Hi all, Recently two of my blogs were attacked by an internet worm, I already removed the bad code from them.Now, I am trying to find out how is possible this worm updated directly the PHP files adding a javascript code just below the BODY tag, it also attacked some HTML files, this means it looks for HTML code to embed it self, the most obvious reason makes believe an attack to the web server however the web hosting company denial that possibility and blame my scripts as insecure. My scripts are not insecure, I approve every comment and I am not use global variables on the application. What could be? If you have seen this javascript code that has this "vybn15" function as main operation please let me know I am very curious how such malware was uploaded to my files in the web server. Best Regards.
There are multiple things that could have happened here. Most likely it was some SQL injection performed on your site, or a remote file upload that was able to modify the page. My money is on the SQL injection - it seems to be very popular these days, and if I am not mistaken besides cross site scripting is the most widely used attack against websites according the SANS. I would make sure all of your software is up to date and that no one injected data into your database
Permissions, insecure php scripts/script plugins etc. lack of server side security ( mod_security etc )
In case you are still interested. My mates sites got hacked! After plenty of research I came to the conclusion that keloggers had stolen his passwords for his websites admin services. Now the damage may have been caused by any of the above. I'm no programmer. But I'm 95% certain that they need access to admin to edit any html or other code. I have a free program called keyscrambler installed for my firefox browser. It scrambles the keyboard presses as you type, so if you have a keylogger they will not be able steel your personal information as you type. There is a paid version which does a lot more but I haven't used it yet. But I have also learn't there are such things as windows clipboard loggers that read whats on your clipboard when you copy and paste. Plus there is something called a screen logger which takes a print screen of your desktop. Zemana Antilogger software is supposed to be good for stopping this. Just it isn't compatible with 64 bit Windows!! So I am still looking for software similar, but 64 bit compatible if anyone has any suggestions?
In case you are still interested. My mates sites got hacked! After plenty of research I came to the conclusion that keloggers had stolen his passwords for his websites admin services. Now the damage may have been caused by any of the above. I'm no programmer. But I'm 95% certain that they need access to admin to edit any html or other code. I have a free program called keyscrambler installed for my firefox browser. It scrambles the keyboard presses as you type, so if you have a keylogger they will not be able steel your personal information as you type. There is a paid version which does a lot more but I haven't used it yet. But I have also learn't there are such things as windows clipboard loggers that reads whats on your clipboard when you copy and paste. Plus there is something called a screen logger which takes a print screen of your desktop. Zemana Antilogger software is supposed to be good for stopping this. Just it isn't compatible with 64 bit Windows!! So I am still looking for software similar, but 64 bit compatible if anyone has any suggestions?
don't know about hackers. However, maby a spyware recorded your login. Your host does not want to help.