View Full Version : Is it a hacker or a robot?

06-06-2007, 09:58 PM
I happened to check the sourcecode of one of my webpages last week, I hadn't in months. I never thought to check up on it because it always looked fine. However, it was filled with spam, hidden inside of div tags... I deleted it all and now there is some spam again. Here is a sample:

<div id="lyrbms" style="position:absolute; width:147px; height:70px; z-index:1; left: -534px; top: -487px;">Learn how to setup your own <a href="http://www.ballisticmerchantservices.com">merchant account</a> that will enable you to <a href="http://www.ballisticmerchantservices.com">accept credit cards</a>. If your business is classified as high risk, you should setup a <a href="http://www.ballisticmerchantservices.com/high_risk_merchant_account.asp">high risk merchant account</a>. Here are some <a href="http://www.visamastercardlogos.com">credit card logos</a> to use on your website and shopping cart.</div>

How the heck is it getting there and how can I prevent it? The page is a simple html page, no forms or functionality beyond links.

Thank you in advance!

06-06-2007, 11:14 PM
Are you using a free host? Some hosts put spam in your code.

06-06-2007, 11:15 PM
If you have absolutely no server side script files of any kind in any of your folders (actually you should check and make sure that all the files present are only the ones you put there) then there are two general possibilities -

A script in some other account on the server has read/write privileges to your folders and files. This would indicate that the server permissions were either never setup correctly or have been compromised.

Someone has guessed (or has a virus/key-logger on your's or an administrator's computer) a username/password for your control panel or FTP account or for an administrator's account or has somehow else obtained access to the server and is able to read/write your files.

You should notify your hosting company that someone/something has modified files and you should also change all your passwords for your control panel, FTP accounts, and for any other remote means of accessing the server. Use good strong passwords that use both upper and lower case letters and numbers and are 8 or more characters long.

I also assume that you have good, up to date anti-virus and firewall software running on your computer? It might be time to do a full system scan using them to help rule out the possibility that someone learned usernames/passwords from your computer.

06-07-2007, 07:00 PM
If you are using a free hosting provider, then you are getting what you paid for.

If you are paying for the hosting and you are serious about the security of your site, I recommend signing up with a security scanning company.Assuming that someone didn't guess your password and the shared hosting provider knows what they're doing as far as sand-boxing everyone sharing the server, a good scanning company will let you know if all the latest vulnerability patches are applied and various back doors that hackers use are closed. We use several companies but I have personal experience with Security Metrics (www.securitymetrics.com).

Good luck -- hope this helps.