No, Andrew, and team, I'm not infering this at all, however there are certain individuals in the community who would assert this, and stand firm that boonex employees who were given ftp access to their server, are the cause for their site being compromised.
well i would attribute this to an end-user error. i have done just a touch of research on this iframe hack to see what was being said about it since last time i had to actually deal with it. found some interesting stuff. there are some basic guidelines that will help protect you.
just another pointer, if you need help from somebody, tis best to create the ftp user account and password for them. now what i do and it may not even make two fat rat asses, but i never transport usernames and/or passwords across smtp, not really paranoid, just know its not secure, so choose not to do it. so i implemented a technique some time ago in that use notepad or some other editor, type the uname/pword, and take a screenshot. i crop that screenshot, name it some inconspicuous file name as an image, and i send the image. dont know 100% if that makes an actual difference but it works for me.
if you must transport your uname/pword, i would suggest sending it as an image file, less likely to be intercepted and way less likely that you become a victim.
quit accusing people, get a grip, know what you are doing on the internet, understand protocols and functionalities, both w32 and linux kernel if you are on those environments before you take blame and finger pointing at somebody who had the full intent to do nothing more than to help.
im just gonna try to add some information here for the obliquely misinformed. boonex didnt hack your site, didnt necessarily contribute to your site being hacked, and most likely you allowed it yourself in most cases.
If you are using an unsecured FTP client, you are in danger of exposing your passwords to hackers because the passwords are passed between your FTP client and your website in plain text. Use a program like WinSCP, or a FTP client that allows you to connect to your site using SFTP, SCP. Both of these methods encrypt your user name and password, making it much more difficult for a hacker to discover them, even if they intercept them with some sort of packet sniffer.
Lock her down!
so as you can see here, it has nothing to do with MALWARE being on your computer to start.
How it works:
Hackers are likely relying on an automated tool to do the dirty work, the hackers add IFrame code to the saved search results on the sites. The next visitor that uses the search tool is then redirected to another Web site by the IFrame code. The second site in turn puts up a message telling the user that a new codec (coder/decoder) needs to be installed. Accepting the codec takes the user to still another site, which actually hosts the malware — a new variant of the Zlob Trojan horse — and installs it on the victim’s PC.
Since i would presume that this word-press site, which anybody who has been around the internet and utilizing open source applications for any period of time has most likely used a WP site, so do you think the owner of that site gave his password to boonex, and boonex had their site infected as well. doubtful.
WordPress Users Beware of IFrame Hack
Posted 04.15.2009 by Frank J in Internet, Security,
source:http://www.techjaws.com/wordpress-users-beware-of-iframe-hack/
Hackers continue to subvert hundreds of thousands of Web pages with IFrame redirects that send unwary users to malware-spewing sites. It was apparently reported that these IFrame redirects have slowed, but they’re still occurring at an alarming rate. A friend of mine, who owns the blog called YourSEOSucks, was recently exposed to the IFrame hack using WordPress 2.7.1.
Sticky: Solution For Iframe Java Script Hack
How does this hacking takes place:
This hacking does not takes place by any PHP application vulnerability nor any kernel bug nor apache bug nor cpanel or Plesk bug. Those accounts files are affected whose FTP logins are leaked.
Beleive me, I am reasearching behind this iframe and java script hack from last 10 months.
ONLY THOSE ACCOUNTS ARE HACKED WHOSE FTP LOGIN DETAILS ARE LEAKED AND ARE WITH HACKER !!!!
How it's done
This is a sophisticated operation, and the infection cycle is involved, but basically, the hacker(s) are setting up innocent looking sites (or using previously hacked sites where the owner is usually unaware of being compromised) and loading them with expensive hacking tools like Mpack. When someone visits that site, their browser is detected and attacked (browsers affected are IE, firefox and opera). The visitor is unaware that they may have a keylogger that sends the persons passwords ect to the hacker(s) and moves on. If the innocent visitor has an ftp or root password for any internet sites, the hackers use a program that goes to the persons site(s) and instantly adds the hidden iframe to every index type page. This is why there seems to be no indication that the site has been compromised, as the hackers already have the ftp or root passwords to login. And since they have at least your account ftp pass, whatever permissions your folders and files are set to make no difference.
