mrproper Posted June 23, 2008 Share Posted June 23, 2008 Hi. Just got a job where I am maintaining a couple of web servers. First off, I have very limited experience with this so please bear with me. Also if I am posting this in a wrong forum please point me in the right direction. Most likely one of our website servers have been hacked. 5 seconds after getting to the page www.mywebsite.com it gets redirected to http://www.mywebsite.com/viagra-usa.blogspot.com. I looked at the source for the page with my browser and found this line: <Meta Http-equiv="Refresh" Content="5;URL=viagra-usa.blogspot.com"> This seems to be what's causing the problem. I then ssh into the machine that's running the server, but what I can't figure out is how do I find the file that contains this line? In /etc/httpd/conf I found the link to the root directory of the website www.mywebsite.com, in the folder is index.php and all other files for the site so I'm guessing I'm in the right place. Tried a half assed attempt at a linux search string which ended up looking something like this: find . -type f | xags cat | grep viagra I think that should print a line containing viagra if it finds one, no lines gets grepped though. So my question is: Where do I find the source file that comes up when you hit "View Source" in a browser. The answer to this question probably depends on what webserver is used and the layout of this. I'm not sure of this, so I would be gratefull if anyone could tell me how I should go about finding this out, or point me to a good resource for getting info on/troubleshooting web servers. Or maybe someone could tell me how they would go about figuring this out? If I'm being vague about something or missing some needed info please let me know. Thanks for any reply. Quote Link to comment Share on other sites More sharing options...
trq Posted June 23, 2008 Share Posted June 23, 2008 If its the index page of your site (eg; accessible via http://yoursite.com) then it is likely your index.php file. A better search method however would be to grep all the files in that directory. From within your document root.... grep -nor viagra Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.