Script susceptibility to MalWare

Author: Jk D.

Visited 1347, Followers 1, Shared 0

Tags: iframe,malware,src=,x5engine

G'day I have been using websitex5 content management software for the last few years to create and manage our website. All and all it seemed and was a good solution. From October 2012 we have been blocked by Google Chrome on three separate occasions, after they have discovered injected redirects (usually in java or PHP script files) to sites that then add their own malware. I am finding it difficult to understand: Where and how does the code get injected: --on the webserver (Westnet)? OR --- the computer which updates the webserver (was not even online when the site was last infected). --Westnet has finally admitted a number of client with the same issues. At the moment the information I am hearing is that the areas of weakness are FTP access, older versions of the software and vulnerabilities in scripts in general.... In websiteX5 are there any ways to reduce vulnerabilities and/or rapidly detect when script file have been modified or replaced? For example a tool which can scan PHP and js files for redirects. Do you know of any? Thanks in advance for any insights or advice.

Posted on the 03/06/2013 09:15:06

3 ANSWERS

Samuel V.

User

Hello,

To prevent my own hosting space to be infected I do :

use a long, hard to find, password
check my files and folders properties (CHMOD)
use captcha

If your host allows SFTP or better SSHFTP, use it too.
As far I know, WebSite X5 allows to republish the entire web site from part 5 - Export. This could be a solution too as it will replace all eventually infected files. But it could be long if you have large web sites.
Hope this can help

Posted on the 03/06/2013 14:53:03 from Samuel V.

Jk D.

User
Author

Hi,

Thanks for the prompt feedback. I have requested the FTP login history from the service provider to see if I can see anything anomalous. I will check re SFTP or SSHFTP as well. I am also looking at FTP access to the site be normally disabled and only enabled on verbal request and verification. The file permissions should be OK...but if access to the site is gained via FTP then permissions would not really matter?

PS: I was also wondering whether it would be possbile to build in a 2nd level confirmation for changes. For example a verification email sent confirming the changes would be allowed.

Posted on the 03/07/2013 02:27:26 from Jk D.

Claudio D.

Incomedia

Hello,

If the access is gained via FTP it will have all privileges. It's important to use a difficult password and to change it sometimes.

The security to changes on the server has to be offered by the hosting provider because WebSite X5 generates only the HTML files and uploads them.

Many thanks!

Posted on the 03/08/2013 08:43:44 from Claudio D.