How my Webmaster removed some nasty malware that hijacked my website
In early December while on vacation in the popular Malaysian beach resort of Langkawi, I discovered that some malware had compromised my website/blog. It took me awhile to fully comprehend the severity of the havoc wreaked by this malware – in essence, all my search engine traffic had been hijacked and redirected to the spam website. The story of this hijacking was chronicled in a prior post.
After the realization that my online presence was totally crippled by this insidious bug, I pleaded with My Webmaster to see if he could find a fix. Initially he was stumped, but with dogged determination he discovered both how the hijacking was accomplished and a very simple fix – my FTP was hacked and a lot of white space/blank lines was added to the .htaccess file, followed by some lines telling the web server to forward any clicks coming from search engine results to the spam site.
The fix he said was quite simple – all he had to do was remove the extra code from the .htacess line. In addition, he recommended that I change my rather simple FTP password to something more complicated to make things difficult for potential hackers. For a full explanation of how the malware was removed from my site I suggest you visit his website and read about “The Fix”. A must read! In addition, while troubleshooting this malware issue, we came across another site that also dealt with the same problem (and offered a similar fix). Needless to say, after the nasty little bug was extricated from my site, I was quite relieved.
While discussing why my website was targeted, my webmaster came up with this explanation:
“If the errant webmaster targeted thousands of sites to be hijacked, then even if each site only gets 20 hits/day, that builds up to 10s of thousands of people directed to his site instead. Even if only 1% of those people buy the products, he’s making a lot of money. Furthermore, most of the websites that are hijacked probably have low to mid range Google Page rankings (2-4) like yours, so that he’s less likely to attract too much attention. It’s a shitty, low, repugnant thing to do, but some of these internet marketers and immoral webmasters resort to using such tactics”.
What can you do to prevent your website from being hijacked? I have come up with some handy tips to protect yourself.
- Use Firefox as your browser, minimize your use of Internet Explorer
- Avoid clicking on popup windows – especially those that offer free system or virus scan of your computer or those that offer freebies
- Generate some complex passwords of at least 8 characters for your FTP access, blog log in, e-mail logins etc. Use a tool like PC Tools password generator
- Keep your antivirus, malware, spyware definitions up to date. Remember to use your Firewall at all times.
Be Safe out there!
Sphere: Related ContentTags: hacking website, Internet, malware, search engine traffic
January 16th, 2009 at 8:25 pm
Your “advice” is 75% NONSENSE.
What can you do to prevent your website from being hijacked?
Unless you are running your website from your home computer then “advice” #1, 2, and 4 are complete nonsense. What browser you use, what you (and a web surfer) click on and what antivirus you use on your home computer has absolutely zip to do with your website which is on a different computer located far from where you are. Evenif you are a virus-infected mess, simply visiting a website wil not infect it.
Perhaps you still beleive you get can get AIDS from a toilet seat too?
January 16th, 2009 at 9:28 pm
@Banglamung - your reply is 100% arrogant, ignorant and unnecessary.
Firstly, the browser you use DOES have an effect on security - IE is insecure. Fact.
Secondly, what you click on DOES have an effect on security - if you think downloading Viruses, Worms and Trojans can’t have an effect on anything else you do online, then I can only assume you’re a clueless IE user severely lacking in any technical knowledge beyond locating the power switch on your PC.
Thirdly, and perhaps your most disturbing response, of COURSE the choice of Firewall/Antivirus makes a difference. A HUGE difference! Do you honestly believe that XP’s built-in chocolate fireguard is more capable of preventing attacks than say, Agnitum Outpost Pro, or ZoneAlarm? How can you be so obtuse?
It’s quite feasable that the particular Malware he downloaded, probably inadvertently via IE, was listening on port 21 for any open connections, then piggybacking that connection to upload files to the web server (located on a different computer far away from where he is, I hasten to add - amazing this interweb thing, eh?). Also, it was probably capable of doing this, since the Malware database for his AV software was not up to date, and therefore went unnoticed.
So, in summary, had he used Firefox instead of IE, the chances would have been reduced that the Malware was downloaded in the first place. Had he not clicked on a suspicious popup, the Malware would not have been downloaded and installed. Had the AV database been up to date, even had the previous two points been ignored, the Malware may very well have been detected and quarantined, and thus been unable to listen o port 21, piggyback an FTP connection to his web server, and upload the miscreant file. Can you see where this is going?
Finally, considering your evident horribly obvious ignorance, your final comment about AIDS doesn’t surprise me. In fact, I’m more surprised that I even graced it with a response.