Hacked
Asked Modified Viewed 7,691 times
asked
Hello there
I have a problem with my to PHP Fusion sites, both runing lastest version of 6.
Both sites gives you a trojan i you viset them, both sites are disabled at the moment by me.
I seems as the hacker puts in a script in all index.php - htm - html files and also in login.php.
I can't figure out how to show you script here without getting a warning about trojan.
Anyone for help plz
Thanks, VonB
I have a problem with my to PHP Fusion sites, both runing lastest version of 6.
Both sites gives you a trojan i you viset them, both sites are disabled at the moment by me.
I seems as the hacker puts in a script in all index.php - htm - html files and also in login.php.
I can't figure out how to show you script here without getting a warning about trojan.
Anyone for help plz
Thanks, VonB
answered
Are you able to post server logs from the time the hack happened?
answered
Yes i can, i think it happen yesterday afternoon.
Error_log
www.jselteknik.dk/php/error_log.zip
Access.log
www.jselteknik.dk/php/access.zip
Error_log
www.jselteknik.dk/php/error_log.zip
Access.log
www.jselteknik.dk/php/access.zip
answered
And what do you see on your web site? What is actually wrong?
answered
Edited by VonB on 20-01-2010 15:22,
answered
I'm not good at Danish, but I think your site tries to load an iframe with some dirty content in it. Any chance we could see the site? I'm just getting a HTTP 403 Forbidden here.
Which pages gives you this error, by the way?
Which pages gives you this error, by the way?
Edited by mpkossen on 20-01-2010 15:37,
answered
Boot sites up and running with trojan on
Site: www.jselteknik.dk and www.combatclan.dk
Page index.php and login.php are infected
Site: www.jselteknik.dk and www.combatclan.dk
Page index.php and login.php are infected
Edited by VonB on 20-01-2010 15:54,
answered
I think it's your computer that's causing issues. I'm not getting anything. Second link does have two iframe, perhaps that's making Avast suspicious. Other than that, I've no reason to think it's not a client-side issue, unless others experience the same issues.
answered
Perhaps you are right but i have this isue on 2 PC's, one with Avast and one with Eset both saying the same.
I have now manuel via ftp removed script string in index.php and login.php on jselteknik.dk and it seems ok right now.
I have now manuel via ftp removed script string in index.php and login.php on jselteknik.dk and it seems ok right now.
answered
Try replacing all files with those from the the full download package, see if that solves something. If not, it may still be an infusion or a server issue.
answered
Also - DO NOT use Internet Explorer, especially version 6.
It's VERY BIG door for trojans, viruses etc etc etc
It's VERY BIG door for trojans, viruses etc etc etc
answered
I've experienced this before. Avira detected trojan, Avast detected too. Kaspersky totally block my site. LOL. what i did is i upgrade my site to php fusion 7. poof! done.
answered
I think this may be related to a bug in your browser, as I have gotten no reports that this happens in a browser other than Internet Explorer.
answered
Hmmm maybe your right, i have had no probs with www.jselteknik.dk since i manuel removed script via ftp.
Wath i don't understand is that i got warned on pc one with avast, XP pro and old ver 6 IE and on pc 2 with Eset, win 7 pro 64 bit and IE 8.
Futher more i can't understand how files are ended up on my to sites, one hosted by one.com and second by scannet.dk.
When i'm on sites via ftp, totalcommander, then scripst was / are lying there in index.php ... on my 2 sites so someone must have put them there or am i completly wrong?
Wath i don't understand is that i got warned on pc one with avast, XP pro and old ver 6 IE and on pc 2 with Eset, win 7 pro 64 bit and IE 8.
Futher more i can't understand how files are ended up on my to sites, one hosted by one.com and second by scannet.dk.
When i'm on sites via ftp, totalcommander, then scripst was / are lying there in index.php ... on my 2 sites so someone must have put them there or am i completly wrong?
answered
"someone" might be a trojan/backdoor (from IE...)
geistschatten
- Junior Member, joined since
- Contributed 23 posts on the community forums.
- Started 9 threads in the forums
Note it says
If I had to guess I'd say it's a browser-hijack that's somehow either hidden in or related to an IFrame, have you tried your site in Firefox?
Windoze sucks, but that's besides the point. You use a lame browser therefore your browsing experience is going to be LAME
Quote
Malware navn: HTML:IFrame-BH
If I had to guess I'd say it's a browser-hijack that's somehow either hidden in or related to an IFrame, have you tried your site in Firefox?
Windoze sucks, but that's besides the point. You use a lame browser therefore your browsing experience is going to be LAME
answered
Well if you are not going to upgrade to the latest scripts what do you expect?
answered
Update:
one site closed for god, not in use anymore by CCDK.
Other site works fine and have done in a couple of weeks.
I uploaded new files, changed mysql, ftp and superadmin password and it seems as it has helped.
one site closed for god, not in use anymore by CCDK.
Other site works fine and have done in a couple of weeks.
I uploaded new files, changed mysql, ftp and superadmin password and it seems as it has helped.
Category Forum
Bugs and Errors - 6Labels
None yet
Statistics
- Views 0 views
- Posts 17 posts
- Votes 0 votes
- Topic users 6 members
0 participants
Notifications
Track thread
You are not receiving notifications from this thread.
Related Questions