Well, my website was hacked with iframe injections pointing to ageegle dot ru -ageegle.ru- last week (not this site). The hacker added malicious code to my index or default web files that included iframe tags pointing to a site called ageegle dot ru (do not visit that site) on port 80. This page, when visited, caused the site to try to download malware to the users computer.

The first thought to enter my mind was that my web host was hacked. I don’t quite remember how i ruled that out, but it was not that. I then considered that there was a vulnerability in my code, since it was a site written in classic asp with vb script that I had written entirely myself. I ruled that out as well, because I was meticulous in ensuring that there were no holes that would allow sql injection attacks, or any access to the file system itself. I did my own testing to ensure this, then hired two separate consultants to review and test the code again.

I opened the file browser within my web hosts control panel, and noticed that the modified date of the files were updated to the date the malicious code was written to them. Since I do not share my hosting password with anyone, it had to be FTP, with the credentials stolen by malware on my own computer. Many are quick to dismiss that, but it can happen easy.

I had never been hit with malware or a virus in 11 years of computing without an antivirus software, so I got cocky. I found that I got a piece of malware with a download of some plugins for dreamweaver.

Even when I changed my FTP password on the host, the spammer was able to write to my files with the iframe injections. This means that when I changed the FTP credentials in Dreamweaver, they were capturing them there.

Install at least two anti-virus applications on any development boxes you use, and scan everything. Use SFTP if you can. NEVER use pirated web development tools, as normally the keygens (exe files) contain the malware that steals passwords. Its just too damn risky.

If this has happened to you, and you are having issues getting things back on track, feel free to leave me a comment, and I will be happy to help out if I can, or at least point you in the direction of more information.

You will have found this post if you searched for any of the following:

• iframe injection
• ageegle.ru iframe
• website hacked by ageegle iframe
• website hacker iframe ftp
• index files hacked
• default files hacked
• dreamweaver infected
• keygen steal ftp password
• iframe hacked script
• web host hacked

Sites linked to in the malicious code (Don’t visit these sites):

• red-wolf.ru:8080
• pornishe.ru:8080
• daniellecsejtei.selfip.com:8080
• benparker44.is-a-chef.com:8080