Posts Tagged Security

Gumblar virus on the rise – protect yourself

Dozens of pop-up ads covering a desktop.
Image via Wikipedia

It’s not very often we give our clients FTP access to their websites, this is for many reasons, but in most cases it’s because they don’t really need them. Of course, there are a few that insist on having access to their server via FTP for many reasons.

Recently, we’ve seen a huge increase in the number of clients websites that appear to have been hacked. After much research, it turned out that our clients PC‘s had been infected with the Gumblar virus (or similar).

Basically what this virus does is steal the FTP passwords from your local FTP client then uses them to connect to your hosting account and edits all the php, html and even javascript files on your server. This is an absolute nightmare scenario as most people tend to only notice this when they get a message from their browser or a pop-up window. If you’ve a small website, removal of the virus from your website is pretty straight forward, but if you’ve thousands of files, all I can say is “God Love You”.

So what do you do if you think your website has been infected with this virus?

The first thing to do is change the FTP password on your web hosting account (preferably on a clean PC),  then try to establish what PC has been infected and clean it. There are many free anti-virus tools available for doing this – my preference is Zonealarm Free anti virus.

In an ideal world, I would suggest you didn’t store your FTP passwords in your FTP client at all – but I know in a lot of cases, it’s just easier and quicker to do so.

Tags: , , , ,

2 Comments

Typo3.org website accessed by unauthorised person! Change your passwords!

TYPO3

Image via Wikipedia

Hot off the press, I just got an email in from Typo3.org stating that their website has been accessed by an unauthorised person.

The unauthorised person had access to all the username and passwords of those that have an account with the Typo3.org website. Apparently this person has passed on this info to third parties and has also been gaining access to websites who stupidly use the same password.

So if you use the same password for everything and have an account at Typo3.org – I suggest you quickly change your password!

The full script of the email goes like this:

This is an important security warning. You are receiving it because your email address is registered on the TYPO3.org website.

We have to inform you that an unauthorized person has gained administrative access to the TYPO3.org website.

The offender had access to website user details including their passwords, and there have been reports of this data being used to access other websites.
It also has to be expected that the data may have been disclosed to third parties.

The attacker has been identified, and the TYPO3 Association has started to take legal action on the issue.

Important!
IF YOU HAVE USED THE SAME PASSWORD ON ANY OTHER SITE, PLEASE CHANGE IT IMMEDIATELY!

In a first step, all login accounts on TYPO3.org have been locked and will require a new password. We are currently working on an improved login procedure and will let you know when this is ready. Until then, you will not be able to log into the Community section of TYPO3.org.

We have set up an FAQ page at http://typo3.org/about/faq/t3org-issue/
The page may be updated with new questions from time to time, so make sure to check back before replying to this mail.

We apologize for the inconveniences and troubles that this might cause to you.

Tags: , , , , ,

No Comments