After they put the iframe code into that person's pages, anyone visiting that site will be redirected to the hackers infection site, where the person's computer will be injected and infected. The hackers are depending on site owners not knowing their sites have been hacked so that the number of hacked sites will grow (as they have starting in Italy) into the tens of thousands... Please don't think you can depend solely on your antivirus software to protect your computer. It more than likely won't help you. For $1000 dollars, the russian hacking bulletin boards are offering Mpack with 1 year support and a GUARANTEE that virus programs will not catch the keyloggers. SO, keep your virus program updated, but don't depend on it completely!
This way this hack is spreading fastly from one computer to another broadcasting the passwords to hackers.During my research in this, I even found some of the password files collected by the hack on some of the hacked server, where they pass this password file to thier tool to add the code. In some cases Google bots picks this files and you can even find the login details of FTP accounts and Server root login details in google.
===============================================
Solution:
===============================================
For Server Administrators:
If you are having this problem server wide then the only possibility is your root password is used for this. Just change the password and this HACK WILL STOP
For individual person owning just a domain and not server:
If you are facing this problem and your administrator says its only your account, just change the FTP password and it will stop
You must have removed the code many times and it comes again, why ???
As you dont change the FTP password. So change that first.
Just changing password is not complete solution but is the first step.
Whats next, your password is leaked that means your computer is sending out the passwords, so I would suggest you to do a clean format first and then install any antivirus of spyware which you think could block it. But the best solution is to clean format the computer.
Just do the two things:
1) Change the FTP or root password of server
2) Clean format the PC
and take care in future, you dont visit any lof the virsu links made by this hack.
Also to keep your password secure I would suggest you to use any password manager software like:
http://keepass.info/
This is a FREE OpenSource Software
I can assure you this is confirmed solution and will definitely help you all.
Please try it and also when you are confirmed, please spread this message in as many forums as you can so that others also come to know how to stop it.
so as you can all read and this just in case you were wondering is a reliable dependable source:
Source:http://forums.cpanel.net/f7/solution-iframe-java-script-hack-78595.html
houston you are correct, i just want it to be understood this had nothing to do with boonex or dolphin. has nothing to necessarily do with sharing your password at all. if you are on a shared hosting environment, this can be accomplished. if your password for FTP is not encrypted, you can be compromised.
i hope this clears up the air so that we all have some sort of understanding.
the iframe hack has been around for ages that i am aware of, and its a rather common exploit on sites, they have changed their methodology to some degree, but basically you can rest assured it has nothing to do with being incompetent, its more to do with unknowing, that makes those who have been torched victims.
Regards,
DosDawg
sorry for the (-) mouse slipped over on me. my sincere apologies.
Regards,
DosDawg
Regards,
DosDawg
'
Regards,
DosDawg
Regards,
DosDawg
I just had a feeling that the people who were silly enough to think Boonex was conspiring against them weren't avid readers.
I will have to agree with confusion on this. The cybercriminals have many, many ways of getting into your website.
Honestly, you can't tell without some good forensics, if they got in via keylogged ftp account, php vuln, sql injection, file inclusion, etc. Many successful attacks are based on software vulnerabilities (as stated earlier by confusion).
The point is, you need to be aware of security for your see more
has absolutely n-o-t-h-i-n-g with s-h-a-r-i-n-g anything. i think there were even a few who mentioned they have never shared their password with anybody. im gonna go read your post again, will not comment on it at this see more
listen cal, as written, this was an assertion, that boonex staff had some part in having your site compromised. you continued to brow beat that this is directly related to the "sharing of a password" and that is not the case, yes it could be a factor, but not the see more
I am a Microsoft guy who knows a little linux. I setup Dolphin on opensuse. I followed the directions on the installation manual down to the T. It works. But my question is, what steps would you suggest I should take in order to secure the server itself?
Other than strong passwords of course, are there permissions I should modify for the dolphin directory so that a hacker cannot gain access and edit webpages (add code)?
I am see more
just wondering how if the site is for profit, i would have anything to do with that, i can put up the website, cannot make the website make you money.
with banner advertising and Adword type advertising down the sides of the pages in the website.
this was explained to you in detail regarding the adverts and see more