(photo from http://www.flickr.com/photos/dudemjk/)
Learn from my experience. Don't take your website for granted. Considering I use a PC (which is prone to virus attacks), I pride myself on being very careful when using the Internet. I only use Firefox when browsing and I have antivirus software that automatically updates in real time. I also automatically run a spyware program every morning.
I stupidly thought I was protected. Oops.
Somehow, someway, not only did my main website get compromised, but all my domains were shut down by Google! Malware was detected on my site that was dangerous to visitors. And, thus began a three week battle to find out what the problem was, how it happened and how to get it fixed. (Meanwhile, I was basically out of business.)
Evidently, the hackers had come in through my hosting company and therefore were able to attack all my domains. The conversation back and forth between my hosting company was a frustrating experience of cryptic emails that sometimes made sense and sometimes didn't. Every time I called, I talked to someone different at the hosting company and every time I received an email it was from a different person at the hosting company. Back and forth we went for weeks.
I was finally told the problem was fixed by the hosting company and told I now could ask Google to allow my sites up. So, I hired someone to get me back in the good graces of Google. Unfortunately, I hired the wrong person for the job and after a week of waiting to hear back from Google, contacted another person.
Come to find out, my website (and other domains) still were infected. My hosting company hadn't fixed the problem after all. Surprise, surprise.
But here's the good part of the story. I hired the right person this time. She was an excellent detective and quickly figured out what the problem was and how to fix it. In just a few days all my domains were up and running again. I was back in business.
Who was this brilliant detective? Check her out at Little Fish Studios.
And, what was my learning experience from this? I now realize that if you are using a PC and have what you think is adequate virus/malware protection, you probably don't. One of the most dangerous types of spyware are keyloggers that hide on your computer to record all your keystrokes. So, if you go to a site and enter your password, it is recorded by the spyware. At that point, the hackers can get your private information and use it in any way they want. We think this is how the hackers were able to get into my hosting account.
Simple Low-Tech Solution
An easy low-tech solution to prevent your confidential information from being stolen by keylogger malware is to simply not type in your user name or password on the websites you visit. Rather, put together a spreadsheet of all your user names and passwords, so you can copy and paste them into the websites. This way, you are not allowing any of your confidential information to be given out through key strokes. A simple copy and paste can prevent the keylogger malware problem.
Here's my final thought. No matter what virus protection or spyware you are running on your computer, DO NOT assume you are safe. Everyday new viruses, spyware, and adware are being created. Sometimes your luck just runs out and tag, you are it. So, get multiple antivirus, spyware and adware programs, make sure you have the latest updates on these programs and consider buying a Mac; they don't have these problems! (All you Mac owners are allowed to gloat at this point.)
The viruses that are stealing FTP username and passwords are not only using keyloggers.
These viruses work in 3 different ways.
The first way is by installing a keylogger, which you've already covered.
The second way is that it discovers what FTP software you have installed on your PC and if it's one of the popular ones (FileZilla, Dreamweaver, WS_FTP, etc.) it knows where they store the username and passwords. For instance, when you ask it to store your FTP credentials, the program actually puts them in a file on your system. The virus knows where the popular programs store their files and it just retrieves them from there.
The third way these viruses work is that they "sniff" the outbound FTP traffic. This "sniffing" sees all the traffic going out of your PC to your website. Since FTP transmits all data including username and password in plain text, it's easy for the virus to sniff your FTP credentials even if you cut and paste them from a spreadsheet.
The safest protection against these viruses is to not use an account on your PC that has administrator rights. If you can install software, so can a hacker. Setup a separate user account with limited rights and only use the administrator account when you want to install something.
That's my 2 cents on the subject. We've been fighting these for a few months now and have helped thousands of website owners.
Posted by: Thomas J. Raef | July 15, 2009 at 05:21 PM
Thomas,
What a wonderful post of terrific information. I'm going to take your suggestions to heart and make some changes to my FTP software. I think you are "spot on" in how this happened. I welcome your 2 cents anytime you want to offer it. Thank you so much!
Posted by: Michelle Howe | July 15, 2009 at 05:26 PM
Hi Michelle, sorry to hear about your nightmare experience. I know I take it for granted that I'm well protected but I won't be any longer thanks to your story.
I loved the tip on copying and pasting the login info. I wonder if using Mozilla Firefox is a safeguard ... especially since the login info is saved initially and I don't have to type it in each time I log in. Do you know if this helps?
Posted by: Karen Schatz | July 17, 2009 at 09:34 PM
Sorry to here about the problem but some of the information you are giving about PC is a lie. The part about the infection and the troubles you had to get your site back up are true. PC are not prone to virus attacks as you have said. I use a PC and I am not prone to virus and spyware. The difference is you are using a Windows PC I am using a Linux PC. So please try to be more specific to what kind of PC you are using. Macs are not as secure as people believe. It has been proven Macs are less secure than Windows.
Posted by: Jason | July 20, 2009 at 09:51 AM
Karen,
I use Mozilla Firefox for all my browsing. Now what does that tell you? I thought I was safe.
As to the idea of the safety of the login being saved through your browser, I don't know the answer. But I bet one of my brilliant readers might know. Check out the comment made by Thomas J. Raef. He'd be a good one to ask.
Posted by: Michelle Howe | July 20, 2009 at 10:51 AM
Nice post.I loved the tip on copying and pasting the login info. I wonder if using Mozilla Firefox is a safeguard .
Posted by: Hosting | October 23, 2009 at 02:42 AM
Internet is a magic world that is true. Browser is stopping the Malware and make try to mal war free...
Posted by: dsi r4 | November 12, 2009 at 12:59 AM