I just wonder how this can be possible, to any unauthorized person places a script without any notice it?
Is this not something to take up with the supplier of the we space, that they must review their security?
I know there are some who will find these questions stupid, but I can take it.
Hi Lars,
We feel fairly confident that we located the 'hole' that the miscreant used to modify the .php (and .htm) pages inserting the JavaScript to make the invisible <iframe> drive-by downloader. Logs checked this morning, and last modification by them was on 3/16 at about 4am and no successful modifications after that.
In general, there are two basic ways that hackers can penetrate your site:
1) through scripts on your website that don't have sufficient parameter checks, or
2) ftp or ssh/telnet access to the site through a compromised password
For the commonly available weather website scripts (including the ones offered on my site, the templates and plugins), they all have safe parameter handling, so offer no way in for miscreants. Older versions of HamWeather PHP did have a
vulnerability (3.9.8 .4 and below only) to allow script injection, so make sure your HAMweather is 3.9.8.5 + ). Even though this vulnerability was patched in Oct 200
6, I still see knocks at my door trying to see if I've been foolish enough to have an old version of HAMweather installed (I don't have it installed at all on my site). Likewise, folks who use older versions of content management systems like PHP-nuke, Joomla, Mambo (etc) should keep their maintenance up-to-date too.. older versions of those software products had some code injection vulerabilities too.
For (2), just make sure whatever system you surf the internet with has current antivirus AND (highly recommended) FireFox+NoScript plugin. It only takes a moment for an unprotected browser to grab a bit of malware, read your passwords (like to your ftp website), and steathly mail it off to the hacker who will use your website to spread his malware.
It's a hacker and kiddie-script jungle out there .. keep the defenses strong and layered so your internet experience can be without harm.
Best regards,
Ken