Hi my fellow webmasters and admins Not a while ago, all our sites that are located on 1and1 hosting provider's servers were hacked. All index.php and index.html files had an iframe include inside them, which was downloading a virus and installing it on user's PCs. Now the same continues, yesterday at 23:36 all index.php files were changed and now they have the following right after the body tag Can someone please explain how can this happen and whether this is the problem of the hosting company or no. I am thinking that this is the problem of the hosting company as all 3 hostings we have, which are different servers at 1and1 are hacked. Let me know whether you need any more info. 1and1 refuses that their servers were hacked
A bit difficult to say, unfortunately. The majority of hacking and defacing like this is due to users running insecure scripts or easy to guess passwords.
well, our passwords differ on 3 of the hostings. there is no similar script on each of them. Today I found out that the 4th one was also hacked. The 4th one is a windows server !!!!!! HTMLs were changed all at the same time and automatically. THis one doesn't hurt yet, just opens a page in the background Now I am confused, what to do. Remove my hosting to another server or what .....
Two things for you to check ... permissions on files & directories on your hosting accounts and the security of any php you are running this is a good article >> http://www.ilovejackdaniels.com/php/writing-secure-php/ If all that checks out then email 1and1 support and ask them to investigate - they may be slow but they will find any problems.