Comments on: If your site has been compromised with phishing attack code…

By: Do Not Use Nulled Scripts or Templates - Dntist.Net

Do Not Use Nulled Scripts or Templates - Dntist.Net — Thu, 25 Mar 2010 02:16:38 +0000

[...] Now this code can be linked with any sites giving your site bad neighborhood links that can have a negative effect on your rankings on Google and other search engines. Moreover your site can be compromised with phishing attack code….. [...]

By: Hawaiian Joe

Hawaiian Joe — Sat, 20 Feb 2010 18:40:29 +0000

http://www.surbl.org/ is another site to make sure your site isn’t on the spam/phishing black list. If it is they will remove it pretty fast if you report it there.

By: Aneesh

Aneesh — Wed, 13 Jan 2010 06:48:40 +0000

step 1 : change FTP password
Step 2 : Download all files and clean
Step 3 : upload Files
Step 4 : Set 444 permission to all files, except Custom Upload folders

Remeber Do not save FTP password in your FTP client
If you suspects that your system is infected, Format and install OS, then install a good antivirus + firewall. I suggest Avast free edition and Comodo Firewall.

We have received many inquiries and we cleaned those infected sites. If your site is infected Please contact us

Best Regards,
Team HelloSystemadmin.com

By: Trish

Trish — Sun, 18 Oct 2009 20:22:44 +0000

Thank you for your post, it was extremely helpful! This same exact issue just happened to me last week — Wachovia bank security aler. I am now unable to send my URL to anyone through email due to the phishing attack code now logged with my site. I know nothing about how you fixed it, but I will forward your link to my web people. I am still dealing with the clean-up. I now think that I have a trojan or some other kind of spyware on my Mac, as many “phishy” things continue to occur that make me suspicious. Thank you again.

By: moonjungle

moonjungle — Wed, 18 Mar 2009 06:35:50 +0000

Hey man this definitely useful info.

By: Semantic Overload

Semantic Overload — Wed, 18 Mar 2009 03:01:36 +0000

@patrix That’s a great question! Honestly, there is no foolproof mechanism to do that. Often, the CMS engines you use themselves have security vulnerabilities that are often exploited by hackers to insert such malicious code.
Having said that, there are mechanisms to mitigate the vulnerabilities, but they come with a price. For instance, you can give read-and-execute only permissions to all your files and directories. This ensures that the hackers don’t have the requisite permissions to install such code. But that means that you can’t upload images or do automatic upgrades from the front-end. So everytime you want to ‘write’ (or add or modify) any file to your website from the browser you will have to temporarily give write permissions to the necessary files and directories and then revert the permissions back after you are done.

So, in short, there is no guaranteed mechanism to prevent such attacks. Like I mentioned towards the end of this post: it’s a cat-and-mouse game that the CMS developers and website owners play with hackers, with each group trying to outdo the other. Sorry, I couldn’t be more helpful regarding this. Perhaps an expert on network and web security could provide a more insightful commmentery on it.

By: Patrix

Patrix — Tue, 17 Mar 2009 16:22:54 +0000

You’re lucky you were at least informed by Wachovia. How do we prevent them from inserting such malicious code in the first place?