virus on my website

Hi guys

I am been dealing with some issues on my website, i noticed 2 weeks ago that some of the pages were not working, i called the web site company and they said that somebody changed the permission in those pages, then errors start popping up every other day, the latest today, he said that mostlikely there is a virus in my network that is uploading files through dreamweaver.

questions
can a virus manage a software(dreaweaver), start a live connection and upload files?
is this possible?
what else could eb hapenning here?

is there proabbly a virus in the host not in my computer?

please comment


titorober23Asked:
Who is Participating?
 
Russell_VenableCommented:
The difference between having a compromised hosting provider and running vulnerable server-side code is mainly who is responsible for security and providing just that.  The simple answer is both. Never let your guard down.

Hosting Provider:
I wont go into a lot of detail about hosting provider problems, but take for example they could be a hosting the brand new PHP version 5.xx and forgot to set proper access restrictions. Like for instance. If a attacker knew that the default installation path on the server was something like "/usr/website/user/config.php5" and there was a debug script using PHP he could 1.) Identify useful information used to gain leverage in there next attack 2.) Gain remote access and compromise all users by spreaing through there own resources and on from there. Reason being that things like this should never be accessable to client-side users and restrictions should be strictly enforced.


Server-Side code:
This usually falls on the website owner. Lets say the owner just had someone create there website using php5 and the creator either did not have adequate security practices in developing php code or knew exactly what they where doing and did not tell the owner about the implications.  These kind of problems lead to a attacker gaining access in this case by testing if these restrictions are in effect by testing input validation. Which is a widely used skill by a lot of intruders. This is only one example of many. You can see the examples in the security guides below


If you are having the same problem after reading and implementing the security guidelines below for PHP I would suggest moving your hosting to a different provider that actually takes a active security role protecting there users. If it is not the hosting provider and you do find these holes. The best thing I can suggest is patch, patch, patch! You have to do close the vulnerability and recover from the damages done.

Since you run a website using PHP I would suggest that you read these articles and focus on fixing these issues if you have any of these vulnerabilities. Its a good idea to checkup on new threats that pertain to your situation and assess the situation and execute a solution that works for you.


PHP Security Guide's and examples of security flaws
phpsec.org or http://php.robm.me.uk

Dreamweaver Security flaw examples:
http://www.cvedetails.com
0
 
akhalighiCommented:
It's unlikely to be something in your dream weaver. I'd go after web site company to run a  through virus scan. Is this a dedicated host ?

Close dream weaver on your machine for some time ,download and run Microsoft process explorer and see if a virus launches DreamWeaver.
0
 
titorober23Author Commented:
even if it launches dreaweaver, how is it going to connect to the site, there is an extra step to do it, how is it changing pages in different dates, this is weird.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
akhalighiCommented:
Yes , it is very unlikely. I guess web hosting support just said something to avoid escalation.is this a shared hosting company ? is it a famous hosting company ?
0
 
Jason C. LevineNo oneCommented:
I agree that it is highly unlikely to be Dreamweaver.  Basically an attacker would have to have remote control over your machine and you would probably notice that.

Much more likely is the host is compromised or your password is compromised and the attacker is executing commands directly on your hosting account.  DW encrypts passwords in the registry so again, unlikely to be the source of the problem.  

If you are using plain old FTP to login to your site (instead of SFTP), then the account information is sent in the clear as plain text and can be sniffed.  You should check to see if your ISP supports secure FTP and switch to a new host if they don't.
0
 
titorober23Author Commented:
yes, this is a shared hosting account.
0
 
Russell_VenableCommented:
Yes, it's very possible. You probably have some kind of vulnerability in your hosted websites infrastructure. It could also be the hosting server. Usually in this case they get in from poorly written code. Is your website mainly composed of dreamweaver or some kind of server-side code like php?
0
 
titorober23Author Commented:
php
0
 
titorober23Author Commented:
what is the difference
please expalin
thx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.