So as I usually do first thing every morning, I checked the different sites I manage. To my surprise I get a warning from McAfee that my main site was downloading some malware.
WTF!!!!!!!!!!!!!!!
So I go look.
To my horror I find and obfuscated script inserted into the index file of the site.
I immediately contact the hosting company with a warning that it looks like the server has been hacked, and after a few "I don't think so's" they admit that there is a malware script running on the server.
So I start looking further.
What I find is every index file has been compromised, and since at any given time I will have the main site plus 50-100 clients sites (where clients can view their proofs), each with one or more index files, this is slightly more than just an annoyance.
After examining several corrupted files I see a pattern, but it does mean that I have either manually edit many hundreds of files or reload each of the files from the original sources.
To make a much too long a story shorter, after several hours it appears I have all of MY sites back as they should be, but still no answer on how the attacking script got loose on the server in the first place. Since something like 300 other folk are hosted on that particular machine, it may well get interesting, as any unfixed script may well reinfect the whole server again.
Of course this is also Thanksgiving weekend when friends and family tend to visit,
and show off all those cute pictures that are on the web.
So while other folk are enjoying turkey and football, I will be sweating the threat of reinfection, or that I missed some of my files, or that I damaged something while doing repairs.
Anyone else out there ever faced similar situations?
Can I get a hug?
Aslan is not a
Tame Lion