Forum Moderators: phranque
On the other hand, MSN Webmaster tools FAILED to flag my homepage as having malware, when Google Chrome browser found it. I identified a hacker's work using [a web service]. I'm still waiting to hear from my ISP about how the hacker could write to the file which had 644 permissions, and I have a strong password (now changed).
Days after asking MSN why they find malware others do not, and please give a specific reason, they have not answered.
Where can I find more ways to test my pages? Or is MSN prone to finding false positives in legitimate scripts? My scripts are for major ad providers, navigation, traffic count, and checking user stats like screen size (script from awstats).
[edited by: phranque at 8:05 pm (utc) on May 21, 2009]
[edit reason] No urls, please. See TOS [webmasterworld.com] [/edit]
Permissions aren't everything. It's much more likely your files were changed by a PHP script that the hacker tricked your site into running. Any PHP code you write must guard against Remote File Inclusion attacks (RFI). Don't just inspect the file that was changed. If they can get into your site, they can change any file they want, even ones that don't have any security problems of their own. So the security hole can be anywhere, not just on the page that got changed.
