Got hacked or got a virus
Posted by azn_romeo_4u, 04-20-2009, 09:30 PM This code shows up on all my pages with an index.php extension. Is this a hack or or is this a virus?
Posted by AstroNyu, 04-20-2009, 09:34 PM Could be someone found a way to get into your server. Is the code on all php files?
Posted by Mark_W, 04-20-2009, 09:38 PM As far as i can tell its a hack that opens up a couple pdf files at least that's what popped up when i went to it. Mark W...
Posted by azn_romeo_4u, 04-20-2009, 09:45 PM It seems to be php file only...anything that has index.php in any folder gets that at the bottom of the page. I just updated all my passwords though...making a full backup. I did a google on the thing but only came up with 2 results, not in the english langague When I view the source of the url, it goes to another site and then gets this code Anyway to block the offending websites from my server? Last edited by azn_romeo_4u; 04-20-2009 at 09:54 PM.
Posted by hiabhilash, 04-21-2009, 01:22 AM mod_Security 2.5 will help you there, a lot. Latest version is doing magics. If I may, here is a lame advice - most prolly blocking chinese IP address can help 10%. Not needed from the server, but from your site. Scan your desktop in which you or your webmaster operates your FTP using http://www.malwarebytes.org/mbam.php or any other malware scanners. I heard Kaspersky was effective too.
Posted by brianoz, 04-21-2009, 03:40 AM Use keyscrambler and get your server audited by a security professional.
Posted by mwatkins, 04-21-2009, 04:12 AM I've munged the URLs above. There are 294,000 hits in google for the search string based on the domain name which is returned when a user falls into the trap. Here's the top one, worth a quick read and further investigation. http://evilfingers.blogspot.com/2009...crimeware.html
Posted by biggies, 04-21-2009, 12:41 PM i cannot post site address because of forum limit. I got the same problem. check the following url http lip-service.joygoround.com/?p=129 check ur pc ftp client which upload website. it may infect with virus
Posted by UNIXy, 04-21-2009, 01:00 PM I recently recovered a customer's files. The root cause was a weak FTP password, which allowed the attacker to upload/replace/inject index files. Search in google for the quoted string: "get rid of those injected iframes" The first result will show you how to clean it up. Best