SHP Forums

Hello,

A few weeks ago I tried opening one of the pages under my akril.sq7.org domain name and discovered that Firefox had labeled it as an "'attack site", saying that it had malicious code in it. I took a closer look at the page's source code and sure enough, there was some scripting there that I hadn't added, and from the looks of it, it was designed to redirect the viewer to a site called TajMahal Granite, or something like that.

Of course, I deleted that code by overwriting the pages, but just recently, that same code has reappeared on nearly all of my pages. I contacted Colin, the owner of the sq7.org domain, but I don't know how long it will be until I hear back from him. In the meantime, is there any advice that anyone can give me to keep something like this from happening again? My first thought was changing my password, but I think that's something that only Colin can do.

Indeed. Changing the password. However, also make sure you're using a FTP program that is secure.

But it may go deeper than that. It may not be JUST your page. Colin should have ALL the domain/sub domain folks change their passwords.

That's nothing. Get this: Every time I view a thread on these forums that Akril has posted in Chrome stops it dead in its tracks and puts a big ugly warning label in place of the website asking if I'm sure I want to view a website that is linked to <Akril's site URL> that has malicious code on it.

Ugh, I knew there would be more things going wrong than I first thought. I replaced every single HTML file under my domain name with a non-malicious one, but that doesn't seem to have changed anything. I've downloaded FileZilla, but I doubt it will do me any good until my password is changed.

I hope Colin responds soon. I emailed him a few weeks ago on another subject and I never got a response.

It might not be just your subdomain that is compromised, but the entire site. I don't know how well tended sq7.org is these days, but if you don't hear from Colin, PM me. I would consider setting up a sub domain for you, depending on how much space you need. It can be a bit of a pain to get the word out about changed URLs, however, if you need to for security's sake...

Whew -- I got a response from Colin earlier today. He said that the rest of SQ7.org doesn't appear to have suffered any damage, and he suggested that there might be a PHP file with outdated code on my site that might have been used to exploit my HTML files. I discovered that I did have one old, unused PHP file that was modified at the same time all my HTML files were altered without my knowledge, so I deleted it. I guess only time will tell if that file was the one being exploited or not. In the meantime, I'll try to get all of my pages off of the Attack Sites list.

Hopefully, I should be okay for now. Thank you very much for the offer for a sub-domain, Collector, but if all goes well, I don't think I will need it.

My deepest sympathies, Akril... I've been hacked once myself. Back in the day I only had 2 pages, both had enormous slabs of texts. One of them was suddenly replaced by a Jamba-advert. It took me quite some time to repair the damage. It sucks. Who would do such a thing?

BBP wrote:My deepest sympathies, Akril... I've been hacked once myself. Back in the day I only had 2 pages, both had enormous slabs of texts. One of them was suddenly replaced by a Jamba-advert. It took me quite some time to repair the damage. It sucks. Who would do such a thing?

Sorry to hear you've been through this mess too, BPP.

Unfortunately, my site's pages have been altered yet again, and I have no idea what might have caused it this time, with that PHP file gone. I'd advise people to stay away from my website until Colin and I get this problem fixed, since I don't know what is going on with it. *Sigh.*

are you using PHP for your pages?

Collector wrote:are you using PHP for your pages?

No, I'm not. All of my pages use pretty basic coding. There's a little Javascript used on a few of the pages and some CSS on all of my main pages to create the rollover buttons, but that's as fancy as things get.

I just hit some weird similar issues on my site too. The whole thing was unexpectedly getting covered in garbage and linking to the wrong pages. Fortunately, all I needed to do was change my password, replace all my Wordpress files and get my server rebooted with a phone call. I am really hating hackers.

Akril wrote:

Collector wrote:are you using PHP for your pages?

No, I'm not. All of my pages use pretty basic coding. There's a little Javascript used on a few of the pages and some CSS on all of my main pages to create the rollover buttons, but that's as fancy as things get.

I suspect that the issue is with the main site and not just your sub domain.

Datadog wrote:I just hit some weird similar issues on my site too. The whole thing was unexpectedly getting covered in garbage and linking to the wrong pages. Fortunately, all I needed to do was change my password, replace all my Wordpress files and get my server rebooted with a phone call. I am really hating hackers.

Glad to hear you were able to solve those problems. I've finally had my password changed, so hopefully there won't be any more problems with my site. *Sigh*...hackers like this make me lose some of my faith in humanity.

Collector wrote: I suspect that the issue is with the main site and not just your sub domain.

Colin said that he has looked at the other pages on SQ7.org and hasn't found anything wrong with them. Hopefully, my sub-domain is the only one with this problem (which will hopefully soon be resolved).

Well, it seems like my problem is finally resolved. My pages got altered even after the password was changed, but that turned out to be because of a malicious trojan on my computer that compromised my computer's security. It allowed whoever was behind this thing alter my website's files even if the password had changed.

This thing was so bad that I had to reformat my hard drive to get rid of it. I'm still trying to get used to everything (as well as a new and hopefully more reliable antivirus program), but I'm glad that that mess is finally over.

Yikes! That really sucks. Thankfully, you won't have to put up with that again.