Hello fellow AO'ers.. Been a while since i've been on here but thought I would reach out for help/providing information to others...
I have a dilemma I hit with one of my webpages. The page is hosted by Godaddy and my site somehow got compromised. The website is just an informational site for my wedding which is coming up this weekend so i went to it before I was going to send some family members to it and BAM... my AV and spyware scanners went blip and my PC rebooted.... after about 2 hours of cleaning up malware I decided to look at the source code of my webpage to see what the heck happened...
I was able to grab code that was added as a script to the header.... I more than willing to share the info but didnt want to post it out right for everyone to see. It appears to be some sort of new infection that is coming out of Russia where they are comprimising webservers.... I have gone in and changed all my passwords on a new computer and dont feel confident that my PC is fully cleaned so Im gonna rebuild it tonight. and build a VM for future surfing.
Either way, I am curious if anyone knows if the issue would have been with me/my password (fairly secure not very strong) or if its most likely an issue with the Godaddy pages. I have overwritten all the files on my webserver to make sure that nothing was left of it but Im afraid of it getting back in there and infecting one of my family members that has no clue.
let me know
Thanks in advance
Yo spyrus long time. PM me the script and I'll have a look see
Can you PM the script to me too. I will share it with few people i know if you're okay with it.
Anyway congratulation's :)
Wish you both the best of life :)
Did you use any sort of CMS to build the site? That's usually the way they get in.
Ill send it to both of ya via PM... the site is unbelievably simple so it is nothing more than a VERY simple html webpage that I wrote in notepad... by VERY simple I mean its like 8 lines of code.. preschool stuff really
Interested in logs/info...based on what you are saying sounds to me like the malware that's been spreading around using mass sql injection attacks...does you web page (since it is hosted), have any exterior to your site content (like a godaddy add or anything?) ?
Have you contacted GoDaddy?
Godaddy should make regular backups of your stuff, so grab the logs, revert, and figure out how it was done to prevent it in the future. If you need help do let me know.
Originally Posted by westin