I just checked one of my sites and it would not load, got hung up and stayed there for ages. Could not use task manager to shut the page down. Had to finally shut down computer to get rid of the page not loading. Once I was back up, went to my cpanel and into my index page. Someone had added a script between <header></header> code plus the same script after the </body> and before the </html> codes. How can someone add a script like this? What should I do to prevent this in the future?
If you have a server-side program running, there may be a flaw there; they may have discovered your password for FTP access; they may have cracked the server itself.
What is a server side program. Yeah, change user and password for the site. If they hacked into the server, they have not touched any of my other sites. Thank you.
Ok Listen, are you using a dynamic webpage ?? One which imports data from your database ?? Then I guess you are a victim of an sql injection ... Can you please quote the malicious code here ?? I'd like to see it if you don't mind! Abhishek
No database on this site. Pure static web pages. Can't send the script as I deleted it upon finding it. If it shows up again, will copy and paste it here for you. Thank you.
Just for safety, I would immediately change the FTP user and passwords for the site. Also, if you have access to logs look in your transfer and access logs and see if there is anything in there that may explain it.
Log in password, etc. Can't see the logs...simply because I had never activated that part! Now it is active...so if it happens in the future, I can hunt them down and stick a hot poker up the butts.