I have 2 godaddy hosting accounts which infected by a iframe script. it was copied to all files there so I erased all files but still it was there. I think it has some changed file permissions. Whats the safest file permission for root + all files in host ? Also whats the best way to deal with these iframe scripts ? This is giving me a huge headache. looking for advice ..
Generally the code are injected using following ways: [1] If your FTP password is stolen using spyware, trojan in the system. [2] If you are using outdated version of third party scripts in your web site. [3] If your web site has XSS vulnerability. Also, the permissions depends on the server configuration and platform (Windows or Linux). Kailash
All my SMF and WP scripts are upto date. It has to be 1 or 3 I think. If its a XSS vulnerability only way to happen this is through a WP theme. I have already changed my passwords. Platform is Linux so permission should be 644 ?
Yes, but permissions don't matter in a case like this. That's not the only way people can 'hack' your site. I know that you will piss and moan as numerous other customers do @ my 9-5 but you really need to look at all of the computers you've used for FTP or any other login type that you've used to upload and download files. If you have your host provide you with the logs of when the files were last updated, $20 says that they were done via FTP within less than 1 minute, ie downloaded then uploaded. That being said, switch to SFTP. Also, there are numerous other tools out there to scan the site, and your computer. I recommend doing both.
thanks for all advice guys. I have deleted all files in these hosts and also change all passwords. I change root file permission to 644 and now all sites giving me error messages like 403 and also "Problem loading". Anyone know default Godaddy root CMOD permissions ? or which should I keep ? Also to get SSH to use SFTP They want to move my accounts to a different server. Is there any disadvantages using SSH ? also does it effect site performance ?
Don't forget to scan your local PC for trojan infection. Which file do you mean with 'root file'? Disadvantage? Nothing, you just get more secure and I think it doesn't affect website performance neither.
I formatted my pc and scanned everything both safe mode and normal. I mean the root of the hosting account " \ "
don't save ftp passwords in ftp application. keep your anti virus updated. if possible use linux box to upload your files. (this is can be done using virtual machine on same pc) this mainly infect your index files so periodically scan index files for vulnerability. from shell protect your index files with chatter +i command. (you have to chatter -i every time you need to update file) but this must have linux server. it doesn't work on vps. This will prevent future infections.