Grow your CSS skills. Land your dream job.

Please Help. Has My Website Been Hacked?

  • # June 30, 2013 at 3:16 pm

    When you open this web page: http://www.ctrlshiftstudios.com/layout

    The word ‘digital marketing’ has becoming a link and when hovered it shows a certain picture.

    I never made the words a link.
    I deleted the index file from the public_html and reupload it back, then I refresh and the link is still there.

    What is happening. Has someone hacked my website?

    # June 30, 2013 at 3:18 pm

    Even this one i typed now, i mean the two words above have automatically turned to a link at my end here. And shows same image.
    Is it from my computer?

    # June 30, 2013 at 3:21 pm

    The link is showing ‘Coupon DropDown’

    # June 30, 2013 at 3:28 pm

    I’m not seeing it or maybe you figured it out. However, I did notice the dreaded IE image link blue border on your social media icons and home link (or whatever it’ll be); just an observation on passing by. Sorry I couldn’t help you otherwise.

    # June 30, 2013 at 3:29 pm

    No link at my end for “digital marketing”. Seems everything is alright.

    # June 30, 2013 at 3:42 pm

    @CodeGraphics I had the same issue. I had a virus on my computer that was doing this. You need to restore your computer to an earlier point. That will remove it.

    __
    # June 30, 2013 at 3:45 pm

    1) If you are still seeing this link (while no one else is), try clearing your browser cache ([ctrl]+[f5] does it in most browsers).

    2) Did you ever add Google addWords (or a similar script) to your page? If so, that might be what you were seeing (and that would mean you weren’t hacked).

    However, if you are at all unsure, you should definitely take steps to make sure your site is secure:
    *****
    ######_EDIT_
    As @ChrisBurton says, make sure your own computer is clean, too (do that _first_).
    *****
    — change all passwords **now**.

    — check your server’s error/access logs for unusual activity.

    — make sure there are no unusual files on your host (especially inside your web root).

    — make sure all the usual files haven’t been changed (compare them to your (hint,hint) **backups**).

    — review any scripts that handle user input. Make sure you **do not trust user input** (always _validate_ and _sanitize_).

    — if you find any problems, or are still unsure, **contact your host for help**.

    — change all passwords **again**.

    # June 30, 2013 at 3:48 pm

    I’ve loked into it too. Might be malware on your end :: https://blog.wikimedia.org/2012/05/14/ads-on-wikipedia-your-computer-infected-malware/

    # June 30, 2013 at 5:13 pm

    I had the issue once. It’s a quite inoffensive malware. An anti-virus software or a spybot should be able to remove it pretty easily.

    Edit: if I recall correctly, the issue was a Chrome extension. Make sure you only run Chrome extensions you know.

    # June 30, 2013 at 7:13 pm

    It was a malware from my end. It was a chrome add-on, (malware in disguise) that I added. I actually googled ‘Coupon DropDown’ and read more about it. I removed all the suspicious add-ons, uninstalled all the suspicions programs and cleared all my caches and cookies. And it came back to normal. I was afraid already.

    __
    # June 30, 2013 at 8:03 pm

    >And it came back to normal…

    .
    > ####change all passwords _now_.

    : )

    # July 8, 2013 at 10:27 am

    We used to have this problem. Every time we thought we removed, it would just re-install itself.
    Traditional defenses are no longer enough to defend against the new breed of cyber-attacks that cut across communication channels and take place over multiple stages. IT security organizations must implement a defense-in-depth strategy with layers of network and endpoint security defenses. Failing to do so can prove costly; in fact, it can bankrupt a company.

    We did the following, for the following for my website.

    1. Remove the Admin User from your WP.

    2. Generate a Password with a generator like this one: http://goo.gl/MaDV

    3. Make sure you have REMOVED the Admin User, and make your “N3wu23rNaMe” difficult to be guessed, or easily known.

    4. Add a “Limit Login Attempts” http://goo.gl/ouDUQ and make the attempts to “1” attempt, and then “lockout”!

    5. Finally we started using a free site scanner for cyber criminals provided FREE trial located http://goo.gl/Jp4Co

    And finally I can say we have had NO problems since. Of course you will ALWAYS have attempts, but I would recommend our procedures. They seem to work great for us!

Viewing 12 posts - 1 through 12 (of 12 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".