0

I am using Network Solutions hosting. I was recently attacked with JS:Illredir-S [Trj], I asked my hosting providers to clean it and they cleaned it and updated all passwords, but now after a week my site got infected again with JS:ScriptIP-inf [Trj].

Can anyone please suggest me how to secure my website properly ? Should I change my hosting provider ? I am fed up of these viruses again and again on my websites. I can't even find this virus in my files.

Please post informative answers. Thanks

3 Answers3

4

There's a lot of material out there regarding secure web application development. I'd recommend this article as a starting point - it has a recommended reading list.

If you are writing secure code, then you should consider if your hosting provider is secure. I used a cheap provider for a year or so and found adverts injected into my html files, "hacked by GROUP" pages in my directories, etc. The site required authentication to access and had no file uploader. I concluded that my hosting company must be fundamentally insecure, and switched - I've had no problems since.

Coincidentally, I also (accidentally) took the hosting company's front page and all of their websites offline for 15 minutes or so because somebody passed a width and height of 10,000 to an image generation script on my server. Have you had any similar worrying signs that your provider is incompetent? If so, you should definitely consider moving!

rjh
  • 191
  • 1
  • 3
  • Wow! Sounds like that hosting company was a single PC in someone's cupboard to me. Funny though... – Rik Heywood May 03 '10 at 14:17
  • You can check www.networksolution.com. They have excellent alexa ranking and looks like a huge company. I don't think their servers are insecure, I just don't know how my site is getting infected again and again. –  May 03 '10 at 14:31
  • I read your article and it shows how to write secure web applications. However, my websites are not written by me, one is wordpress site and other is a php melody script (not written by me) so i cannot code them again according to that article. I just want to find out if my hosting is unsecure or what is the issue behind getting hacked again and again? –  May 03 '10 at 14:35
  • 3
    Wordpress is a ridiculously high profile target because it's so ubiquitous, unless you keep on top of updates as fast as they come out, wordpress could easily be acting as a point of entrance. – Kzqai May 03 '10 at 15:29
4

Rizwan,

I had the same issue, visitors to my site were complaining about the same virus you mention being downloaded. Network Solutions strikes again! Here's what I did to fix:

  • in the root of my site was an .htaccess file. I don't use one so that was a red flag and the modified date was 5/2/2010.
  • open .htaccess in a text editor and look where it's pointing, there will probably a .php file that it's pointing to. I deleted both the .htaccess file and the .php file it was referencing and voila! No more antivirus yammering at me and no more redirection attempts.

Here's the blog where I found the solution: http://blog.sucuri.net/2010/05/new-infections-today-at-network.html

Hope this helps.

John Gardeniers
  • 27,262
  • 12
  • 53
  • 108
3

You need to look at Wordpress specific resources: see FAQ: My site was hacked « WordPress Codex and how-to-completely-clean-your-hacked-wordpress-installation and Wordpress Foums › hacked.

markratledge
  • 499
  • 5
  • 13
  • 24