Comments on: If your site has been compromised with phishing attack code… http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/ The world through my prisms Tue, 07 Sep 2010 21:11:37 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Do Not Use Nulled Scripts or Templates - Dntist.Net http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/comment-page-1/#comment-416 Do Not Use Nulled Scripts or Templates - Dntist.Net Thu, 25 Mar 2010 02:16:38 +0000 http://www.semanticoverload.com/?p=316#comment-416 [...] Now this code can be linked with any sites giving your site bad neighborhood links that can have a negative effect on your rankings on Google and other search engines. Moreover your site can be compromised with phishing attack code….. [...] [...] Now this code can be linked with any sites giving your site bad neighborhood links that can have a negative effect on your rankings on Google and other search engines. Moreover your site can be compromised with phishing attack code….. [...]

]]> By: Hawaiian Joe http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/comment-page-1/#comment-415 Hawaiian Joe Sat, 20 Feb 2010 18:40:29 +0000 http://www.semanticoverload.com/?p=316#comment-415 http://www.surbl.org/ is another site to make sure your site isn't on the spam/phishing black list. If it is they will remove it pretty fast if you report it there. http://www.surbl.org/ is another site to make sure your site isn’t on the spam/phishing black list. If it is they will remove it pretty fast if you report it there.

]]> By: Aneesh http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/comment-page-1/#comment-346 Aneesh Wed, 13 Jan 2010 06:48:40 +0000 http://www.semanticoverload.com/?p=316#comment-346 step 1 : change FTP password Step 2 : Download all files and clean Step 3 : upload Files Step 4 : Set 444 permission to all files, except Custom Upload folders Remeber Do not save FTP password in your FTP client If you suspects that your system is infected, Format and install OS, then install a good antivirus + firewall. I suggest Avast free edition and Comodo Firewall. We have received many inquiries and we cleaned those infected sites. If your site is infected Please contact us Best Regards, Team HelloSystemadmin.com step 1 : change FTP password
Step 2 : Download all files and clean
Step 3 : upload Files
Step 4 : Set 444 permission to all files, except Custom Upload folders

Remeber Do not save FTP password in your FTP client
If you suspects that your system is infected, Format and install OS, then install a good antivirus + firewall. I suggest Avast free edition and Comodo Firewall.

We have received many inquiries and we cleaned those infected sites. If your site is infected Please contact us

Best Regards,
Team HelloSystemadmin.com

]]> By: Trish http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/comment-page-1/#comment-317 Trish Sun, 18 Oct 2009 20:22:44 +0000 http://www.semanticoverload.com/?p=316#comment-317 Thank you for your post, it was extremely helpful! This same exact issue just happened to me last week -- Wachovia bank security aler. I am now unable to send my URL to anyone through email due to the phishing attack code now logged with my site. I know nothing about how you fixed it, but I will forward your link to my web people. I am still dealing with the clean-up. I now think that I have a trojan or some other kind of spyware on my Mac, as many "phishy" things continue to occur that make me suspicious. Thank you again. Thank you for your post, it was extremely helpful! This same exact issue just happened to me last week — Wachovia bank security aler. I am now unable to send my URL to anyone through email due to the phishing attack code now logged with my site. I know nothing about how you fixed it, but I will forward your link to my web people. I am still dealing with the clean-up. I now think that I have a trojan or some other kind of spyware on my Mac, as many “phishy” things continue to occur that make me suspicious. Thank you again.

]]> By: moonjungle http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/comment-page-1/#comment-289 moonjungle Wed, 18 Mar 2009 06:35:50 +0000 http://www.semanticoverload.com/?p=316#comment-289 Hey man this definitely useful info. Hey man this definitely useful info.

]]> By: Semantic Overload http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/comment-page-1/#comment-288 Semantic Overload Wed, 18 Mar 2009 03:01:36 +0000 http://www.semanticoverload.com/?p=316#comment-288 @patrix That's a great question! Honestly, there is no foolproof mechanism to do that. Often, the CMS engines you use themselves have security vulnerabilities that are often exploited by hackers to insert such malicious code. Having said that, there are mechanisms to mitigate the vulnerabilities, but they come with a price. For instance, you can give read-and-execute only permissions to all your files and directories. This ensures that the hackers don't have the requisite permissions to install such code. But that means that you can't upload images or do automatic upgrades from the front-end. So everytime you want to 'write' (or add or modify) any file to your website from the browser you will have to temporarily give write permissions to the necessary files and directories and then revert the permissions back after you are done. So, in short, there is no guaranteed mechanism to prevent such attacks. Like I mentioned towards the end of this post: it's a cat-and-mouse game that the CMS developers and website owners play with hackers, with each group trying to outdo the other. Sorry, I couldn't be more helpful regarding this. Perhaps an expert on network and web security could provide a more insightful commmentery on it. @patrix That’s a great question! Honestly, there is no foolproof mechanism to do that. Often, the CMS engines you use themselves have security vulnerabilities that are often exploited by hackers to insert such malicious code.
Having said that, there are mechanisms to mitigate the vulnerabilities, but they come with a price. For instance, you can give read-and-execute only permissions to all your files and directories. This ensures that the hackers don’t have the requisite permissions to install such code. But that means that you can’t upload images or do automatic upgrades from the front-end. So everytime you want to ‘write’ (or add or modify) any file to your website from the browser you will have to temporarily give write permissions to the necessary files and directories and then revert the permissions back after you are done.

So, in short, there is no guaranteed mechanism to prevent such attacks. Like I mentioned towards the end of this post: it’s a cat-and-mouse game that the CMS developers and website owners play with hackers, with each group trying to outdo the other. Sorry, I couldn’t be more helpful regarding this. Perhaps an expert on network and web security could provide a more insightful commmentery on it.

]]> By: Patrix http://www.semanticoverload.com/2009/03/17/if-your-site-has-been-compromised-with-phishing-attack-code/comment-page-1/#comment-287 Patrix Tue, 17 Mar 2009 16:22:54 +0000 http://www.semanticoverload.com/?p=316#comment-287 You're lucky you were at least informed by Wachovia. How do we prevent them from inserting such malicious code in the first place? You’re lucky you were at least informed by Wachovia. How do we prevent them from inserting such malicious code in the first place?

]]>