Don't be alarmed, I'm not convinced it's the fault of the BT server, but I'd like to give a heads up, just in case. Had my shared server attacked by one of those drive by javascript injections. I've got a very secure password, but it was obviously sniffed out. I've got a number of websites on the hosting, mostly wordpress plus the BT install. Looking at the time stamps, the exploit occurred first on the BT server and it injected EVERY instance of an index.php file in the install. It then went on to infect every other website, but only the main index.php files, not admin index or any other file. Not sure if this proves anything at all, but I think it shows that the BT server may be less secure than wordpress because of every index.php file getting infected and it may have some sort of hole to be exploited, because there's no way my server access should have been sniffed out. I'm assuming it was some sort of random drive by as it's extremely highly unlikely that any of my sites would be specifically targetted. Thoughts?

I subscribe to this topic. Have you checked good? Most of the time attacks are on the most common systems (cms - Joomla - Wordpress etc). Isn't there a posibility that they came in on a Wordpress-site? It also could be a leak in your server software (php, mysql, etc) But if it is true then it affects all of us bt-server users. I think you should mail a log of the attack to David@buzztouch or Parker@buzztouch so they can investigate. Best Regards, Danny

Straight away I thought wordpress, but the time stamp shows BT as the first to be infected. I guess that might not be conclusive though? I don't know enough to really investigate it, so I've no idea if it could be a leak in the server software. I use hostgator and they're pretty hot on security usually.

Subscribing to this thread.

I contacted hostgator live chat, the guy said that just because BT was infected first, it doesn't necessarily mean that it was the cause of the injection. I've emailed support to see if they can shed any light on it. I'll post back when/if I get an answer.

I had a similar attack on a Joomla install (with GoDaddy) around May of 2010...a .php attack (64 base encoded) on EVERY .php file including the index and all the ADMIN folders. I would assume that it may have targeted the BT folder because of nomenclature...(ie BT comes before wp-) There were/are some scrub scripts available that you can run on your server to counter the inject. The Joomla site has been free of invaders for nearly two years...knock)

False Alarm! Mods remove this thread if you like. The culprit was a compromised FTP password accessed via my desktop ftp client. Damn viruses! As @StepWiseMedia says, it was simply the nomenclature causing BT to be infected first.