SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Zealot lahive's Avatar
    Join Date
    Mar 2009
    Location
    South Wales
    Posts
    139
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    things for sale appeared on my site

    Hi, a strange thing just happened. I was refreshing the thumbnail on my profile at w3c sites when I noticed in the resulting screenshot a load of text had appeared in the right hand corner of my homepage. When I checked my site it looked fine so I thought it was a quirk on the w3c sites side. I decided to check all the pages which looked fine and then finally validated my site. I found 81 errors linked to bad image tags and open links connected to puma trainers and prada handbags. So a bit confused I uploaded new pages and now all is OK. Any ideas what the hell that was all about?

  2. #2
    SitePoint Zealot falsealarm's Avatar
    Join Date
    Sep 2008
    Posts
    147
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Could your site have been compromised? I'd strongly recommend that you check the code against your baseline. When sites are compromised they push to scams with higher return on investment such as pharmacy sites, adult sites, etc. However, this is not to say that they won't use it for other things.

  3. #3
    SitePoint Addict tuxus's Avatar
    Join Date
    Feb 2009
    Posts
    254
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It does sound like a compromise, request information from your host so you can figure out what the vulnerability was.

  4. #4
    SitePoint Zealot lahive's Avatar
    Join Date
    Mar 2009
    Location
    South Wales
    Posts
    139
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I guess so, but how I don't know. Luckily it's a small site so I just uploaded new content easily. I read a couple of the threads here and then checked for files on my server that shouldn't be there. I'll definitely be checking on it regularly from now on.

  5. #5
    SitePoint Zealot lahive's Avatar
    Join Date
    Mar 2009
    Location
    South Wales
    Posts
    139
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by tuxus View Post
    It does sound like a compromise, request information from your host so you can figure out what the vulnerability was.
    yes, I'll do that. thanks.

  6. #6
    SitePoint Enthusiast
    Join Date
    Aug 2008
    Location
    Everett WA
    Posts
    80
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    One other thing to consider is how secure your password is, as in that it is at least 8 characters with upper case, lower case, numbers, and symbols, for example. I have been running into many users that don't really give it a second thought and setup a user (that has FTP access) with a username and password combo of something like rachel:rachel or bobassword, and well any plain word or even any plain word with 123 at the end is going to be guessed. Those are some examples, but I am sure you get the point. Computers don't get tired, and they work fast, a programmer can tell a computer to scan the internet as fast as it can with common usernames and passwords, and it can try hundreds a minute... well a lot more than that. Don't let your password be guessable, follow the guideline mentioned in the first sentence.

    It could be something else too, but I wanted to toss that bit in there anyway, just in case.
    Jonathan Kinney
    Data Systems Specialist
    Advantagecom Networks, Inc.
    http://www.simplywebhosting.com

  7. #7
    SitePoint Zealot lahive's Avatar
    Join Date
    Mar 2009
    Location
    South Wales
    Posts
    139
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Jonathan Kinney View Post
    One other thing to consider is how secure your password is, as in that it is at least 8 characters with upper case, lower case, numbers, and symbols, for example. I have been running into many users that don't really give it a second thought and setup a user (that has FTP access) with a username and password combo of something like rachel:rachel or bobassword, and well any plain word or even any plain word with 123 at the end is going to be guessed. Those are some examples, but I am sure you get the point. Computers don't get tired, and they work fast, a programmer can tell a computer to scan the internet as fast as it can with common usernames and passwords, and it can try hundreds a minute... well a lot more than that. Don't let your password be guessable, follow the guideline mentioned in the first sentence.

    It could be something else too, but I wanted to toss that bit in there anyway, just in case.
    Thinking about it some passwords are fiendishly simple. Will change that today. Thanks for the tip.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •