Website Hacked - Malware

[Le Woltaire]

This morning all my game websites were hacked and compromised.

The result was that a malware called JS/Blacole.DH.1 was distributed for some minutes through my game websites.

I instantly managed to delete and reupload all my content and it is clear now, also changed my passwords.

However I wanted to ask what else I should do in order to prevent this from happening again.

Thank you for all support.

[m0ds]

Hi Wolt, sorry to hear that. Something similar happened to me and I think it's because I had a virus and it was able to activate/know when I was logged in on FTP. It happened twice to me, for example one day the site was fine, the next day after normal upload my HTML files have had code inserted into them. In my case I was positive it was an outside source and, it has never happened again since I either formatted that HDD or moved onto another HDD. So I assume the normal protection against viruses and such is good enough. I think you can select some files via FTP to only be read by the web and not be "modified" by the web but as I was certain my problem had stemmed from a virus on my HDD I did not bother testing changing the files to read only.

So, might your system be infected? Have you considered reformatting your HDD (if you think perhaps you may have a virus that cannot be removed otherwise)? I'd be interested to know what you think may have caused this for you.

[Le Woltaire]

Thank you for the fast reply.
I exclude the possibility of a virus infection on my system.

I did not modify my websites in the last year.
I didn't even logon with ftp for a year...

Apart from that my system has a good defense against virus and malware including firewall...

I've now set all file permissions to 644 and the folder permissions to 755.
File permissions were at 755 before...
Could that have been the reason?

Google indicated my websites as malware infected now.
How can I get rid of this?

[Peder 🚀]

You need to register for their web tools thing, for then to add your sites on there, confirm ownership (downloading a prompted file that you upload to the root folder for the domain) and then you request a "recheck" of the site.

Being hacked like this is actually very common and usually caused by things like content management systems being on the server and not having been updated.. It doesn't even have to be your website, if other websites are hosted on the same server..

[Le Woltaire]

Hi Peder.
Since you are hosting all my websites you should have a look at all your websites aswell,
if there is a security hole on your server...
Have a look at my mails.

[Peder 🚀]

I'll take a look on the server, though I don't think there are many sites hosted there any more other than yours :-/..

[Le Woltaire]

Ok, everything is alright now again.
The sites are totally clean and work better than before.

I have some friends who work at google and contacted them directly.
The result was that the warning was removed without taking any action from my side...

[Stupot]

Useful friends! No wonder A Second Face gets so many downloads. It must be all up in them search rankings
(and nothing to do with the fact that it's an awesome game, I'm sure)

[WHAM]

I had exactly the same thing happen a couple of months ago. Managed to mostly recover my website despite some missing backups (whooops).
Only thing I can suggest is increase password complexity up to something like a randomly generater 24+ characters long password. My old password was random-generated, so the only way someone got it was through hacking the host (not impossible, but unlikely) or by guessing via bruteforce methods. Longers password = harder to bruteforce.

-W

[Le Woltaire]

Useful friends! No wonder A Second Face gets so many downloads. It must be all up in them search rankings
(and nothing to do with the fact that it's an awesome game, I'm sure)

Not really...
As you can see from the following graph only 5% of the visitors come through search engines...[imgzoom]http://spectrum.agsarchives.com/archiv/site%20stats.jpg[/imgzoom]