Website Script Attack


#1

Ok, I’m a beginner with web hosting stuff. I know how to write code for building a site, but I don’t know my way around webhosting very much at all.

Some how, I keep getting a script attack on my html files. This happened to me on my last host, and is now happening here. I don’t know how to protect against it, nor do I understand how I got it in the first place. I didn’t want to link to the page with the bad script, but if you need an example let me know.

Any help is appreciated. I tried searching for a topic but couldn’t find one, so I hope this is not a double post or anything.

Thanks


#2

You’re going to have to supply a link and exceptionally precise details.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#3

The script was being written into all of my html files, but I replaced all of them except this one, to show as an example:

www.evrtstudio.com/design.html

When viewing the source, it is the script written directly after the code. That is not part of my original html file, and somehow, someone is writing this directly to the file on my server. I did not use any software to generate my website. It was hand coded in wordpad, and images were made with a basic photo editor.

I’m guessing it has something to do with the fact my directories are not protected? I haven’t set up any htaccess files yet because I’m not exactly clear on how too.

I hope this helps.


#4

Is the domain in a userspace that’s clear of any other scripts?

If not, create and move the domain to another user account.

You can lock the user directory down in panel:

[color=#00CC00]Users > Manage Users > Edit[/color]

  • Check Enhanced security option.

  • Change the user’s password.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#5

I’m lost. I appreciate the help, but I’m not following you. It’s probably my fault, if I didn’t give enough details.

All I know is this:

The only java script that was written into my html files was the google analytics code. Someone else is some how writing extra java script to my files, while on the server. I sent the script to Kaspersky (my antivirus) and they said it was an unknown trojan they were not aware of, so they added it to their list for the future.

I’ll try switching on the enhanced security you mentioned. Thank you for the help, I appreciate it!


#6

And change the password.

-Scott


#7

The enhanced security switch offers protection against others on your server by locking access down to only your user and the system. While unlikely that this is the method being used to insert javascript into your files, it’s a door that can be locked.

If you use Kaspersky it’s also highly unlikely that your password has been compromised via a keylogger, etc. - but we can’t rule out the possibilty so the password needs to be changed on the user’s account as well.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#8

I changed the passwords to both my FTP and admin account yesterday when I found out.

Thanks for all of the help, we’ll see what happens. I’m keeping my fingers crossed.