www.leopardprintcats.com
I got the message that the site was distributing malware. I maintain it for my parents and I found a weird “robots.txt” file in there that I never put up. I’ve deleted and replaced all of the files using the clean ones from my local hard drive, but I’m worried it will happen again… I’m not very tech savvy – how do I know where this came from in the first place so I can prevent it in the future?
Without knowing what code you found, it’s difficult to say how it happened.
However, if you read through some of the posts in this forum you’ll see that many of the sites here have been infected by a virus on the PC used to upload to the website.
What happens is the PC gets infected, yes even though you have an anti-virus program running, and it either searches for username and passwords or it sniffs the FTP traffic for the username and password.
So when the user updates their website, using the FTP protocol, the username and password is sent in plain text, the virus sniffs it, sends it to a server along with the destination IP address (the website). When the server gets it, it downloads the website, modifies the files with the infectious code, then uploads the malscipt based files back to the destination website.
We’ve seen instances where once the site has been infected, the cybercriminal’s server actually keeps checking it to be sure the malscript is still there. If not, it tries it again – which will work providing the user hasn’t changed the FTP password.
All of this is found in the log files. However, often times (okay maybe never) website owners don’t have anyone to review their log files, so much of this goes undetected until Google finds it.
I would suggest that you ask your hosting provider if they provide FTPS access instead of FTP. Then only use FTPS and change your password.
Post back here if you have any further questions.
Thomas J. Raef
“We Watch Your Website – so you don’t have to!”
http://www.wewatchyourwebsite.com
traef@wewatchyourwebsite.com
