website/webserver problem

wijcc · 26 Jan 2010 at 14:01

I have server that is running Windows 2000 server. It has a software firewall, antivirus and anti-spyware software installed.
The server is running email server (Mdaemon) with worldclient/webmail, FTP server and IIS. So I have the relevant ports open on the firewall.
One of the websites that is hosted on the server is having problems, in that when users go to the website, it tries to download a file.
The website has been reported on the google safe browsing site: see the following link for the report.
http://safebrowsing.clients.google....=Firefox&hl=en-GB&site=http://www.fct.uk.com/

The website was created by someone else and not by myself.. so I need help/guidance on how to resolve this issue and how to stop this happening again.
Can any of you guys provide me with any help?
Thanks in advance

GravyMonster · 26 Jan 2010 at 14:16

It sounds like the site has had an injection attack which has placed malicious javascript into some pages which is then redirecting browsers to download a file on some dodgy server.

Does the site have some kind of CMS? If so I'd look through the database to check for <script> tags.

Just checked your site and the home page has been injected on line 753 of it's source.

wijcc · 26 Jan 2010 at 14:28

CMS.. what do you mean by that?
The site contains javascript and some asp...
So resolve this, do i find the affected/injected line and delete it. Also how can i go about to stop this happening again?

daz · 26 Jan 2010 at 14:39

Check the last modified date time on the files in question - then see if there are any corresponding entries in the FTP logs.

It is likely someone has your FTP details, and they were sniffed either by some kind of a trojan, or on an insecure connection.

wijcc · 26 Jan 2010 at 15:24

cool thanks, will look into those