Another website I manage, bringseanhome.org, was seriously hacked in February. It took me weeks of work to get back control and make sure it was clean.
Ever wonder what a "Trojan" looks like? Here is an image of two different types. The larger one was an "injection" (hack) into the MySQL database which runs the Simple Machines Forums software and the main site which is on a CMS platform. It only was attached to only +/-50 very important PHP files.
- Belarus or
- Germany or
- India or
- Russia or
- Pakistan or
I think the scumbag is a Russian.
Of these two Trojans the first one was the most "evil," if I deleted an infected file, within seconds it would reappear! It took me days to track down and kill the "Queen" file which was hiding in a sub-directory, guarding her flock of infected files.
The most interesting thing is that no matter which scanning service I used, Google Webmaster Tools, and a few others, plus a software package on my PC called Beyond Compare, none of the infected files were flagged. This proved to me that although "automation" by software is great it's like the old adage that you need "Boots on the Ground" to win a war. In this war, replace boots with a Pair of Eyes, opening and skimming the code in thousands of files!
Before anyone asks, this site uses vBulletin Forums software which costs $$$$$$ while Simple Machines Forums software is free. You get what you pay for. On the plus side this attack taught me an important lesson, no matter how secure we may think our websites, networks and PC's may be the bastards are constantly attacking.