FAQ

Websites infected with an IFRAME or malware script

IFRAME and java script based malware infections are growingly common these days. These infections normally occur either through leaked FTP passwords or machines infected with virus / malware that adds these lines of code on files uploaded. Most of the time, it is through a leaked FTP password obtained from an insecure system.

Hackers setup normal looking websites (or use a previously hacked website where the owner is unaware of the malware) and setup expensive keylogging and hacking tools like Mpack. When a user vists the site, it scans the browser for history, passwords and other such critical information. The visitor who is unaware of the keylogger inadvertantly sends passwords and other details to the hacker who then has access to the vistors FTP details. Once the hacker obtains the FTP login details, an automated program or script is then used access the persons website and add hidden iframe or javascript code to the compromised website. Since this gets done through FTP, the user remains unaware of the hack or compromise and no matter what permissions are set, the hacker is able to write to the users website files.

This hacked website is then used to further spread the attack when a visitor opens it and accesses the hidden iframe content. This is a growing issue and thousands of websites are infected almost on a daily basis through this method.

Prevention:
1. Keep your computer operating system up to date at all times. Always download available OS security updates at the earliest.
2. Do not use Internet Explorer to FTP your website. Use a seperate FTP program like Core FTP or WS_FTP
3. Avoid saving passwords in the browser, specially FTP passwords. Do not FTP from a public or insecure connection.
4. Change passwords frequently and set a strong alphanumeric password.
5. Install an antivirus and keep it updated. Avast is a good free antivirus program for home / personal use and can be downloaded from www.avast.com
6. Avoid suspicious websites
7. If you receive an email from an unknown person with an attachment do not open it.

Cleaning up after an infection:
1. Take your site offline and put up a maintenance page on your website to avoid getting it blacklisted by search engines.
2. Format and secure your machine with a reliable install disk or use a fresh installed, OS updated computer with an updated antivirus.
3. Change FTP and other related passwords.
4. Delete all files and upload clean content - verify that the files you are uploading are not infected by checking for unknown Java script or iframe code normally found near the body tag in the code and at the end of the file. If a backup copy is unavailable, check code of files on the server for the same and delete the malware lines of code.
5. Take steps listed in prevention above to avoid repetition of such issues.

Site is black-listed by google / firefox / chrome
1. Follow steps in Cleaning up after infection
2. Follow steps in Prevention
3. Verify that no malware is present in your website
4. Follow http://googlewebmastercentral.blogspot.com/2008/04/my-sites-been-hacked-now-what.html

Other related links
http://googlewebmastercentral.blogspot.com/2007/09/quick-security-checklist-for-webmasters.html
http://googlewebmastercentral.blogspot.com/2008/08/hey-google-i-no-longer-have-badware.html

This can be done by eding /var/cpanel/maxemails in SSH. Enter

domainname=X

where domainname is the name of the domain for which limits are being set and X is the number you want to allow that domain. Set X to 0 if you wish to set it to unlimited

Login to plesk, select the domain, click web directories. Here, select the the protection tab and click remove protection if enabled.

If that does not work, try resetting the FTP password from the setup section.

If the site still asks for login, connect using remote desktop, run cmd and then enter the commands:

cd %plesk_bin%
websrvmng --update-anon-password --domain-name=

This can also be run for all domains in one go with the command

websrvmng --update-anon-passwords-all

Please see payment options at http://www.nettigritty.com/paycombine.php

You can place an order an pay online from our website or make a custom payment from http://www.nettigritty.com/custom

========================
DefPackageMng() constructor failed: defpackagemng failed: Access is denied. (Error code 5) at CreateProcess 'C:\WINDOWS\system32\cmd.exe /c ""C:\Program Files\SWsoft\Plesk\admin\bin\defpackagemng.exe" --get"'
at execUtil C:\Program Files\SWsoft\Plesk\admin\bin\defpackagemng.exe --get on c:\windows\system32\inetsrv(PleskSrvClient::execUtil line 435)
at execute console command --get(vconsoleapp::start line 128)
at execute "C:\Program Files\SWsoft\Plesk\/admin/bin/defpackagemng" --get(vconsoleapp::run line 138)
========================

To correct this error, check permissions of the file
c:\windows\system32\cmd.exe

The user SYSTEM should be set to allow all permissions (it may be set on deny).

