Got hacked or got a virus

Posted by azn_romeo_4u, 04-20-2009, 09:30 PM
This code shows up on all my pages with an index.php extension. Is this a hack or or is this a virus?
Posted by AstroNyu, 04-20-2009, 09:34 PM
Could be someone found a way to get into your server. Is the code on all php files?
Posted by Mark_W, 04-20-2009, 09:38 PM
As far as i can tell its a hack that opens up a couple pdf files at least that's what popped up when i went to it. Mark W...
Posted by azn_romeo_4u, 04-20-2009, 09:45 PM
It seems to be php file only...anything that has index.php in any folder gets that at the bottom of the page. I just updated all my passwords though...making a full backup. I did a google on the thing but only came up with 2 results, not in the english langague When I view the source of the url, it goes to another site and then gets this code Anyway to block the offending websites from my server? Last edited by azn_romeo_4u; 04-20-2009 at 09:54 PM.
Posted by hiabhilash, 04-21-2009, 01:22 AM
mod_Security 2.5 will help you there, a lot. Latest version is doing magics. If I may, here is a lame advice - most prolly blocking chinese IP address can help 10%. Not needed from the server, but from your site. Scan your desktop in which you or your webmaster operates your FTP using http://www.malwarebytes.org/mbam.php or any other malware scanners. I heard Kaspersky was effective too.
Posted by brianoz, 04-21-2009, 03:40 AM
Use keyscrambler and get your server audited by a security professional.
Posted by mwatkins, 04-21-2009, 04:12 AM
I've munged the URLs above. There are 294,000 hits in google for the search string based on the domain name which is returned when a user falls into the trap. Here's the top one, worth a quick read and further investigation. http://evilfingers.blogspot.com/2009...crimeware.html
Posted by biggies, 04-21-2009, 12:41 PM
i cannot post site address because of forum limit. I got the same problem. check the following url http lip-service.joygoround.com/?p=129 check ur pc ftp client which upload website. it may infect with virus
Posted by UNIXy, 04-21-2009, 01:00 PM
I recently recovered a customer's files. The root cause was a weak FTP password, which allowed the attacker to upload/replace/inject index files. Search in google for the quoted string: "get rid of those injected iframes" The first result will show you how to clean it up. Best

Was this answer helpful?

 Print this Article

Also Read

how to partion drive

Posted by kmwrestle, 03-27-2008, 11:54 PMim assembling my server now....waiting on the 90degree...

Urgent problem: too much traffic, how to stop it?

Posted by fgalli, 05-04-2007, 09:33 AMHi, i've a vps with iptables, but i've too much traffic...

Masking the server's hostname

Posted by billybatson, 09-02-2002, 08:11 PMHi, I'm a reseller about to resell a reseller's...

Image storage

Posted by Skeptical, 01-27-2011, 03:07 AMSuppose a website is running on 3 web servers, and there...

dos attacks on apache2 (win2003)

Posted by Vult-r, 05-05-2007, 04:03 PMIm running a windows 2003 web edition server with apache...