I keep going to my website and seeing somone is getting into the index.php file and adding this in the bottom of the code When going to the site it brings up a trojan on my antivirus programme. Is there any way to stop this person from adding it back as i keep overrighting the index.php file but he keeps adding it back the next few days. Any help would be grand.
Since you said over a few days I will assume it is not your temp files that need deleting. Change your control panel and ftp passwords. Make them difficult. Block the IP number of the site that is being framed. Check your logs and see if you can spot the person who is changing your files. Block that IP number also if you can find it. Mention this to your host in case it is another system user.
Thank you for your reply i have now changed my password again , and have contacted my host. Rep added.
By the way can you tell me your hosting company if possible , I have some sites under my control and three of them hosted on the same host (different packages) had trojan the same day. The hosting company is a big one and says it was not their fault but if it was my fault my other sites had to be infected, too.
zangief I had a problem last week for the first time ever. If your host's name starts with the letter A, PM me and I will exchange info with you. Since this can happen anywhere anytime I don't want to bash some one in public.
Yes same here we exchanged pms with Skull , we were on different hosts and my host name begins with m , thanks. After this trojan I started to use kaspersky antivirus cause I was warned by someone using that antivirus.Most of the antivirus programs could not catch it. Some of these trojans spread on your disk, always have a zipped version of your backups cause they can not get in them.
change your account user/password. They going keep bruteforcing to your account. If this is affecting server wide, the server probably got hacked. move away fast.
Until you figure it out, chmod (change permissions) of files and directories to prevent writing. If you have any open source apps, look to see if there are any security upgrades.
That is excellent advice, I think blocking their ip addresses and even go a step further and called their ISP and tell them that they are spamming your website with a trojan.
I have an hosting account at OXEO.com and I have trojan problems on all my websites The index files of all my websites show a Trojan program called Trojan-Downloader.JS.Psyme.hz I checked my websites on Google and Google is warning users for this kind of problems for one of my websites Does anybody here has experienced the same problem ? (no problem with my other sites hosted at DREAMHOST or elsewhere)
Most likely a link has been loaded in iframe. This link is calling the trogan from another source. If you follow the advice I posted above and then edit your pages to remove the malicious content that usually hides between the <iframe> and </iframe> tags it should solve the problem. If they have managed to load it onto your site, the viurs scanner in cPanel might catch it.
As Colbyt said its mostly in your index.php or index.htm , html between the <iframe> tags at the very bottom, its not that hard to get rid of but it can be a pain in the arse as there add it back in there more aless every day , best thing you can do is tell your host about it so they can monitor it and when they find the Ip they will take action like they did when i had it. After you are 95% that your host has taken care of it , contact google to get your site in review process by clicking here and adding your site in the cleaning house http://www.stopbadware.org/home/clearinghouse it will take about a week , but all my sites are now taken of the blocker. Good luck and hope this helps you.
Please check your datebases,my site was put some script like this,i deleted the script in my homepage,but it was kept showing up,i checked the datebases,found & deleted the script.Later i changed the name of datebases & the password of my user CP/ftp. You can take a try,just a personal opinion.Good luck.
Hi thanks for the update its a very old thread now , i fixed the issue a bot ago , somone added it in the index.php file , i just replaced teh index.php file with a new one and changed some permissions and its been fixed for a long time now.