Hello!My website siteretriever.com keeps showing in it's source code scripts like this: script src="http://koft66ende.rr.nu/nl.php?p=d" at the bottom of the page. The domain name (koft66ende) changes but the rest is the same.I've looked into the index.php, other php files, into all the template files and I can't find this bit if injected code. I'm using CrawlTrack to try to prevent such code injections but it doesn't seem to be working. I've even deleted intirely the website and installed it again using a different script (from Astanda to phpLD!) and the problem remains.A curious thing: at work (using Windows NT and IE) the malicious code shows up in the source code. At home: (using Ubuntu and Firefox) the malicious code doesn't show up in the source code...When I use an online malware site scanner, it identifies the code as beeing malicious java.I have no idea about how to remove this code and protect my site.Any ideias (that don't require payment)?
Hacked server? Ask your host? Check for script vulnerabilities? When we get people switching over to us we typically do fresh/clean installs and clean out even databases and change passwords. You may also wish to look at access_logs for ideas.
Thanks for everyone that gave some feedback. I followed these steps http://devilsworkshop.org/tutorial/...e-grep-sed-commands-files-linux-server/55587/ and got my site clean! It turns out there was a little php file that was infecting every site of mine (addon domains in subdomains of the same account). After using SSH to run the commands indicated in the tutorial, I changed my FTP password, increased the level of security of the folder world permissions and I'm currently running CloudFlare, CrawlProtect, CrawlTrack, Website Defender and Stop The Hacker! Hope it stays clean!!
We can advise you to perform the following steps in order to protect all your files & whole server from further attacks : - check your local computer for Trojan/Viruses - and install reliable AntiVirus to your computer in case it wasn't installed . Your computer could be infected by some malicious software that use your cached passwords in order to attack scripts/accounts in the internet; - check up all your sites, erase and update weak passwords to more strong ; - you can use online scanners also . The following ones can be used : http://www.windowsecurity.com/trojanscan/ http://www.bitdefender.com/scanner/online/free.html http://www.kaspersky.com/virusscanner http://home.mcafee.com/Downloads/FreeScan.aspx http://www.virustotal.com/ http://security.symantec.com/sscv6/WelcomePage.asp http://www.eset.com/onlinescan/run_scanner.php We would like to pay your attention to such attacks in future and take the necessary actions from your side. We would like to advise you to check up all your sites, update forums, all installed scripts from time to time. Additionally, we kindly ask you to make your own backups for security reasons, along with our server backups. Do not keep same passwords for too long, change them at least once in a month.
hi anyone hack my d.p account next time when i am open my account it ban by d.p moderators what can i do... this is my 3rd acount...