New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Web Design and Hosting Creating sites, scripting, and hosting discussions.

Site built using iWeb keeps getting infected


Post Reply New Thread Subscribe

 
Thread Tools
02believer

 
Member Since: Mar 26, 2010
Posts: 4
02believer is on a distinguished road

02believer is offline
I built a small site using iWeb and it had been great for about 2 years. But recently, the site keeps getting infected by some malware or virus. I have uploaded the site many times. Everytime I upload the site again, it would work for about a day and the same thing happens again. I contacted my host and they said, "there is a problem with the way your site has been coded. When sites are not coded properly hackers can infect it, this is called an "exploit". Our recomendation is you need to get your webdesigner designer to securly code this." I have no idea what he was talking about or if it is even true. Can someone please shed some light.
Thank you!
QUOTE Thanks
Raz0rEdge

 
Raz0rEdge's Avatar
 
Member Since: Jul 17, 2009
Location: MA
Posts: 7,506
Raz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant futureRaz0rEdge has a brilliant future
Mac Specs: 27" i7 iMac, 24" iMac, 13" Macbook Air, iPhone 5 & 5S, iPod Nano 7th Gen, iPad 2 16GB WiFi, iPad 3

Raz0rEdge is offline
Is your website mainly static (X)HTML code or does it involve dynamic code using JavaScript/PHP? If it's purely static, then ensure that your password to the site is very secure.

Also, if you're on a shared account, it's possible that the hackers have gotten into someone else's account and if the security at your webhost isn't proper, they could access your files from there..

Regards
QUOTE Thanks
02believer

 
Member Since: Mar 26, 2010
Posts: 4
02believer is on a distinguished road

02believer is offline
Thanks for your thoughts. I am a first time, novice WEB builder. That is why I used iWeb. My site is purely static.
I think you are absolutely right about the host not having their site properly secured because I can see other people's files who use the same host. i only use Cyberduck as my ftp software and I can go to the root directory of the host and see other people's sites and their files. i didn't think that would be possible, but it is. If I can see others, I am sure others can see mine and hence, infect or hack it. Time to change host, I think.
Thanks again,
Regards.
QUOTE Thanks
xstep

 
xstep's Avatar
 
Member Since: Jun 25, 2005
Location: On the road
Posts: 3,231
xstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to all
Mac Specs: 2011 MBP, i7, 16GB RAM, MBP 2.16Ghz Core Duo, 2GB ram, Dual 867Mhz MDD, 1.75GB ram, ATI 9800 Pro vid

xstep is offline
When you are viewing your site via Cyberduck, what permissions are you seeing and who is the owner of the files. The owner should be your login account on that host, and the permissions for static items should be 'rw-r--r--'. On folders you'll see 'rwxr-xr-x'.

Permissions listings have 9 columns. The first three are for the owner, the second three is for shared groups, and the last three are public. The 'r' means read, the 'w' means write, and the 'x' means execute.

If you have no scripts running on the host, then I think you hosting support person is pulling your leg that your code is the problem. For that to occur, there needs to be an 'in' to your site. A static site doesn't have that. For instance, iWeb does not create any server side scripts.

CameraTime - Time lapse photography for novice and advanced users.

When asking questions, post the version of your software. You'll receive better answers.

Please post your results to the thread as it is good feedback.
QUOTE Thanks
02believer

 
Member Since: Mar 26, 2010
Posts: 4
02believer is on a distinguished road

02believer is offline
I have drwxrwxrwx on my account. But the funning thing is I can actually see that there are 4 other accounts with this same authorisation. Whilst most of the other accounts (about 200 of them) have dr-xr-xr-x. But the fact that I can even go into the root directory and see all the files being hosted on the host says to me that this host is not that secure.
QUOTE Thanks
xstep

 
xstep's Avatar
 
Member Since: Jun 25, 2005
Location: On the road
Posts: 3,231
xstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to allxstep is a name known to all
Mac Specs: 2011 MBP, i7, 16GB RAM, MBP 2.16Ghz Core Duo, 2GB ram, Dual 867Mhz MDD, 1.75GB ram, ATI 9800 Pro vid

xstep is offline
I would tell the host that the permissions are wrong and ask them to fix them. If they don't, you might be able to fix them with Cyberduck via the Info command. The 'Apply changes recursively' option will apply you selection from the folder you are down the hierarchy. Do a test run on a lower level folder. You want to remove write permission from the 'group' and 'others'.

If this host doesn't want to fix the problem, then find a new host.

CameraTime - Time lapse photography for novice and advanced users.

When asking questions, post the version of your software. You'll receive better answers.

Please post your results to the thread as it is good feedback.
QUOTE Thanks
02believer

 
Member Since: Mar 26, 2010
Posts: 4
02believer is on a distinguished road

02believer is offline
Thanks xstep! I will get the permissions changed. Hopefully that would be the end of this problem.
QUOTE Thanks

Post Reply New Thread Subscribe


« Linking/imbedding a PDF into iWeb site | Some questions about iWeb themes »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
iWeb Site Problems. Mark4190 OS X - Apps and Games 0 09-02-2008 09:35 AM
I manage a site through WebDAV, can I make a page in iWeb? Is it only for MobileMe? MacBookMe! Internet, Networking, and Wireless 3 08-28-2008 01:34 PM
Iweb won't open site. Seastud Web Design and Hosting 2 08-17-2008 08:46 PM
Upload iWeb Site with Dreamweaver?! The Vindicat3d Web Design and Hosting 3 04-21-2008 04:43 PM
iWeb: music to play upon entering site Christopher Web Design and Hosting 2 03-21-2007 09:21 PM

All times are GMT -4. The time now is 05:01 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?