Hola!- One of My Sites Got Attacked by A Worm.


Hola!- One of My Sites Got Attacked by A Worm.

One fine morning as I was browsing some sites we did using Mozilla 3.5 and I clicked on on link to our demo servers, one of my sites started showing this message. I got shocked what the f**k is this? Its like our demo server got attacked..

I was in panic , called the server support, raised a critical support ticket, did all that is possible.

Mozilla's Alert Message for any attacked site reported by Google.

Mozilla’s Alert Message for any attacked site reported by Google.

Thanks a lot to my server company IXwebhosting, they checked my sites and were able to tell me it was an ftp stolen password issue.

They cleaned by sites and told me that some system in my network has a trojan which used to send passwords to some remote server and it used to automatically login using my password and change files in the ftp.

We cleaned all PCs in our network and got everything setup. However to remove the error message from Mozilla, I had to use my google account and personally go to Google’s web master tools and get my site reviewed by Google.

Request Review by Google.

Request Review by Google.

The very day I got my site restored back.

But wait!!!!

This attack took place again and I was shocked… We went back to the hosting company, they said again the ftp passwords have gotten stolen.

Lol!! We were like, what can be done now!

The hosting company was a real savior, they have a special ftp firewall software installed with them , using which we can allow or deny a particular IP range to access our ftp.

Voila!, we got the solution, I limited the ftp access to a IP subnet within our Airtel network here.

There are two files ftp.allow and ftp.deny. The format depends from firewall to firewall which your server company deploys.

So finally I can sit and have coffee in peace, with the attacker thinking what went wrong 😉 lolz