I have seen a few cases of hacking. Hackers upload their own index or default files into the server with hidden iframes normally pointing to Dot.CN domains. My question is how on earth the hackers manage to get the FTP accounts information and why are they just doing something "harmless". They can do far more damage with the FTP access than just inserting iframes. Changing the FTP passwords settle the issues but I am still baffled by such hacking. Anyone know why?
Few of my friends are ethical hackers & they have informed me about the hacking through ftp. Hackers do this things to get renowned in the hacking world plus to earn a good amount of money from the hacked site's admin & if the admin is less tech savvy than he pays a good amount so that they can get their site back.
It could be there is a glitch in the ftp server the server is using It could also be Brute force It could be some how using anonymous connections the hacker get access to the main ftp
Sometime it happens if the system is infected with spyware/virus/trojan and we upload files via FTP from the same system.
i think what the hacker did to your site was infect it with virus and whoever browses your site gets the virus or trojan or whatever they placed there.. i got one last month from a trojan in my system that harvest for FTP password and gets in there and puts viruses, the thing was only kaspersky was able to detect the trojan in my system so i dont know how long it stayed there infected my client's sites too..
iFrames can only mean one thing. Exploit scripts. He has iframed a script that scans the visitor for possible force-download vuln. combinations and attempts an exploit. That way, he gets far more than just a defacement - he gets keylogs on all of your Windows traffic, their paypals follow.
quite the opposite. They only put an iframe hoping nobody would notice and it will stay there a couple of months. What they gain? They will modify your site to silently spread malware that logs keywords, steals credit cards and paypal accounts, steals login credentials from ftp accounts (to do to others exactly what they did to you) gathers emails addresses, sends spam. Also you may end up with a couple of doorway pages and black hat techniques to draw traffic on shady keywords and link to bad neighborhood hood websites. Good luck filing the reinclusion request to google when this happens. When something like this happens it will ruin your reputation both in the eyes of the users and google (which may drop your site from index). You stand to loose a lot of revenue for extended periods of time, as well as your userbase. Now tell me again why is this better then a deface for you? I'd rather have a noob scriptkiddie deface my site and fix it 2 hours later then have a pro hide nasty stuff that will be there for a while and drive away my clients.