny (thought I), why would there be an iframe after the end of the html file?  I wouldn’t be that dumb.  So I looked at my source code (view-source:http://areweconnected.com/) and sure enough, all the way at the very very bottom was a little itty bitty iframe!

Just like this:

iframe

Tricky little bastards!  Did you see that the frame is 0 x 0?  I did a quick Google search and found out that it could be a malicious malware that might infect a whole server!

Now that I was on the alert I did the following…

  1. Made sure my antivirus was up, and updated.
  2. Ran a full scan of my hard drive with AdAware (also updated)
  3. Ran a full scan of my hard drive with SpyBot Search and Destroy (yup, updated)

With everything coming back clean on my hard drive.  I then changed all my passwords (Wordpress, cPanel, FTP), double checked that all my file permissions are safe.

wpscan

The fix for this particular issue is to manually remove the offending iframe from the end of every index file.  Did you know you have more than just 1?  Once that was done – everything scanned and worked fine.

and then… my whole SERVER went down!

It was not my fault and I hope not related, but the entire server where AreWeConnected.com is hosted went dark!  While we were waiting for them to fix it, there was a little discussion on their forum.  I shared my issue with others and incredibly they too had the very same issue!  See:http://www.totalchoicehosting.com/forums/index.php?showtopic=39850&pid=243022&st=0&#entry243022

Coincidence? 

I really can’t say.  But I suggest right now you do the simple check.  Go to your website or blog, “view source”, scroll to the very bottom and make sure you don’t have an iframe (or two) at the bottom!  If you do – let us all know and I’ll help you get rid of it.  If you don’t know how to check – just give me the link to your site, it’ll take me 2 seconds to check.

BTW: Of course my site is backed up (automatically once a week) it sends a zipped file to a gmail address.  Do you have automatic backup?

 

 


This post brought to you courtesy of Mike Mueller.
Feel free to ReBlog or ReTweet as you like as long as you
credit the source (him).
Did you know?  He's for hire! He builds
Blogs, Graphic Images and Widgets and Facebook Pages and besides… He knows lots of really cool stuff.

Hire Mike (925) 456-4567

Twitter Facebook Foursquare LinkedIn Blog Flickr YouTube Email

Sample Facebook Pages:
View on Flickr

Sponsored Links: (check these guys out!)


RealBird does some great things!      Mike says the Thesis theme ROCKS!   StudioPress  

Did you know?

Posted by

 

 

Beverly Fast Sinclair

Keller Williams Realty

Fast@IndyHouseFinder.com

cell:  317/213-3278

Comments (1)

Chris Smith
Re/Max Chay Realty Inc., Brokerage - New Tecumseth, ON
South Simcoe, Caledon, King, Orangeville Real Esta

Wow Beverly, thanks for sharing Mike's story and warning the rest of us.  This sort of issue can be so disruptive.

Jun 23, 2010 01:56 AM