things for sale appeared on my site

[lahive]

Hi, a strange thing just happened. I was refreshing the thumbnail on my profile at w3c sites when I noticed in the resulting screenshot a load of text had appeared in the right hand corner of my homepage. When I checked my site it looked fine so I thought it was a quirk on the w3c sites side. I decided to check all the pages which looked fine and then finally validated my site. I found 81 errors linked to bad image tags and open links connected to puma trainers and prada handbags. So a bit confused I uploaded new pages and now all is OK. Any ideas what the hell that was all about?

[falsealarm]

Could your site have been compromised? I'd strongly recommend that you check the code against your baseline. When sites are compromised they push to scams with higher return on investment such as pharmacy sites, adult sites, etc. However, this is not to say that they won't use it for other things.

[tuxus]

It does sound like a compromise, request information from your host so you can figure out what the vulnerability was.

[lahive]

I guess so, but how I don't know. Luckily it's a small site so I just uploaded new content easily. I read a couple of the threads here and then checked for files on my server that shouldn't be there. I'll definitely be checking on it regularly from now on.

[lahive]

It does sound like a compromise, request information from your host so you can figure out what the vulnerability was.

yes, I'll do that. thanks.

[Jonathan Kinney]

One other thing to consider is how secure your password is, as in that it is at least 8 characters with upper case, lower case, numbers, and symbols, for example. I have been running into many users that don't really give it a second thought and setup a user (that has FTP access) with a username and password combo of something like rachel:rachel or bobassword, and well any plain word or even any plain word with 123 at the end is going to be guessed. Those are some examples, but I am sure you get the point. Computers don't get tired, and they work fast, a programmer can tell a computer to scan the internet as fast as it can with common usernames and passwords, and it can try hundreds a minute... well a lot more than that. Don't let your password be guessable, follow the guideline mentioned in the first sentence.

It could be something else too, but I wanted to toss that bit in there anyway, just in case.

[lahive]

One other thing to consider is how secure your password is, as in that it is at least 8 characters with upper case, lower case, numbers, and symbols, for example. I have been running into many users that don't really give it a second thought and setup a user (that has FTP access) with a username and password combo of something like rachel:rachel or bobassword, and well any plain word or even any plain word with 123 at the end is going to be guessed. Those are some examples, but I am sure you get the point. Computers don't get tired, and they work fast, a programmer can tell a computer to scan the internet as fast as it can with common usernames and passwords, and it can try hundreds a minute... well a lot more than that. Don't let your password be guessable, follow the guideline mentioned in the first sentence.

It could be something else too, but I wanted to toss that bit in there anyway, just in case.

Thinking about it some passwords are fiendishly simple. Will change that today. Thanks for the tip.