Thomas Fletcher (fletch31526) wrote,
Thomas Fletcher
fletch31526

  • Mood:
  • Music:

Man of Troy?

I run or host about a half-dozen Web sites in addition to JohnDoe.Org. Most of them are pretty static. The content doesn't require constant updates, so I make like Ron Popeil and "set 'em and forget 'em." This is a good thing because I'm a web designer who is stuck in the last decade. I use AOLPress (which they stopped updating a decade ago) for WYSIWYG design and WS_FTP95 for FTP. It's hard to keep things fresh when you're that archaic.

So, imagine my surprise when I got an e-mail from Google the other day that said, "We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com."

Malware? Warnings? Bah, humbug!

I went through, found the offending script that had been added to the HTML code of a million pages (or so it seemed), changed my password and uploaded script free versions of the page files. I don't operate a gigantic web space or anything -- but I'm knocking on 500mb and I'm just one guy with some software held together by duct tape.

Everything ran smoothly for a couple of days until Google knocked on my door again. Um, yeah. The unwanted visitors were back. It seems that even though I try to play it safe and use protection, I contracted myself an FTP trojan horse on our desktop. Once it obtained my password and played its game, I changed the password, it obtained it again and set up round two. For the record, this will ruin the holiday spirit faster than Cousin Eddie dumping his shit tank into your storm sewer.

I've since run an anti-malware program from Malwarebytes that picked up on things that Norton and McAfee overlooked. I guess the next step is to restore the web site. My host keeps a 14- or 21-day archive of the web site online, but I can't restore from any of those files because many of them are poisoned, too. So, it looks like I'll be going through folder by folder uploading from the desktop once I feel I'm safe on this end.

In the meantime, I've got a little birthday cash on hand. What does everyone recommend for modern web design and file transfer software? It's time I step into the 21st century.

ETA: JohnDoe.Org is on a separate account and appears to be perfectly healthy. By looking at the dates of the last updates over there, it seems abstinence really is the best policy.
Tags: public
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 2 comments