Website hacked, my G5 as well?
Hello -
I built my first website awhile back using the corporate software. I know very little HTML and almost as little about the innards of OS X.
Recently it was brought to my attention that Google was listing the site as "This site may harm your computer" and there were reports of peoples boxes being screwed with. I was skeptical, but notified my hosting service anyway, and was surprised to get this response:
I do not have any virus detection software, nor do I really know what a Trojan or Keylogger is. I was hoping someone here might have some advice for me as to how to check the security of my OS.
I am the only one in this house that would know how to even use this machine so if someone got in they almost had to come through the net.
Many Thanks!
G5 1.8x2
10.4.7
DSL
It is on a LAN with my laptop via a Linksys router (all wired, no wireless connections). Firewall is off in System Prefs.
I built my first website awhile back using the corporate software. I know very little HTML and almost as little about the innards of OS X.
Recently it was brought to my attention that Google was listing the site as "This site may harm your computer" and there were reports of peoples boxes being screwed with. I was skeptical, but notified my hosting service anyway, and was surprised to get this response:
Quote:
It does indeed look like some malicious code was inserted into your home page (index). It was an iframe tage that involked a payload, and there were a couple of javascript impossible math function to keep the browser busy.
We have removed this code for you and secured your website with a new password.
I recommend you immediately scan your hard drive for viruses, trojans, and especially keyloggers that might have compromised your password. Please do this at your earliest convenience. Also scan the drive of any other machine you may have used to access this account via FTP.
I also recommend you change the password of your main email account. It is possible it was compromised as well.
When you are sure you have a clean system (including secure email), please let us know and we'll send your new updated password for the website.
It does indeed look like some malicious code was inserted into your home page (index). It was an iframe tage that involked a payload, and there were a couple of javascript impossible math function to keep the browser busy.
We have removed this code for you and secured your website with a new password.
I recommend you immediately scan your hard drive for viruses, trojans, and especially keyloggers that might have compromised your password. Please do this at your earliest convenience. Also scan the drive of any other machine you may have used to access this account via FTP.
I also recommend you change the password of your main email account. It is possible it was compromised as well.
When you are sure you have a clean system (including secure email), please let us know and we'll send your new updated password for the website.
I do not have any virus detection software, nor do I really know what a Trojan or Keylogger is. I was hoping someone here might have some advice for me as to how to check the security of my OS.
I am the only one in this house that would know how to even use this machine so if someone got in they almost had to come through the net.
Many Thanks!
G5 1.8x2
10.4.7
DSL
It is on a LAN with my laptop via a Linksys router (all wired, no wireless connections). Firewall is off in System Prefs.
Comments
I am aware of no Trojans, Viruses, or Worms that can infect the Mac OS. As for keyloggers, I'm not sure. Perhaps someone more learned than I can help in this matter.
Just reupload your site and all should be good unless they hacked your computer. Normally, your site just gets hacked on the web host server.
Use a very strong password and use a web host that cares about security. IPowerWeb sure doesn't. I just moved to 1and1.com hoping for better security precautions.
I do not have any virus detection software, nor do I really know what a Trojan or Keylogger is. I was hoping someone here might have some advice for me as to how to check the security of my OS.
It's more likely they went through the server and not your home computer. A Trojan is a piece of code that gets in by disguising as something else like an email attachment. These only usually execute on Windows. A keylogger is a program that records whatever you type in order to get passwords. They can be used together, so for example, you would send an attachment with a trojan that installs a keylogger, which then sends out passwords.
Once you change your password on your server and reupload your site as suggested, it should be ok. For all you know, it might have been the server people themselves that screwed up.
I posted on Apple's forum and it was suggested I run ClamXav. Haven't got around to doing much with it yet, but I intend to, and also change my email password.
I use Rovin Net as my host and they've been very responsive and relatively reasonable pricewise. I'll tell them I have a Mac so the hacking is most likely on their end!
I host my own site, and the most malicious thing I have seen was someone uploaded PHP scripts to scan my directory structure. From what tI can tell they could see pretty darn far, but couldn't delete anything, though a script that could was also uploaded. I have tightened security a lot since then.
Hardware keyloggers don't care what OS you use and can still be used if the victim doesn't check their computer frequently.