Just got off the phone with Hostrocket (excellent customer support btw, rivals CC if that's possible)after getting a blank page when I went to my website. They informed me that my site had been hacked, probably when I uploaded via FTP and was full of malicious software. Ugh.

I'm as certain as one can be that my computer is safe, run Norton scans 3 times a week, manually run OneLive and Ad-Aware every 2-3 weks, and Hostrocket said they didn't think it was on my end.

I searched these forums and see VSD doesn't support sFTP, which I'm told is more secure and according to them preferable, and I'm wondering what I can do to keep this from happening again? Or maybe someone has other insights?

Thanks in advance.

Bill

So what is it you're saying here William? I'm very very sure there isn't anything malicious in any of CC's software or the files it creates. Many of us have used many of th programs for years without any issues at all so it's highly unlikely that something was uploaded "from" the files of a CC program such as VSD. The only thing that it could be is that you have something corrupt or infected on your computer that is inside some of the files of your website that you are uploading that is getting uploaded with VSD, or that you included into your web site pages something that was infected and it infected your VSD .vnu file. I can't see any other way anything could be uploaded using VSD or any of the other programs FTP setups.

Also, have you tried reuploading the website? Maybe it was just a bad upload and your hosting service is mistaking it for a hack too. Sometimes some of them hosting services are too quick to count it as a hack and get us all riled up and panicked when in the end it was just a bad upload or a bad file that got corrupt during upload etc. Lots of variables come into play here that could look like a hack.

There's no malicious software here at CC and your host saying that is really "not" good support. They shouldn't just "assume" about software etc. and definitely shouldn't "say" something like that without proof. That's a very rude thing to do to their customers and to the software company(ies) they are obviously trying to blame.

Reupload it, see if that works since I don't see here that you tried that. And do keep in mind that all the scanning in the world doesn't catch every single infection that can happen lol. Trust me, and millions of others that use multiple programs just like you do, something can easily slip through. As I said, a lot of variables come into play here on what it "could" be that happened, but trying to put blame somewhere without first investigating the issue is not cool, nor does it solve your problem.

That is really strange. I agree with Jo Ann. Did you maybe use some outside scripts or files that you plugged into your website? If so that might be your source.

You should not get hacked from using CC software. FTP process is only going to upload what you build and tell it to. So if your using some outside script, maybe it has to do with that?

I tend to think there proably was a glitch when you uploaded your files and the main index file did not show up, produced a blank page.

If I remember correctly VSD does create two .php files that get uploaded to your server, and it helps with keeping your server and files straight when you make changes and such. It's been a while since I actually looked at the files. But they are not malicious.

Are you uploading via ftp with a ftp account (like myname@mywebsite.com and password) or are you actually using server cpanel access username and password. Because maybe the ftp account assigned to you is not putting the files in the correct part of the server that the domain name is pointing too. Had that happen once.

The other problem might be that someone got a hold of your server access information and uploaded something else.

I pray that your server access did not get hacked by someone and they did the damage, if there is indeed damage.

I think the next steps I would do is this:

1. Ask your server company what the name of the files are that have malicious code? See what they say. If they give you names that are like this format: db.vsd_????_backup.php or db.vsd_???.php then they are suppose to be there. The ??? I think are the name you give your vsd file.

2. If you have a control panel access to the server, log in and see where exactly the files went to and if they are in the correct directory.

3. If the VSD is loading into the correct directory, then I just reload everything again and see what happened.

I hope that helps, and please post back in here what you find out. We all be curious to know how it turns out.

Kim

Easy there killer You might want to reread my post, I think you're jumping down the wrong throat

I am not pointing any fingers or blaming anyone, accept a possible hacker and I did not say anything negative about CC or that CC was in any way responsible for my problem. I don't believe I implied anything like that, however I am sorry if you read my post that way. You have all been awesome - I love and trust the software and appreciate the awesome support. I thought it responsible to let you know what happened and that I should ask the experts to see if I had made any mistakes or needed corrections in how I'm using VSD. Friends again?

Again, I'm just trying to share information here so that I might learn something or perhaps be of use to someone else.

FYI - I had Hostrocket clean out everything related to my site on their end and had uploaded a fresh/clean copy prior to posting here. Everything works fine, as it always has up until recently.

