Scan for SQL Injection

Is Apple hosting your website?

Hello Bigday_28,

Can you verify that your website is actually down? Considering the poor grammar, this looks more like a phishing attempt than anything.

Hello again Bigday_28,

That's too bad. Ideally it would be nice to know why they think "SQL injection" is involved. When they say "on our server", which server are they talking about?

In theory, it is possible for your Mac to get hacked and passwords stolen. Then the hackers could, again in an increasingly hypothetical world, gain access to your site and try some SQL injection attacks against some undetermined server somewhere.

But your tech support probably doesn't speak English well enough to understand that question or answer it. It would be more likely that there was some kind of hacking incident on your web server and they disabled your server for that reason. But the cause is almost certainly a security breach on their end, not yours.

I suggest you download MalwareBytes for Mac (https://www.malwarebytes.com/antimalware/mac/) run it and then update the ticket with what you've done and ask for more details. In the meantime, look for a better web host. I use Dreamhost but I might soon move to some cloud service like Google or AWS. Depending on your site, if you pick the correct mix of services, a cloud-based web server can cost less than a dollar a month - sometimes a lot less.

Thanks. Is it possible that your website is hosting advertisements that could be used to deliver malicious content? If so the content of those advertisements is generally beyond your control. They can contain literally anything.

The message they provided is vague at best, and to allege this "SQL injection" threat originated with your Mac is unfounded. I highly suspect the "local PC virus scan" or whatever nonsense they are demanding of you will just waste your time.

It would be most helpful if you could provide the page source so that it can be examined. I understand you might not be willing to do that.

Hello again Bigday_28,

A decent web host will give you a temporary domain name to let you move your site over. Once you have it working, then you can move the domain name.

As for SQL injection, here is a good explanation: https://xkcd.com/327/

If I do update them, it is via FileZilla. Wondering if that may be the cause?

I use FileZilla also. Assuming yours is a legitimately obtained and unaltered copy, that's not it. It would be an enormously complex challenge for FileZilla to be maliciously altered in such a manner to create the circumstances you describe, in return for little or no reward. Have you been able to download the page code hosted on the server and compare it to your locally stored versions?

I'm not convinced there is anything wrong. Assuming there is though, my first suspicion would be outside interference with your website. Someone in possession of your login credentials could obviously do that. Changing them would eliminate that possibility. The other possibility is a security breach of their server as etresoft mentioned, though it seems unlikely that you would be the only user affected by such a breach.

Lacking any specific information of something truly malicious I suspect your hosting company is just mistaken.

The important thing to think about is do you have any pages on your website that use a database back-end to retrieve data or to authenticate user logins? For example, does your website use a Content Management System (CMS) like WordPress, Joomla, Drupal, or in any way use a database such as MySQL, SQL Server, Posgres, SQLIte, etc. If you use a CMS have you kept the CMS updated and the modules updated?

You will need to contact these guys to get some help with access to you files and also to see if they can provide the actual URL strings where the SQL injection occurred. Something tells me that you will want to find a better host after this is over. Therefore, make sure that you can obtain a full backup of you website.