Thread: Lay-out changing on my site after re-publishing page

Hello to All,

I'm experiencing a rather strange event recently on two of my pages.
Some days ago, I noticed that the lay-out or colors on one of my pages had changed. First I thought it was my browser not loading perfectly, but the problem persisted in another browser and on another pc.

I then went to BV and re-published the page, and when I checked it up on the internet, the page had turned allright, only I found that the problem had 'jumped' to another page. So I returned to BV and re-published this page, checked it out on the internet, after refreshing my browser, and found the problem had returned to the first page. This went on for some time, but now I give up and throw the towel!

This is the art_shop page where the problem is now:
http://www.IndigoMosaics.com/art_shop.html

I ran ComboFix on my pc yesterday and it found an infection, a hackertool box or something like that, which it deleted.
After the reboot, I directly went to BV to re-publish al my pages, without checking it out first on the internet, but the problem is still there.

Would really appreciate some advice or idea on what's going on!

Thank you in advance

Tina Svendsgaard
IndigoMosaics
http://www.IndigoMosaics.com/

You don't mention changing your FTP passwords after finding and removing the virus.

Also, what FTP program are you using? Many of the free FTP programs like FileZilla and CuteFTP, store their saved logins and passwords in a plain text file. This makes it easy for viruses to steal.

I recommend WS_FTP because it encrypts the stored information.

Also, check your site for backdoors. We typically see these as .php files with either the first line or last that start with this:

Code:

<?php eval(base64_decode(...

and then a long list of characters.

These backdoors allow hackers to remotely infect websites after the owner has changed the FTP password and removed their other methods of infection.

Please post back here with what you find.

i just checked your site and found all the pages were the same color. unless you are importing an image, then the browers will revert to web friendly colors. it is like fonts. here is a link all about web colors:
http://www.w3schools.com/Html/html_colors.asp
if you go down a bit you will see the explanation that colors are not a worry as used to be, but i know that the 3 computors i have will show a different shade or brightness on the pages.

Hi,

WeWatch:
I don't use an FTP account, I go directly to the 'publish' screen in BV on my pc and publish from there. I only check the 'remember username and password' box in case I have several pages to re-publish. My browser doesn't save any data from one setting to another. I have checked my pages html for .php files, but didn't find anything like that.

Would I have to change to a new password for publishing?

I'm really paranoic now, cause it's not the first time it happens to me, and I have had my site taken down from the internet, to begin from scratch two times now, and it's quite a headache to create it all from the beginning.

I run CCleaner several times a day, and now ComboFix, too!

I read on another thread on this forum, that cloning the pages could cause a sort of deterioration of the pages cloned, and I wonder if this could be the reason?! I usually clone my pages.

I ran another ComboFix yesterday and re-published all my site from A-Z and it seems ok for now.

Appreciate your answers and the time you take=o)

This what I am getting when I tried to view your website.

"
Forbidden

You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."

Hello,

zuriatman: yes, I had the site closed for a short time because of those problems. I made a major clean-up and editing, changed password to my account, and will do so on a regular basis from now on. But what a headache - I sincerely detest hackers!!!

Thanks guys for your interest and your advices.

Tina