Dozens of pop-up ads covering a desktop.
Image via Wikipedia

It’s not very often we give our clients FTP access to their websites, this is for many reasons, but in most cases it’s because they don’t really need them. Of course, there are a few that insist on having access to their server via FTP for many reasons.

Recently, we’ve seen a huge increase in the number of clients websites that appear to have been hacked. After much research, it turned out that our clients PC‘s had been infected with the Gumblar virus (or similar).

Basically what this virus does is steal the FTP passwords from your local FTP client then uses them to connect to your hosting account and edits all the php, html and even javascript files on your server. This is an absolute nightmare scenario as most people tend to only notice this when they get a message from their browser or a pop-up window. If you’ve a small website, removal of the virus from your website is pretty straight forward, but if you’ve thousands of files, all I can say is “God Love You”.

So what do you do if you think your website has been infected with this virus?

The first thing to do is change the FTP password on your web hosting account (preferably on a clean PC),  then try to establish what PC has been infected and clean it. There are many free anti-virus tools available for doing this – my preference is Zonealarm Free anti virus.

In an ideal world, I would suggest you didn’t store your FTP passwords in your FTP client at all – but I know in a lot of cases, it’s just easier and quicker to do so.

Be Sociable, Share!