How can I stop this?

H

Helvetica

New member
Hi everyone.
I wonder whether anyone here can help: Since about May 2010 the index.html of my website (academic content) keeps being changed by outsiders, i.e. several hundred lines of hidden advertising for various medications, software etc. suddenly appear in the middle of the coding, but the lines are not visible to my website visitors. This is a form of Black Hat SEO according to AGV Safe-Surf. As a result, google has written to say that they have stopped crawling my site until the problem is solved.
Some info:
- I am the only person with ftp access
- the password is very complicated and unlikely to have been hacked,
- the password has been changed every month but the advertising injection is still happening,
- it happens at various times of the day, at different intervals, sometimes after 2 days, sometimes a week, sometimes 2 weeks.
- the website looks exactly the same except that some dropdown lists/menus do not work after the illegal alteration has taken place
- permissions are set to a minimum although index.html files seem to require
-R-W-X settings for "world" otherwise they do not seem to work.
- the only public upload area is password protected.
- there is a old search function on the website using some old scripts (I inherited the website from a deceased friend and continue to run it)
- only index.html files are affected.
- the hidden advertising link to various hacked blogs, to which they have apparently added their own sub-folders or they are using little-used folders on the hacked blog to spread their filth (when I write to the blog owners they did not know that they had been hacked and all seem to use something called WordPress).
- I did a Spybot check of my own pc (all my website files are on an external drive) and found nothing nasty.

I have tried to find out how to stop them but although there is lots of information about this SEO stuff (Search Engine Optimization) on the internet, I cannot find out how to stop them and how they are getting in to my website to do it.
Does anyone have any suggestions ? Perhaps using .htaccess (with what as content?) ?
I am at my wits' end !
 
LOL, they seem to be having a problem too:
This is what clicking the second link gets me, as well as copying and pasting the link into the url line...
>Internal Server Error
>
>The server encountered an internal error or misconfiguration
>and was unable to complete your request.
>
>Please contact the server administrator, [no address given] and
>inform them of the time the error occurred, and anything you
>might have done that may have caused the error.
>
>More information about this error may be available in the server error
>log.

Don't seem to be having much luck, do I :sad:
 
Hello Helvetica,

I checked all the links again and no problem here.
Helvetica said:
Since about May 2010
Click to expand...
That is a long time to have left an infected site up. :lip:

Is your machine a personal computer? Please list your security programs and the operating system. :)

Best regards.
 
I upload the clean version of the affected files every couple of days or as soon as I notice that the file has been changed (I notice it online when the dropdown list arrows have disappeared).
Yes, my entire website - the over 300,000 txt, jpg, and html files (it is a huge website) are on a new, 1 Tera external harddisk of my personal PC, backed up to a second 1 Tera external HD every night. NONE of the files on either of the HDs have any of those type of advertising lines in them.

I am the only one who uses the PC and generally do not download dodgy stuff (I learned THAT lesson about 5 years when my old PC got hit by a dodgy program).
Security: I use Spybot, AGV full registered version, and AdAware. I clear out my cookies with paranoic regularity and can also fire up SuperAntiSpyware when I want to. I do not open unexpected (i.e. stuff I am not expecting etc.) email attachments and use Mailwasher to check emails. I do not follow those "you have received a greetings card" type links in emails, I delete the entire email (and bounce them using Mailwasher), I am not on facebook or any other type of "social networking" websites and bounce all invitations coming from them.

My OS is XP and all updates and patches are done automatically.
 
Hi Helvetica,

Are you still unable to access Stopbadware.org from your computer?

Best regards.
 
Hi Tashi
Yes I was able to access it and all the instructions have already been followed.
I just wish I knew which "door" they were using to get in.
I think it is disgusting that people can destroy peoples' websites like this just to increase ranking.
I have switched "safe surf" on in my AGV and changed my Home Page to the page "they" have been changing so hopefully I will see quickly if it has been changed again.
 
That is a very handy link - I don't know how far into the structure it goes (As I mentioned before I have over 250,000 txt and html files on my website, and believe me, they are all necessary) but it says it is clean.
Thanks for the link.

What I could REALLY use is a small php program which would check every single HTML file of my website (on the server) for certain words.
I already have a small PHP prog. (which a friend wrote for me) which tells me how many different references (it's an academic website and each item has a specific reference) I have covered. Every item has one .txt file so the php runs down every sub-directory (which I had to add to the prog using wildcards) and counts the number of .txt files and displays the list which I then copy and paste into my xls file.
I am useless at php but something like that checking for certain text strings would be very useful.
 
Last edited:
You must log in or register to reply here.
Back
Top