The nightmare for any site owner is his site getting hacked. These days we find hundreds of posting on their sites main page
getting replaced by an index.htm file, that holds an iframe, loading some Chinese , Turkish or Russian website. This index.htm file loads every time someone visits your site, bypassing your actual home page. The immediate solution is to delete this index.htm. But you will see that this page will be replaced within no time putting your site in bad shape as before.
So the next solution is to contact the hosting provider. No hosting provider would help you, they would say its just a programming issue or somebody hacked your site as you were not careful. Next option is to switch to a new hosting provider. The support form of every hosting provider will have at least few hundred threads on site's index pages being replaced. Hmmm no way out.
Very recently few of our company sites were affected with the same issue. I had a chance to go through the server log files. The log files clearly showed that someone from Turkey/Germany establishing an FTP connection to the server. He then uploads a index.htm page to the site. All the hacked sites showed the same log i.e. some one physically connecting to the site using FTP and uploading index.htm. So it was obvious that FTP password was compromised. We escaped further attacks by disabling FTP on our servers.
Now how do they steal the password?. There are lot of malicious sites when visited installs certain software automatically on our machine. These software will steal passwords including FTP passwords and will update the hawker’s database. The hacker’s intention is normally to redirect your visitors to his site , which he achieves by uploading his own index.htm file.
So next time your sites index page is replaced, accept that your FTP information is compromised and immediately change your sites FTP passwords. Don’t forget to delete the hacker’s index.htm file.
Labels: hacking, index replaced