Hostrocket suggested that someone may have been, I hope I say this correctly, scanning/piggybacking/intercepting and adding onto, whatever link is created between my computer and their hosting service when I upload my site. That's the FTP connection I assume. They suggested that someone may have hacked my FTP upload. I don't know if they hacked my username and password or what, but I'm assuming that's what they did, and then uploaded bad content. This may or may not be the case - I am in no way a computer expert, just an end user trying to learn.

They suggested I use a sFTP connection as that was higher security. I see from reading the forums that VSD doesn't support that at this time, that's fine, I'm just relating what I've been told. If anyone has any suggestions or thoughts to share I'd appreciate it.

And while it is always possible that my computer is infected, however unlikely it may seem, I have certainly done all I know of to keep it virus clean. I have been building my own computers for the past 10 years and have never had a virus. of course not that I've said that I'll probably get creamed tomorrow

Thanks for responding Kim. I believe I've answered some of your questions in my response to JoAnn.

When I first contacted Hostrocket and asked the Tech to look at my site he said "whoa - just got a security alert" then he went in and looked at the content and said there were serveal malicious files there. I didn't ask him for their names, I just asked him to clean out everything in the public_html folder and he did.

I am uploading to my site with username and password, so it myst be cpanel. The FTP server info shows as WilliamAllenDesigns.com - no name in front of that. And it's always worked fine and did so this morning when I uploaded my fresh site.

Thanks again for the posts.

Oh, and I am using no scripts, that's beyond me. Justusing VSD and Photo Gallery for a flash.

Hiya William,

It's not really you that I am upset with on this, it's your hosting service that I feel is being very tacky about how they are handling this. They told you software, you talked about ftping through VSD and yes I assumed that you meant it was coming from VSD. That is apparently not what you meant and that's good lol.

I would make a huge suggestion here though, change your id and password, at the very least your password for your ftp connection. If you're at any risk at all of it being a hacker, I would suggest you not only change the password of your main account, but create a new one and use that one so if you're hacked again (if the hack was on the account of course) they won't be getting your main server account info.

Other than that, it sounds like it's back working right? I too would be 'very' curious to know what files they said were infected etc. As I said, I'm sure it didn't come from VSD, but it's possible someone intercepted your transfer I suppose, can't hurt to be cautious at this point until you know what actually happened. Do keep your hosting company checking it to give you the real scoop on what was wrong. If you don't, they will most likely treat it as "well we wiped it all out so it's all good now" and you could very well end up repeating the process because whatever it was wasn't fixed or addressed.

Good luck on it either way.

Glad to hear that it went well and that your site is now intact.

If it was me I think I would go in the cpanel and change the password. Just as an added measure of security. Strange things do happen with computers. I think I would do it myself and not have the server company do it, because they probably send you the new one via email. Nothing in my opinion is safe in emails.. But then I can be a bit paranoid. haa haa

Never hurts to be extra careful.

Post your website sometime, I am sure we all love to see your handy work using VSD and the gallery.

Kim

Haa haa - while I was typing Jo Ann was suggesting the same thing (change password). I must be slow to the draw.... haaa haa

Bill, there is a possibility that your computer might have been scanned for any info that you keep on that system. Please be extra careful if there is info about your company and any financials that could be stored on that system. Sometimes something like this just tests the system and the big hit is still on it's way

I have an acquaintance that was hacked and banking big $$$$$, client records and other biz data was stolen and big losses happened and she still has no idea how it happened. Sometimes this is just the tip of the iceberg and other more crucial info might be at risk.

This may seem over the top but someone got into something, somehow, hopefully just a idiot but maybe not.
Be safe Wyndham

Don't believe everything your host tells you. Sure a script can be malicious after being hacked and malicious code inserted into it.

I did a site for a friend who found what he thought was a wonderful hosting deal with a pretty well known web host. Well, his site and all the php files were hacked with malicious code. The hosting Company kept blaming the scripts. After several times of playing the cleanup the web directory game, I finally persuaded him to change over to another well known host. Guess what? The hacking stopped immediately.

So it wasn't the poorly written scripts that left the site vulnerable, it was the poorly implemented shared hosting server and their lack of security. Of course they will never admit it.