How would you like a bride to see this when she goes to your website?
In the past month, I've seen this happen to at least 5 photography websites (some customers, some friends). I'm expecting to see more.
- Slows down the site to a crawl
- Often gets blacklisted by Google/some browsers
In the sites I've seen infected, affected files were in:
- Wordpress blogs
- PHP-based proofing scripts
- Slideshow files
- An old version of our (BIG Folio) admin (our new admin doesn't get affected)
How does this happen?
According to the research I've done, it appears these exploits all happen due to compromised FTP passwords on the photographer's PC. In other words, you have what is called malware on your computer. When you FTP files to your website, that malware sniffs your FTP password (FTP passwords are passed over the Internet unencrypted) and your site is then compromised. These exploits have nothing to do with the hosting server being hacked.
What should you do?
- Run your site through unmaskparasites and see if it finds anything suspicious
- Scan your PC for malware. I don't work on a Windows machine, but Malwarebytes appears to be a good choice. Maybe someone else can recommend another.
- If you had/have malware on your computer, change your FTP password (from a different computer)
- Use your work computer for work. Don't let your children on it.
- If you use a standard web host like GoDaddy, BlueHost, 1and1, MediaTemple, etc. use SFTP (secure FTP) to transfer files. Most hosts offer it.
- Or just buy a Mac
If your site is already infected and blacklisted by Google, you'll need to add your site to Google's Webmaster Tools, clean the infected files and request Google perform a site review.
I've cleaned 2 sites myself and submitted them to Google. I'll post more information once I hear back.