Got hacked... not sure how
- Thread starter penguinbc
- Start date
Winscp via sftp or scp is more secure. Filezilla stores your passwords in plaintext which makes it pretty easy for anyone sniffing around to grab them. It's not safe practice to store your passwords in any program but since you may have 50 plus unique passwords, one that utilizes decent encryption like keepass is a decent solution.
This is exactly what happened to myself and a few others I know like AllBizNiz here on WF. It's not a packet sniffer or keylogger.
Your local machine has been compromised by visiting a site that, like yours, was infected with this script. You possibly clicked on a fake antivirus warning or other fake popup system button.
In my case AVG and Malwarebytes failed to stop the intrusion and the script installed about 110 various trojans in about 10 seconds and mined my Filezilla cached settings and infected 8 sites on my dedi. This was on a Friday night.
I spent about 2 hours cleaning up my box and making sure everything was in order but unbeknownst to me the box was also rooted with Linux running in the background and was sending Viagra spam all weekend. It wasn't until Monday morning when a client called to tell me their site was infected and my ISP wrote me to tell me they were shutting down ports until I sorted my shit out that I realized what was going on. If you don't get the rootkit off your box it'll just keep reinfecting your sites.
I now use Kaspersky and PrevX.
As far as password management goes, try Keepass professional edition. It's free and has great plugins for Chrome and Firefox. You can configure Filezilla to launch from within the app so it no longer stores any data.
Downloads - KeePass
Here are the instructions on how to integrate Filezilla in your Keepass settings.
An alternative to storing passwords in FileZilla or other FTP clients | Stellar Web Works
Your local machine has been compromised by visiting a site that, like yours, was infected with this script. You possibly clicked on a fake antivirus warning or other fake popup system button.
In my case AVG and Malwarebytes failed to stop the intrusion and the script installed about 110 various trojans in about 10 seconds and mined my Filezilla cached settings and infected 8 sites on my dedi. This was on a Friday night.
I spent about 2 hours cleaning up my box and making sure everything was in order but unbeknownst to me the box was also rooted with Linux running in the background and was sending Viagra spam all weekend. It wasn't until Monday morning when a client called to tell me their site was infected and my ISP wrote me to tell me they were shutting down ports until I sorted my shit out that I realized what was going on. If you don't get the rootkit off your box it'll just keep reinfecting your sites.
I now use Kaspersky and PrevX.
As far as password management goes, try Keepass professional edition. It's free and has great plugins for Chrome and Firefox. You can configure Filezilla to launch from within the app so it no longer stores any data.
Downloads - KeePass
Here are the instructions on how to integrate Filezilla in your Keepass settings.
An alternative to storing passwords in FileZilla or other FTP clients | Stellar Web Works
I got hacked a few years back and all my sites went POOF. It was a security issue with my hosting company (not going to name any names *1and1*cough*). Luckily, I was able to restore most of them but it's definitely a shitty feeling. Hope you get everything worked out.
Had the same on 2 of my dedicated servers within the past 3 month. One server was somewhat easy to restore, however it was hit twice. Once right after I fixed it the first time. The sites were in svn, so just a couple of clicks here and there. I noticed some Russian admin php script was added to phpmyadmin directory. Was pretty nice actually, don't remember the name off the top of my head. I looked all over, couldn't find how they got in, but found a few 777 folders that I changed back and added server authorization to phpmyadmin folder. Haven't had a problem since then.
The other server was centos. Was a pain to go through all the files and fix them. Pretty easy to find all the files though since the change time was within an hour on a certain date. Disabled ftp on that server.
The other server was centos. Was a pain to go through all the files and fix them. Pretty easy to find all the files though since the change time was within an hour on a certain date. Disabled ftp on that server.
