Personal Web Site Hacked On Ovh.com, Code Added In Html

My friend has a web site on ovh.com.Since a couple of days, the site is flagged as dangerous by google. I had a look in the files (the site only contains only html, css, pjg) and i

Solution 1:

This likely isn't a hack in the terms that you're thinking of. Shared hosting isn't usually the problem....and it's unlikely that someone guessed your password. Not knowing details, I'd bet that somewhere on the account you have a piece of open source software such as Joomla, phpBB, Wordpress, or similar. I'd also bet that this piece of software has not been updated in a while.

This is fairly common. Hackers find vulnerable scripts and crawl the web "sniffing" for particular versions of code that they can use to gain access to your site. Several jobs ago, a russian porn operation got into my company's website via a rogue install of phpBB that an employee has snuck on the server. Via this vulnerable code, they injected thousands of files and even gained access to the database by creating a new "superadmin" with all privileges. Needless to say, it was a mess to clean up. A similar issue happened to an account that I used for testing purposes: an old version of Joomla allowed the user to script inject gibberish-looking javascript that attempted to install a virus via the user's browser, and also caused the error screen your describing in Chrome. My current company's production site sees hundreds of attempts to exploit phpMyAdmin each day in the logs, which is why we've stopped using it.

So, now what? First, take your site down for a bit to protect others....take the opportunity to change db and ftp passwords. Second, analyze what's out there....blast any unused code, update open-source scripts. Make sure software passwords aren't left in the default state, because the hackers know them (ever wonder how most WiFi is hacked?) Then, the not-so-fun part....dig through pages to clean up injected code. Find and replace or GREP can help speed this part....but be careful to get it all out or they might have a way to get back in. In the case of my personal site, it took 2 go-arounds to completely get the site locked down and cleaned up. The good news here is that most of these attacks are automated, so the injected code is pretty obvious and almost always in the same location and using the similar syntax from page to page. Also, be aware that some of these attacks host files on your server, so scrutinize files to make sure they're legit.

Finally, analyze your own code to see if you've left any holes. Login scripts, fwrites, and even queries can be targets for injection. Be careful what you open yourself up to.

Solution 2:

1. Are you using a shared hosting? Your provider did not consider enough measures that customers do not have access to other's account.
2. Is your password easy to guess?
3. Any change in .htaccess will not help