Solved

Reported Attack Page!

Posted on 2012-12-21
4
312 Views
Last Modified: 2012-12-22
Dear Experts,

I have been asked by my client to look at his website, which displays "Reported Attack Page!" message when you try to view.
After looking at the source files that are uploaded at the web hosting service, it seems that the HTML files such as index.htm are ok, but as soon as I try to download and view any image files associated with the html files, I get the same message.
My questions are:
1. How does this happen?
2. What is the best way to remedy this?
3.  Is there a way to make sure that this does not happen again?

Please advise,  thank you!
0
Comment
Question by:yballan
4 Comments
 
LVL 83

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 167 total points
ID: 38714943
His files have been hacked and bad things put in the damaged files.  Someone could have guessed his password and done it or one of the other users on the server may have found a way to invade his site and make changes.  

The only 'cure' is to upload new undamaged files.  I keep the 'master copy' of all my sites on my own computers here so I can re-upload a 'good' copy if anything should happen to the files on the server.

The fist preventative measure is to change the FTP and account passwords.
0
 
LVL 25

Assisted Solution

by:Tony Giangreco
Tony Giangreco earned 166 total points
ID: 38714975
I agree with DaveBaldwin. We had that problem a few years ago. We didn't have a complete backup and it was a nightmare. We had to download the entire site to a Pc, run spyware and virus checkers against the code and them clean up java and php code that had ben inserted into the html files that we didn't have a recent backup for.

There are also online scanners you can use to scan and check your site to help ensure it is finally clean.

#1 rule: Update all passwords. Generally the best password is a suggested password that is generated in your cpanel.
0
 
LVL 53

Accepted Solution

by:
COBOLdinosaur earned 167 total points
ID: 38715696
Your first priority has to be to get the crap off the site.  An unsuspecting user with poor security practices could pick up infections from the site and spread them.

Then you need to upload what you have.  

Knowing how it happened does not deal with what should be the immediate priorities.  However when you get to it; you need to look at whether the host has adequate security protection.  If they do not you either need to change hosts or add more security to the site to fill the holes left by the host.

Then we get to the future and being able to respond and resolve these issues in minutes with well thought out backup procedures.

HTH
Cd&
0
 

Author Closing Comment

by:yballan
ID: 38715881
Dear Experts,

Thank you for you replies, and I am glad to hear that what I did first was on the right track, which is to request a password change, then to request getting the original files from the previous webmaster.  (I hope they still have them.....)
It is just good to hear from someone with the experience, because web site management is usually not part of my job.
Thanks again!!!
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

How many times have you been browsing the internet, with multiple tabs open, and closed the wrong one? Have you ever clicked 'Close all tabs' instead of 'Close current tab' ? Internet Explorer 8 now brings to you, what Firefox has had for a wh…
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question