Hi , since last 10 days i am finding unknown code on my site index page is like below <iframe src="Http // : mixgrouptravel . cn: 8080/ index.php" width=148 height=152 style="visibility: hidden"></iframe> i daily found this coding when i open my site after beginning of body tag and some genuine code found missed before ending of body text . I have removed manually that code from my index page many time and also checked in internal pages although i found a unknown file in my image folder {thumbs.db} .I have also deleted this file and when i all clear with unknown coding and files from my all pages when i re upload my whole site ,next day i find same coding in my index page .I am tired now .I have changed my password many time but still not out of problem ? can anybody help me to solve this problem .
This is a iframe, which most likely infects your web visitors or redirects them to further malicious code. The iframe is most likely being injected into your site via a vulnerable php file, and/or multiple files with incorrect permissions. you need to patch the security holes before cleaning files, otherwise your security will continue to be breached.
As has been mentioned, you are likely suffering from some sort of security hole that is enabling the attackers (most likely some automated system) to inject this code into your site. Here are a few things you can do to hopefully prevent this in the future: Make sure all of your software is up to date and patched If you are using a database, ensure that they haven't inserted through an SQL injection, any of this content Verify the permissions on all of your files and directories It's unlikely, but verify that your local system (Your home PC) hasn't been affected. I came across this once on a friends machine, where they had malware affecting their FTP uploads If you are using a dynamic system, it is possible that they pulled an SQL Injection on your site and have injected the IFRAME into your main page's content. If you remove all the files, then reupload them without cleaning the database then the content will be there - no matter how many times you reupload the files. This would be my guess and would be my first place to look. If you have PHPMyAdmin installed you may consider using the search feature to find %mixgrouptravel% on the appropriate database. Hope that helps Feel free to contact me if you have any questions.
CAN you explain the steps and some code ? that can be used to clean PHPMyAdmin databases. step by step - cut and paste into search or search and replace ???? HOW TO FIX or resolve, HOW to test ??? CODE to search for that HACKER user to exploit databases? then I can search to determine if my database was hacked ? is this the way to go about it ?