Results 1 to 3 of 3

Thread: Urgent notice for all Spry Shared Hosting customers

  1. #1
    Forum Administrator Power Poster Lyle@Spry's Avatar
    Join Date
    May 2005
    Posts
    455

    Default Urgent notice for all Spry Shared Hosting customers

    Recently several of our shared hosting customers sites have been defaced. (A snippet of javascript is being appended to their index.html/index.php files above the closing </body></html> tags.)

    Our administrators have determined that these files are being modified via FTP login as the sites administrators. We urge all shared hosting customers to log in to their control panel at https://<domain name>:2083 and change their password immediately. Use the "Change Password" icon under "Site Management Tools".

    If you have created additional FTP accounts (for your webmaster/users/etc) these should also be changed immediately. Site Management Tools / FTP Manager / FTP Accounts

  2. #2
    Forum Administrator Power Poster Lyle@Spry's Avatar
    Join Date
    May 2005
    Posts
    455

    Default What does the code do?

    Since we have been asked no less than 10 times what this "javascript snippet" does, here is what we can make of it:

    It uses the javascript 'unescape' function to "decrypt" a string of escaped javascript code. That decrypted javascript code tells the browser to stop loading the main page, and load another site in an iframe over the current page.

  3. #3
    Junior Member Newbie
    Join Date
    Nov 2007
    Posts
    1

    Default

    yes passwords changed. My site is just plain old HTML. I did find some altered files and replaced them. I threw out all of the FrontPage stuff that was pre-installed when I signed up. Is there anything else I can do? Without giving away any secrets, do you think you have an understanding of how they did it and how to stop it? Thanks...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •