How websites become malicious
If your website became a nest of viruses and other malicious software, it could happen because of several reasons:
- FTP login and password are stolen (FTP infection)
- Website has XSS vulnerability
- Hosting server is hacked
- Malicious Site
- - website with malicious code inside. This code may harm visitor's computers. Usually malicious site includes some code which loads a pack of exploits for user's browser. These exploits load some trojan software, viruses and other malicious software (malware).
Malicious Site. How it happens.
Most likely your FTP password were stolen by some malicious software with FTP-grabber functions.
- FTP grabber
- - type of malicious software which steals FTP account information in an unnoticeable way.
FTP grabber may steal logins and passwords from two sources:
Config files of FTP client software. Malware searches for config files and tries to find authentication information inside them. FTP grabber has some database with the knowledge about the most popular FTP-clients: file names, file formats, ways of account information decoding (if it is encoded).
Internet traffic sniffing. FTP grabber may control your internet traffic and catch FTP authentication information while you log in to your FTP server. In this case it is not important which FTP-client you use. If you use FTP protocol it means that authentication data is transferred to server in open text format. This data may be captured by any traffic sniffer.
Your neighbor also may peep your password and insert some harmful code to your site and refer it into Malicious Site category. If your neighbor is not an angry hacker or a spy be sure that your account was stolen by some malware. And most likely you are not alone with this trouble but you will have to solve it on your own.
Malicious Site. Solution.
If you suspect that your FTP account is stolen, try to use the following solutions:
- Check your own computer for viruses and other malware (install/update antivirus).
- Change FTP password.
- Use encrypted sFTP protocol instead of FTP or any other encrypted channel.
- Try to change FTP software and choose any unpopular client.
- Close FTP access and use some alternative way to manage website files.
If a problem of Malicious Site appears again this means that FTP infection is not a reason. There are other causes:
- Website's scripts have Cross Site Scripting vulnerability.
- Server of hosting provider is hacked.
To be continued...
Aliaksandr Hartsuyeu – www.eVuln.com