Comments on: My site was hacked! Invisible iframe to Chinese malware site

By: mike

mike — Fri, 10 Dec 2010 14:21:03 +0000

true, well maybe its not in China, but somewhere in the world then!!! but hey, they may be exporters! those aren’t doing so good

By: andrew

andrew — Fri, 10 Dec 2010 13:57:24 +0000

What tough economy? There is no economic crisis in China.

By: Will

Will — Mon, 01 Mar 2010 13:34:05 +0000

SSH and SCP are the way to go for remote communications unless you can VPN in. SCP is a powerful command line tool, and there are some graphical versions out there as well I’m sure. Also, enforcing strong passwords is a good idea. If your server isn’t secure, a strong password doesn’t matter though…

By: Matthias-Müller

Matthias-Müller — Mon, 24 Aug 2009 20:35:20 +0000

Damn, that sound’s so easy if you think about it.

By: vijay

vijay — Fri, 10 Jul 2009 07:49:18 +0000

Thank for the Great Feedback. I was suffering with the malware for our client’s website. These malwares cause lot of problem for the website.
We need to thoroughly clean the malware before loading to the server. Otherwise the malware scripts getting loaded every time after we upload our back up files into the server.

By: Alan

Alan — Thu, 09 Jul 2009 09:36:21 +0000

Thanks for the advice, my site has been hacked three times in one month, I have followed all what the service provider said to follow and it still happened. What they never told me is what you mention above. I use a Mac so will have to search for some catchers for OS X.. Have been using Nortons, but from what I read its not worth it. Thanks again.

By: mike

mike — Tue, 16 Jun 2009 15:28:19 +0000

Thanks Thomas!
wow, such a quick response to my post. I really appreciate this great feedback and solution. It is sad to see how others are profiting off all these small business owners and entrepreneurs hard work.

By: Thomas J. Raef

Thomas J. Raef — Sun, 14 Jun 2009 12:07:27 +0000

We’ve been seeing a huge increase in the number of people having their websites “hacked”. One of the most common ways right now is by infecting a PC then “sniffing” for FTP traffic.

Think about it. How many people have websites these days? It seems like everyone.

So why not infect PCs then wait for when they upload to a website through a protocol that sends everything in plain text?

You see, FTP does not encrypt it’s traffic. We created a YouTube video on how insecure FTP is: http://www.youtube.com/watch?v=oYI1kssrrbc

We’ve been recommending a couple of things. First, use AVG or Avast along with Malwarebytes. These have been catching more viruses/trojans than many of the more popular anti-virus programs have.

Second, if you update a website or websites, ask your hosting provider about moving to either SFTP or FTPS. Both of these protocols encrypt their traffic making it nearly impossible to sniff for username and password.

Last, stop using an administrator account on your PC for everyday work. A virus/trojan/worm can usually only obtain the same rights as the currently logged in user. If the current user can install software, then so can the malware. If the current user cannot install software, then neither can the malware.

There you are 3 things to do to protect your website from getting hacked – and if you use the free versions of the anti-malware software we’ve recommended, these 3 things cost you nothing!

I hope you found this information worth more than you paid for it.