Back

FTP Exploits and Account Hacks

23 April 2009

34SP.com Staff

Over the last 48 hours we have noticed an increased number of attacks against hosting accounts. The attacks take the form of exploiting the FTP server to upload malicious content to accounts. The present attack we are seeing uploads files (htaccess) used to redirect incoming search engine visitors to spam sites.

In light of this current uptick we have updated our FTP scanning system to detect and block these uploads before they can prevent damage to accounts. If an account is deemed to have been exploited we take three steps to protect you. The files are removed, your FTP password is randomised and an FTP lock is enabled on your account. You will also be emailed about these changes at your registered email address.We recommend then updating your account passwords to non dictionary words and using SCP over standard insecure FTP. You should also check your account to verify no other malicious changes have been made.

Furthermore it would be wise to run a full virus scan of your own machine, using upto date virus scanning software. We believe that the attacks may have originated from users own machines, exploited with a trojan.

To update your siteadmin password:

Log into /siteadmin

Click Edit

You can update your siteadmin password here.

To update your FTP password:

Login to /siteadmin

Select your domain

Select ‘Hosting Setup’

You can update your FTP password in the section.