Unable to connect to website – Browser problem or computer problem

[bill]

Hi, AITPro.

I have five hosted sites (on GoDaddy), all recently updated to run more current versions of BPS Pro (5.5 and 5.6.1). I noticed yesterday evening that I was unable to view one of the sites. This prompted me to check the others and sure enough, none of them were working (Google Chrome: “Could not connect to mysite.com”; Firefox: “Unable to connect”). I phoned GoDaddy to see if it was a server issue and he said the sites were pulling up just fine. He then suggested I try from another pc/phone/tablet. I then tried to pull up the sites on my iPhone 4S first, then my tablet (Kindle Fire HD) and each site worked/navigated fine.

After vigorous refreshing and closing/reopening browser, one site’s homepage may appear but when I attempt to navigate the site it idles then goes back to the message(s) above. Unfortunately, this includes my WordPress backend/dashboard, traffic logs, etc. I am able to log onto my ftp from this pc and after combing every file/database, no changes have been made (to any folders/databases) since my manual updates. I’m also able to access my WordPress backend/dashboard (from my tablet/phone only) and BPS Pro/ARQ (checking every min.) is still kicking just fine. That said, it looks like I’m locked out of my own sites. I’m unable to view the front (the websites themselves) or back (WordPress dashboard) end. My BPS Pro updates were all made at least 24hours (3/5/13) before I noticed the issue and no changes were made since. I tried the the default .htaccess test on one of the sites and nothing really happened. I’m stumped. Any response is appreciated.

Thanks,

-Bill

[AITpro Admin]

It sounds like something is not quite right with your computer itself.  Post the link/URL to your website or if you do not want that to be publicly displayed in the Forum then send an email to info at ait-pro dot com with the link/URL to your website.

[bill]

Ok. Sending now….

[AITpro Admin]

I checked all of the URL’s that you sent and all of those websites open in less than 2 seconds.  I just thought of something.  You recently had your sites attacked and files were uploaded to your websites, but AutoRestore/Quarantine quarantined those files before the hackers could do any damage or actually hack your websites.

Logically what I am concluding is that your computer is infected with malware/Spyware/Virus and that is how the hacker was able to upload files to your website by stealing your login information from your computer or your Browser.  Your Browser software could be hijacked or you could have a computer system malware/Spyware/Virus infection on your computer.

You need to disable any Browser extensions or add-ons that you are using and check your computer for malware or Spyware or a Virus.  If you have a more sophisticated malicious program on your system then it might be capable of blocking a computer scan for it.

[bill]

Interesting. I did a McAfee (Total Protection) scan yesterday and came up blank. I just disabled all plugins/extensions from both browsers and I’m going to delete them as well… I’m going to run another full scan and see what that nets me. After that, I’ll install new browsers.

[AITpro Admin]

Well the thing that concerns me the most is that files were uploaded to your website.  Most likely your FTP password was stolen from your Browser or your computer to be able to do this.  If that had not happened recently then I would be thinking that this is just a software or Browser problem on your computer.  Putting 2 and 2 together logically you need to make 100% sure that your own computer is clean.  If you are connecting to the Internet with a wireless connection you need to disable that temporarily and do a direct connection to eliminate that possibility.

I made a very stupid mistake not too long ago and forgot to close an FTP connection to the AITpro websites when I logged into a client’s website.  The website was hacked.  The hacker grabbed my FTP password from the connection and started uploading hacker Shell script files.  All of the hacker files were quarantined before they could do any damage.  I now use VPN security connection software that encrypts any connections I make and the session data when connecting to any websites that are not mine.

[bill]

Went from interesting to flat out scary. Oft times, I use an FTP client and sometimes I go direct thru GoDaddy. Which one is safer and do you think the potential compromise could’ve happened there? And if my scan comes up empty again, there anything else I could do?

[bill]

Definitely hacked.

[AITpro Admin]

If you are using FTP software or just using Explorer to make an FTP connection you NEVER want to save your FTP password.  You should ALWAYS be typing your password in.  The Go Daddy FTP tool is safer because in order to use that tool you need to be logged into your Go Daddy account.

What is definitely hacked?  Are you saying that you definitely found that your Browser or computer has been infected with malware, spyware or a virus?

[bill]

I went to login to the two sites wp backend that had the mysterious files a few days ago and my updated passwords wouldn’t work, so I changed. when I logged in, i immediately went to all users and saw that another administrator  acct was created. I removed both browsers and my third party ftp client… changed godaddy and ftp user passwords again and running full scan now.

[bill]

Loooong day, but I changed all passwords and added an additional security step when logging in to my host’s backend. Still a bit nervous about my pc even though all the scans came back clean. The only major concern I have now is when I try changing the passwords in the respective wp-config files… it shuts down everything saying the database password is incorrect or doesn’t match or something. Another fork in the road… I’ve been at this all day and wouldn’t wish it upon my worst enemy. Thanks for all your help… p.s.; it’s Friday, bro. Even with all the madness I didn’t forget 

[AITpro Admin]

If you have AutoRestore turned On while editing the wp-config.php file it will be sent to Quarantine.  This is actually the way I prefer to do manual file editing and then restore the wp-config.php file from Quarantine using the Quarantine Restore File Option.  I like doing it this way for this primary reason:  If you manually edit your wp-config.php file and it is quarantined then you can restore just that wp-config.php file without having to do a complete backup of your Root files in AutoRestore.

Why is this better?  Because you still have AutoRestore/Quarantine monitoring all root files for any changes and you know for sure the ONLY file you modified was the wp-config.php file so it is of course completely safe to restore it using the Quarantine Restore File Option.

But in your case since you are changing the database connection information in your wp-config.php file you will either have to turn Off AutoRestore while you are manually editing the wp-config.php file or you can do this below if you do not want to turn Off AutoRestore.

Upload your newly edited wp-config.php file to the /wp-content/bps-backup/autorestore/root-files folder before uploading the wp-config.php file to your website root folder.  This way your backed up wp-config.php file identically matches your actual wp-config.php root file and the wp-config.php file will not be quarantined.

The choice is entirely up to you, but if you choose to turn Off AutoRestore then remember to click the Root Backup Files button before turning AutoRestore back On, otherwise your wp-config.php file will be quarantined again.

 

[Deb]

The hacker grabbed my FTP password from the connection and started uploading hacker Shell script files.  All of the hacker files were quarantined before they could do any damage.  I now use VPN security connection software that encrypts any connections I make and the session data when connecting to any websites that are not mine.

Is there any security connection software (encryption) that you could recommend here?

Since the site you want to connect to IS the problem – one would have to protect the client side. Evidently the Filezilla guy says the computer (OS or something) should handle it, not “his client.”

[AITpro Admin]

I use HotSpot Shield Elite, which is the “Pro” version of HotSpot Shield.  I do not use it at all times as it tends to nullify/negate/break the the functionality of how some things work.  For example if I am logged into one of my own sites and I have HotSpot Shield Elite enabled then it will break some of the functionality in BPS Pro.  HotSpot Shield is designed to be used in potentially unsafe or risky Browsing zones/areas and is not intended to be used as an “always On” application.  The name says it all – “HotSpot”.  😉

I no longer use FileZilla and instead use WinSCP.  I have found that WinSCP is more secure than FileZilla for FTP/SFTP connections and has a couple of features that I prefer over FileZilla features.

[Author]

Posts