Gizmo's Freeware Forum

Gizmo's Freeware Forum (
-   Website Design, Support and Maintenance (
-   -   My Website may have been hijacked (

wdhpr 16. Aug 2011 04:04 AM

My Website may have been hijacked
I just checked out my lowly website and I checked a link I have to when I clicked on it it first went to and then it then went to domains.googlesyndication[DOT][COM]
With a red wot rating. I keep a clean backup of all my website files so I used Fire FTP and over wrote all file and directories. I then rechecked my site and all is well again. My question Is how this may have happened and how can I prevent it from happening again.

I have my sight locked and just changed my password last year.

Thanks in advance

Ritho 16. Aug 2011 06:30 AM

Is your site just simple html, or are you running a software platform like a blog, a cms, or something? In a shared server situation, much of the security is usually the responsibility of your webhost. But the locking down of permissions on file and folder access and upgrading any software is your responsibility. Disabling things like directory browsing, and customizing your .htaccess file for your particular situation are places to start.

It also does not hurt to scan you site for malware on a regular basis. Currently I have been using Qualy's free malware scanning service. I don't know if it will remain free after it leaves beta or not ,but I have been using it for over a year now.

They have another free service as well to scan the server your site runs on for vulnerbilities. If it has any you can alert your host to them.

wdhpr 16. Aug 2011 11:17 PM

Thanks Ritho
My site is a simple html type. My domain server is through GoDaddy. I'll take you up on your suggestions and I will also check out your Qualy's malware scanner. I have also changed my password, thing is It surprised me someone would bother hijacking a website like mine. Go figure. :(

Ritho 17. Aug 2011 06:24 AM

[QUOTE=wdhpr;58110 ... thing is It surprised me someone would bother hijacking a website like mine. Go figure. :([/QUOTE]
Actually a person may have never even been involved. Infected servers may scan for other servers or websites that have certain vulnerabilities, and infect them automatically. Not really so different from how many infections may get on PCs.

wdhpr 17. Aug 2011 10:49 PM

Speak of the devil
Just received this e-mail today:

Earlier this week, the Go Daddy Information Security Team detected suspicious activity within our hosting environment. The investigation concluded someone was targeting customers' hashed FTP (Web hosting) credentials. The activity was stopped and we continue to monitor the situation.

Your Web hosting account for was NOT impacted. (R U SURE?)
As a precaution, however, we have reset your FTP password.

If you use a content management system to manage your content, no further action is required.

If you do use FTP to manage your website, you will need to change your password before reconnecting. For instructions on how to change your FTP password, see our article, Resetting Your Hosting Account Password (FTP Password). (Beat you to it)

If you have any questions, please call our live, 24/7 customer support at 480-505-8877.


Go Daddy Security Team

What timing :rolleyes:

All times are GMT +1. The time now is 07:35 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.