Jump to content

Recommended Posts

Hi.

 

Just got a job where I am maintaining a couple of web servers. First off, I have very limited experience with this so please bear with me. Also if I am posting this in a wrong forum please point me in the right direction.

 

Most likely one of our website servers have been hacked. 5 seconds after getting to the page www.mywebsite.com it gets redirected to http://www.mywebsite.com/viagra-usa.blogspot.com. I looked at the source for the page with my browser and found this line:

 

<Meta Http-equiv="Refresh" Content="5;URL=viagra-usa.blogspot.com">

 

This seems to be what's causing the problem. I then ssh into the machine that's running the server, but what I can't figure out is how do I find the file that contains this line?

In /etc/httpd/conf I found the link to the root directory of the website www.mywebsite.com, in the folder is index.php and all other files for the site so I'm guessing I'm in the right place.

 

Tried a half assed attempt at a linux search string which ended up looking something like this:

 

find . -type f | xags cat | grep viagra

 

I think that should print a line containing viagra if it finds one, no lines gets grepped though.

 

So my question is:

Where do I find the source file that comes up when you hit "View Source" in a browser.

 

The answer to this question probably depends on what webserver is used and the layout of this. I'm not sure of this, so I would be gratefull if anyone could tell me how I should go about finding this out, or point me to a good resource for getting info on/troubleshooting web servers.

Or maybe someone could tell me how they would go about figuring this out?

 

If I'm being vague about something or missing some needed info please let me know.

Thanks for any reply.

If its the index page of your site (eg; accessible via http://yoursite.com) then it is likely your index.php file.

 

A better search method however would be to grep all the files in that directory.

 

From within your document root....

 

grep -nor viagra

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.