MDDHosting Forums: About malware and hacked sites - MDDHosting Forums
Help
Page 1 of 1
About malware and hacked sites
Help from Google for when your site has been hacked.
Rate Topic:
#1
Scott S 
- MDDHosting Staff
-
- Group: Staff Administrator
- Posts: 139
- Joined: 24-February 09
- Gender:Male
- Location:GMT-8:00
Posted 01 December 2011 - 01:18 AM
http://www.google.co...py?answer=45432
If you haven't seen this help article yet, read it and bookmark it! Google explains about malware, how to know if your site has been hacked, and how to request Google stop showing a warning once your site has been cleaned of spam and/or malware.
Don't forget that there are some other common sense things you can do to protect your site and yourself:
Do you have other useful articles or tips for keeping your site secure and for dealing with malware?
If you haven't seen this help article yet, read it and bookmark it! Google explains about malware, how to know if your site has been hacked, and how to request Google stop showing a warning once your site has been cleaned of spam and/or malware.
Don't forget that there are some other common sense things you can do to protect your site and yourself:
- Keep current, off-site backups at all times.
- Keep your scripts updated including any plugins and themes.
- Monitor all user submitted content.
- Always use encrypted connections when administering your site. SSH, FTPes, and cPanel over SSL.
Do you have other useful articles or tips for keeping your site secure and for dealing with malware?
█ Scott S. - MDDHosting, LLC - Professional Hosting Solutions
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ Incremental R1Soft CDP Backups on all services!
█ http://www.mddhosting.com/ - Follow us on Twitter! @MDDHosting
█ LiteSpeed Powered - Shared, Reseller, Semi-Dedicated, and VPS
█ Incremental R1Soft CDP Backups on all services!
█ http://www.mddhosting.com/ - Follow us on Twitter! @MDDHosting
#2
fshagan
- Member
-
- Group: Members
- Posts: 139
- Joined: 10-January 11
Posted 01 December 2011 - 09:56 AM
Some of my accounts were recently compromised due to passwords stolen from my FTP program, FileZilla.
The ironic thing is that I knew FileZilla's password storage was vulnerable back in March. So I uninstalled it, reinstalled it, set all accounts to "Ask for Password" and thought I was OK. But FileZilla does not remove the old password file. It is stored in plain text on your computer, and hackers have created trojans that seek out these password files. The trojan was quickly quarantined by my anti-virus program, but the damage was done; my passwords had been broadcast and soon three sites were hacked.
To ensure FileZilla is not storing passwords check for the password files. In Windows 7, search for %appdata%/filezilla for the folder. This folder is different than the program folder. There may be a passwords.xml or recentservers.xml file there. Even if you delete these, and use "Ask for Password" for "Logon Type" in the program, the password of your last accessed site is always saved and stored in the recentservers.xml file. And its far too easy to use the "Normal" log on type, that saves your passwords in plain text, without you asking to have it saved.
To prevent FileZilla from saving passwords any time, create a file named "fzdefaults.xml" with a plain text editor, with these lines in it:
Save the file to the FileZilla program folder, which is "C:\Program Files (x86)\FileZilla FTP Client" on my Windows 7 system.
(There is a sample "fzdefaults.xml" file in the /docs folder with dozens of settings.)
The ironic thing is that I knew FileZilla's password storage was vulnerable back in March. So I uninstalled it, reinstalled it, set all accounts to "Ask for Password" and thought I was OK. But FileZilla does not remove the old password file. It is stored in plain text on your computer, and hackers have created trojans that seek out these password files. The trojan was quickly quarantined by my anti-virus program, but the damage was done; my passwords had been broadcast and soon three sites were hacked.
To ensure FileZilla is not storing passwords check for the password files. In Windows 7, search for %appdata%/filezilla for the folder. This folder is different than the program folder. There may be a passwords.xml or recentservers.xml file there. Even if you delete these, and use "Ask for Password" for "Logon Type" in the program, the password of your last accessed site is always saved and stored in the recentservers.xml file. And its far too easy to use the "Normal" log on type, that saves your passwords in plain text, without you asking to have it saved.
To prevent FileZilla from saving passwords any time, create a file named "fzdefaults.xml" with a plain text editor, with these lines in it:
<?xml version="1.0" encoding="UTF-8" standalone="true"?> -<FileZilla3> -<Settings> <Setting name="Kiosk mode">1</Setting> </Settings> </FileZilla3>
Save the file to the FileZilla program folder, which is "C:\Program Files (x86)\FileZilla FTP Client" on my Windows 7 system.
(There is a sample "fzdefaults.xml" file in the /docs folder with dozens of settings.)
Share this topic:
Page 1 of 1