Jump to content

HACKED** MY SITE REDIRECTS TO THE CHURCH OF SATAN... I NEED TO FIX ASAP!!


moneymic313

Recommended Posts

I searched thru every folder and I did find a file called r57.php and when I copied it down to examine it my pc removed a virus called the PHP.RSTBackdoor.

Here is Symantec's description of the threat..
"Opens a back door that allows the attacker to have unauthorized remote access to the compromised computer"

but I still havent found the file that is redirecting them back to that damn site...
Link to comment
Share on other sites

A few more ideas:

First change all of your passwords (mentioned by Daniel0).

If you're connecting from the local coffee house, anyone there has the ability to see your login and password. Check with your host and see if they permit SFTP and how to configure it. If they don't permit it, you might want to switch hosts.

If you're on a shared hosting solution, you can also ask your ISP to switch your server.

[b]and whatever you do, DON'T post the contents of that file here. the last thing we want is to train someone else how to install a root kit.[/b]
Link to comment
Share on other sites

[quote author=michaellunsford link=topic=110382.msg446110#msg446110 date=1159893651]
Now the more powerful part of the question, how to prevent this from happening again?

I have been very fortunate to not have had this problem yet, but it lurks ominously in the shadows as a very real possibility. The problem is compounded by the fact that no one wants to publicly post how to test your website because some idiot will inevitably use the information to break someone else's. So, the question persists: how do you ensure your website is relatively hacker resistant?
[/quote]

[url=http://www.developerfusion.co.uk]Developer Fusion[/url] has several nice articles on security..

I don't think that this was your problem but here is an article on [url=http://www.developerfusion.co.uk/show/4656/]Sql Insertion[/url]

Good Luck,
Tom
Link to comment
Share on other sites

Yes but it is not physically there anymore.. I have looked 10 times thinking I am over looking it but it is not there...

There is no dhh.swf file viewable in the images/mainpage/  hmm..

I have already removed it once but the first time I saw it plain as day.. Now it is not visible..


I would never post the contents.. but do you think the backdoor file might have been how they were getting in???

I intend to change all passwords...
Link to comment
Share on other sites

I just found it... It was hidden as a protected operating system file..

So I have deleted the back door php file from the server.. deleted the dhh.swf file from the server and I am going to change my passwords right now..

I guess we can see if this all works.. If not there has got to be some sore of script recreating this file...

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.