My site was hacked! Invisible iframe to Chinese malware site

In business, china seo, websites by Michael Michelini8 Comments

Ouch, what a way to end a week. Late last night talking to Andrew at New York Bar Store and then he tells me about a phone call he got from a customer saying there was some spam on our site, newyorkbarstore.com. Then I take a look, view source, and a HIDDEN iframe inserted on the footer of the majority of the pages in the site! WTF!!!
=============================
HACK CODE BELOW
iframe src http://greatshopfilm . cn:8080/index.php width=184 height=158 style=”visibility: hidden” iframe
============================

I quickly start to re-upload a backup of the site I have in my computer, as it was before this hacker code was inserted on the page. Then I see its FLAGGED ON google results. Luckily the rankings have not been affected, but as you can see below – THERE IS A WARNING on the top of the page that my site may be have harmful viruses! I can only imagine that this is going to do to my site traffic…..

I have fixed the problem, and resubmitted to Google Webmaster tools, lets see how long this takes to be removed from the google results…I’m told from 1 friend this happened to him before, and it took 2 – 3 days!

Also, I’m doing a virus scan on my computer right now, and it found a trojan virus in my TENCENT QQ instant messenger files. Must have been downloaded in a chatlog. This business of hacking has been picking up, I’ve been hearing and reading that blackhat SEO people are hacking sites, pumping them with malicious codes to benefit themselves (not exactly sure though)

Is this in response to the tough economy, and people finding ways to earn cash the evil way….sad….

webpage hacked error message
google warningeven warnings in google search results (SERP)

I also hope none of my website visitors on newyorkbarstore.com were affected. The internet can be a scary place. I understand google and the search engines have to protect their users, its just horrible this scumbags can hack my site and place this malicious code there.

Keep on.

Related Posts

8
Leave a Reply

avatar
6 Comment threads
2 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
  Subscribe  
newest oldest
Notify of
Thomas J. Raef
Guest

We’ve been seeing a huge increase in the number of people having their websites “hacked”. One of the most common ways right now is by infecting a PC then “sniffing” for FTP traffic. Think about it. How many people have websites these days? It seems like everyone. So why not infect PCs then wait for when they upload to a website through a protocol that sends everything in plain text? You see, FTP does not encrypt it’s traffic. We created a YouTube video on how insecure FTP is: http://www.youtube.com/watch?v=oYI1kssrrbc We’ve been recommending a couple of things. First, use AVG or… Read more »

Alan
Guest
Alan

Thanks for the advice, my site has been hacked three times in one month, I have followed all what the service provider said to follow and it still happened. What they never told me is what you mention above. I use a Mac so will have to search for some catchers for OS X.. Have been using Nortons, but from what I read its not worth it. Thanks again.

vijay
Guest
vijay

Thank for the Great Feedback. I was suffering with the malware for our client’s website. These malwares cause lot of problem for the website.
We need to thoroughly clean the malware before loading to the server. Otherwise the malware scripts getting loaded every time after we upload our back up files into the server.

Matthias-Müller
Guest
Matthias-Müller

Damn, that sound’s so easy if you think about it.

Will
Guest
Will

SSH and SCP are the way to go for remote communications unless you can VPN in. SCP is a powerful command line tool, and there are some graphical versions out there as well I’m sure. Also, enforcing strong passwords is a good idea. If your server isn’t secure, a strong password doesn’t matter though…

andrew
Guest
andrew

What tough economy? There is no economic crisis in China. 🙂