Ahh right .. OK, well, I do

DarkLight — Thu, 10 May 2012 21:12:35 +0000

Ahh right .. OK, well, I do use WiFi, but its private and secured.
I do use my main cPanel login for FTP, so next time I use my client, I'm gonna check out the options. I just assumed the client would use the best option for me automatically...

I've been spending all my time trying to secure my PHP Files, it never occured to me that my FTP Client could be causing security holes...

Thanks for the info, seems I'm not as clued up as I liked to think I was...

If you are using the main

Greg K — Thu, 10 May 2012 18:45:26 +0000

If you are using the main account login (the one you use for your cpanel login) you should be able to do SFTP. If you are using a secondary FTP account (one that was created once logged into cpanel), then the best you can do is "FTP with TLS/SSL" (there are usually two options, I forget which one worked with my cpanel accounts.

Normal FTP programs sent the password as plain text when logging in, so you definitely do not want to use regular FTP over public Wifi, as it can be sniffed, and at that point, it doesn't matter how strong of a password you use.

Hopefully though you won't have any more issues. I know they can be a pain in the but to track down. Good luck!

-Greg

Ahh, I see :/ I guess I got a

DarkLight — Thu, 10 May 2012 11:40:42 +0000

Ahh, I see :/ I guess I got a lot of work to do then. I have already looked through the files, and everything is clean and as it should be. I already have almost all known security measures in place.

sFTP? I'm guessing thats SecureFTP? Requires HTTPS/SSL? I don't have that, but I do have strong passwords for FTP Accounts and cPanel.

The team who hacked me are called DefCon, of that means anything, and as far as I can see, they havent done anything malicious, just uploaded a file.

One thing I didnt do, is check the logs. If this happens again, I will be sure to do that. Its maybe too late now.

Thanks for the info, really appreciated!

It would really depend on

Greg K — Thu, 10 May 2012 07:26:54 +0000

It would really depend on what type of site you have hosted, as well as what type of hosting environment.

I do see you are using cPanel, which generally locks down accounts pretty good to prevent the issue of one user being able to write into another user.

If it was my server or one I was maintaining, I would be checking the log files for the time period the the file was added, as well as log files for things such as FTP.

Good practice would be to make sure you change the passwords ASAP to something strong, and never use regular FTP for transferring files, use SFTP instead.

Also now that you have been hacked, go check EVERY FILE on the site. Myself I would look through the code of every file that was modified within a month of when you know that the site was hacked. Many times hackers will hide a hack script somewhere deep into a directory, naming it similar to something already there. With a script like that in place, they can pretty much do what they want with your site just from a browser window.

-Greg