: Hacker Crawler inserting iframe into ftp file Somehow, a "hacker crawler" is constantly inserting a harmful iframe-line into one of my files: It's done automatically, and not by a person, I
Somehow, a "hacker crawler" is constantly inserting a harmful iframe-line into one of my files:
It's done automatically, and not by a person, I assume.
I've changed all my passwords several times as well as the CHMOD of the file, so I assume this is somehow done on my site.
Any ideas how the crawler does this and how I can prevent it?
More posts by @Moriarity557
3 Comments
Sorted by latest first Latest Oldest Best
The easiest way I know of to find a vulnerability of an outdated version of software is to look at the change logs of the next version up. See what was fixed in the newer version and start looking there. (This would likely include all outdated software IE ftp client, your server software, your CMS and so on).
Also if you have a backup from before the issue occurred revert back to that using SSH or A different ftp client rather then your ftp client if you think that is where the issue is.
Are you or someone who have access to this environment using Filezilla as FTP client?
If so, be aware that this program saves the clear password in INI files, and it's used by trojans to infect websites...
Path (Windows 7)
C:Users[USER]AppDataRoamingFilezilla
Files
bookmarks.xml
recentservers.xml
Hmm... It's hard to say without seeing the page, and the code the drives it. I don't have any experience with that CMS, but, from what I can tell, it looks like it is being inserted into, then pulled out of a database, not a modification via FTP. If that is the case, I would:
change your database password
point the CMS to the same database, with the new password
remove the iFrame, and see if the problem persists, with the new password
Usually things like this are a matter of trial and error.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.