Hi, Because some permissions were not set correctly, a few of my sites are affected by an iFrame attack (all my index.php files and javascript files received some extra code on it) I need someone to make a shell script to detect this piece of code and remove it all in once + secure the permissions/script so these things do not happen again Plz pm me your quote Grtz
Take a look at these links: http://stackoverflow.com/questions/1414861/bash-script-to-remove-iframe-virus http://linuxsysadminblog.com/2009/03/heurtrojanscriptiframe/
Are you sure the permissions weren't set correctly? Or were they changed by the hackers? Quite often when we see index files and javascript files infected it's usually the result of a stolen FTP password. The password is stolen by a virus on a PC that has been used to FTP files to the infected website. The virus looks for the plain text files that many free FTP programs store their saved credentials in, reads the file and sends the contents to a server which then infects all the websites it has legitimate access to. For instance, if FileZilla is used on a Windows XP PC, look in: C:\Documents and Settings\(logged in user)\Application Data\FileZilla\sitemanager.xml In there you'll see in plain text, the site, username and password. Many other free FTP programs store their saved credentials the same way. The virus can also "sniff" the outgoing FTP traffic and since FTP transmits all data, including username and password, in plain text, it's easy for the virus to see and steal the username and password this way as well. I have a YouTube video showing this: http://www.youtube.com/watch?v=oYI1kssrrbc I would hate to see you clean your site, only to be re-infected again and again, thinking it was incorrect permissions. The hackers also have been very active in placing various backdoor shell scripts on websites when they infect them. This gives them remote access to the website without needing FTP passwords. First, change all FTP passwords. Second, do a virus scan on all PCs that have FTP access to your website. Don't give anyone the FTP passwords until you find out which PC is infected and it's been cleaned. Third, see if your hosting provider supports SFTP or FTPS. These two protocols encrypt their traffic so it's not so easy to sniff. Fourth, you might want to consider using a different FTP program. I recommend WS_FTP by Ipswitch because they encrypt the password when it's saved. Fifith, you might to also consider changing anti-virus programs. I recommend Avast! because they really seem to keep up to date on the website infections and other viruses. If you have further questions, please post back here.
Well, Mine Got HAcked. And they are using some Shell scripts, which i saw at once, and it allows to download Databases, and Files and all without any passwords I added my hacker to my messengers and spoke with him, and just Unchecked Allow Anonymous FTP and said the hacker to Fuck my site again. Well, He Just Pissed Off.. Thats it. Dont allow Anonymous FTP.
Thanks for the tips Wewatch, however I don't have time for all those things. I would pay you or someone else to do those steps, check each domain and clean up the mess.