Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

virus on my website

Posted on 2011-10-25
9
Medium Priority
?
455 Views
Last Modified: 2013-11-22
Hi guys

I am been dealing with some issues on my website, i noticed 2 weeks ago that some of the pages were not working, i called the web site company and they said that somebody changed the permission in those pages, then errors start popping up every other day, the latest today, he said that mostlikely there is a virus in my network that is uploading files through dreamweaver.

questions
can a virus manage a software(dreaweaver), start a live connection and upload files?
is this possible?
what else could eb hapenning here?

is there proabbly a virus in the host not in my computer?

please comment


0
Comment
Question by:titorober23
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 10

Assisted Solution

by:akhalighi
akhalighi earned 100 total points
ID: 37025361
It's unlikely to be something in your dream weaver. I'd go after web site company to run a  through virus scan. Is this a dedicated host ?

Close dream weaver on your machine for some time ,download and run Microsoft process explorer and see if a virus launches DreamWeaver.
0
 

Author Comment

by:titorober23
ID: 37026083
even if it launches dreaweaver, how is it going to connect to the site, there is an extra step to do it, how is it changing pages in different dates, this is weird.
0
 
LVL 10

Expert Comment

by:akhalighi
ID: 37026128
Yes , it is very unlikely. I guess web hosting support just said something to avoid escalation.is this a shared hosting company ? is it a famous hosting company ?
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 70

Assisted Solution

by:Jason C. Levine
Jason C. Levine earned 100 total points
ID: 37026490
I agree that it is highly unlikely to be Dreamweaver.  Basically an attacker would have to have remote control over your machine and you would probably notice that.

Much more likely is the host is compromised or your password is compromised and the attacker is executing commands directly on your hosting account.  DW encrypts passwords in the registry so again, unlikely to be the source of the problem.  

If you are using plain old FTP to login to your site (instead of SFTP), then the account information is sent in the clear as plain text and can be sniffed.  You should check to see if your ISP supports secure FTP and switch to a new host if they don't.
0
 

Author Comment

by:titorober23
ID: 37027010
yes, this is a shared hosting account.
0
 
LVL 15

Expert Comment

by:Russell_Venable
ID: 37036343
Yes, it's very possible. You probably have some kind of vulnerability in your hosted websites infrastructure. It could also be the hosting server. Usually in this case they get in from poorly written code. Is your website mainly composed of dreamweaver or some kind of server-side code like php?
0
 

Author Comment

by:titorober23
ID: 37038217
php
0
 

Author Comment

by:titorober23
ID: 37038218
what is the difference
please expalin
thx
0
 
LVL 15

Accepted Solution

by:
Russell_Venable earned 400 total points
ID: 37040621
The difference between having a compromised hosting provider and running vulnerable server-side code is mainly who is responsible for security and providing just that.  The simple answer is both. Never let your guard down.

Hosting Provider:
I wont go into a lot of detail about hosting provider problems, but take for example they could be a hosting the brand new PHP version 5.xx and forgot to set proper access restrictions. Like for instance. If a attacker knew that the default installation path on the server was something like "/usr/website/user/config.php5" and there was a debug script using PHP he could 1.) Identify useful information used to gain leverage in there next attack 2.) Gain remote access and compromise all users by spreaing through there own resources and on from there. Reason being that things like this should never be accessable to client-side users and restrictions should be strictly enforced.


Server-Side code:
This usually falls on the website owner. Lets say the owner just had someone create there website using php5 and the creator either did not have adequate security practices in developing php code or knew exactly what they where doing and did not tell the owner about the implications.  These kind of problems lead to a attacker gaining access in this case by testing if these restrictions are in effect by testing input validation. Which is a widely used skill by a lot of intruders. This is only one example of many. You can see the examples in the security guides below


If you are having the same problem after reading and implementing the security guidelines below for PHP I would suggest moving your hosting to a different provider that actually takes a active security role protecting there users. If it is not the hosting provider and you do find these holes. The best thing I can suggest is patch, patch, patch! You have to do close the vulnerability and recover from the damages done.

Since you run a website using PHP I would suggest that you read these articles and focus on fixing these issues if you have any of these vulnerabilities. Its a good idea to checkup on new threats that pertain to your situation and assess the situation and execute a solution that works for you.


PHP Security Guide's and examples of security flaws
phpsec.org or http://php.robm.me.uk

Dreamweaver Security flaw examples:
http://www.cvedetails.com
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question