Got hacked or got a virus

Posted by azn_romeo_4u, 04-20-2009, 09:30 PM
This code shows up on all my pages with an index.php extension. Is this a hack or or is this a virus?
Posted by AstroNyu, 04-20-2009, 09:34 PM
Could be someone found a way to get into your server. Is the code on all php files?
Posted by Mark_W, 04-20-2009, 09:38 PM
As far as i can tell its a hack that opens up a couple pdf files at least that's what popped up when i went to it. Mark W...
Posted by azn_romeo_4u, 04-20-2009, 09:45 PM
It seems to be php file only...anything that has index.php in any folder gets that at the bottom of the page. I just updated all my passwords though...making a full backup. I did a google on the thing but only came up with 2 results, not in the english langague When I view the source of the url, it goes to another site and then gets this code Anyway to block the offending websites from my server? Last edited by azn_romeo_4u; 04-20-2009 at 09:54 PM.
Posted by hiabhilash, 04-21-2009, 01:22 AM
mod_Security 2.5 will help you there, a lot. Latest version is doing magics. If I may, here is a lame advice - most prolly blocking chinese IP address can help 10%. Not needed from the server, but from your site. Scan your desktop in which you or your webmaster operates your FTP using http://www.malwarebytes.org/mbam.php or any other malware scanners. I heard Kaspersky was effective too.
Posted by brianoz, 04-21-2009, 03:40 AM
Use keyscrambler and get your server audited by a security professional.
Posted by mwatkins, 04-21-2009, 04:12 AM
I've munged the URLs above. There are 294,000 hits in google for the search string based on the domain name which is returned when a user falls into the trap. Here's the top one, worth a quick read and further investigation. http://evilfingers.blogspot.com/2009...crimeware.html
Posted by biggies, 04-21-2009, 12:41 PM
i cannot post site address because of forum limit. I got the same problem. check the following url http lip-service.joygoround.com/?p=129 check ur pc ftp client which upload website. it may infect with virus
Posted by UNIXy, 04-21-2009, 01:00 PM
I recently recovered a customer's files. The root cause was a weak FTP password, which allowed the attacker to upload/replace/inject index files. Search in google for the quoted string: "get rid of those injected iframes" The first result will show you how to clean it up. Best

Was this answer helpful?

 Print this Article

Also Read

How turn off allow_url_fopen and short_open_tag in PHP4/5 - module CGI

Posted by KamilPRO, 07-15-2007, 04:14 PMHow turn off allow_url_fopen and short_open_tag in PHP4/5...

Possible hard drive failure

Posted by howsthat, 01-12-2008, 01:49 PMI am getting this error on my mail from cpanel...

Php as CGI or not.

Posted by Vinayak_Sharma, 01-13-2008, 08:37 AMOk I am configuring a fresh/new WHM/cPanel server...

Transparent Reselling . . . ?

Posted by Piano, 08-23-2002, 01:53 PMHow much annoniminity can a reseller have? And what things...

(C++)Displaying a char array in a CLI form

Posted by Die4Ever, 01-11-2008, 05:15 PMIt's my first time using Windows Forms, and I'm trying to...