How do I grant write permissions to a file or folder ?

Use the file manager in your Plesk control panel. Browse to the file or folder you wish to grant write permissions to. Click the lock icon alongside the file or folder and then tick all options for all user one by one. Click ok to save the permissions after changing. The file / folder will now be writeable for your website scripts.

Neomail support has been discontued in cpanel as the script will soon be obsolete and support discontinued by cpanel developers on the script.

Emails will remain unaffected and can be accessed using the other interfaces.

To view the same folders in Squirrelmail, login, select Squirrelmail, click folders and subscribe to the folders you used previously in Neomail. Refresh folder list or the page to see the folders listed in the left column.

To change domain nameservers, you need to follow the steps below:

1. Login at http://domain.nettigritty.com/customer
2. Type your domain name in the jump to box
3. Select Domain Registration Service from the [Select a product] dropdown and click the button next to it
4. On the next page, click the Name Servers link.
5. Enter your nameservers and click submit at the bottom of the page.

You can do this by enabling the domain user. Login to Plesk, select the domain name and then click the Domain User icon. Enable this option and set a password. Your client will then be able to login with the domain name as username and password you have set at the Plesk login URL.

This error on Linux/Cpanel servers normally indicates that the disk quota of that account is full. Upgrade the account or reduce usage and retry.

“Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Error Number: 0×800CCC0F”

This error is often modem or firewall related. First, try reconfiguring as per the tutorials at http://www.nettigritty.com/support/hosting/tutorials/emailtutorial.php

If the issue persists, please see:
http://support.microsoft.com/?kbid=813514

You could use cPanel Proxy from http://cpanelproxy.net/ which is a script that acts like a proxy to access cpanel. You will need to install this on your website.

Try removing all old files and then uploading the new files afresh. If you still see old files, you are seeing cached pages on your local computer or pages that are being served by an intermediate caching server. Clear cache and retry or check on a different computer / connection.

You need to upload your website files and folders under httpdocs and make sure you place a default file like index.html, index.htm, index.php etc. Also do remove (or replace) the existing index file that is being served as the default page.

You need to upload your website files and folders under public_html (same as www) and make sure you place a default file like index.html, index.htm, index.php etc. Also do remove (or replace) the existing index file that is being served as the default page.

There need not be any downtime at all. Sign up for a new account at our site. Upload your website in the new space, create email ID and then change nameservers. DNS would resolve in about 24 hours during which time your site would continue to resolve to the old server and would then start working on the new server. Effectively, there would be no break in your site showing.

You can host any domain registered through any registrar with us. You will simply need to point your domain name to the DNS nameservers provided in your hosting account information mail after signup. DNS changes have to be made in the domain name control panel provided by your registrar. If you do not have access to such a control panel, you will need to email the company you registered the domain through with the DNS nameserver details provided.

DNS would take 24-48 hours to resolve fully after the DNS changes are made.

You can use Linux or Windows hosting irrespective of the operating system on your computer.

You can see a comparison at
http://www.nettigritty.com/choosingwebhosting.php

In short, you need Windows hosting only if you require ASP/.net/MSSQL/Access support. For most purposes, Linux hosting is sufficient and also has better support for PHP/Perl/CGI/MySQL.

A static html/flash/graphics site can be hosted on either Linux or Windows. In general, we recommend Linux hosting for most sites.

A hosting account is normally created for a domain name such as yourdomain.com which is required to create your account.

Account creation takes a few minutes from payment confirmation. Access details are sent by email.

From the time you point your domain to the hosting server by updating DNS nameserver records, it will take 24-72 hours for the domain to fully resolve to the hosting server. More often than not, sites resolve fully in 24 hours.