Portal Home > Knowledgebase > Articles Database > How to fix this exploit?


How to fix this exploit?




Posted by sitefever, 01-03-2010, 12:27 AM
Every time have some lines injected to my index : see last lines how can i fix that? already try to add some fix but don't work any ideia? tks for any help Html of index with injected codes: PHP of my index with removed injected codes : Last edited by sitefever; 01-03-2010 at 12:30 AM.

Posted by Vinayak_Sharma, 01-03-2010, 03:56 AM
Your FTP password has been compromised. Change the FTP password ASAP, clean all the computers that you use to use FTP. If it's a cPanel server and if the server is yours (you have root access), use this http://forums.cpanel.net/f185/soluti...ds-127013.html

Posted by sitefever, 01-03-2010, 07:54 AM
O.O but have any php script to fix this injection ?

Posted by Vinayak_Sharma, 01-03-2010, 08:03 AM
As far as I know, if some one has access to FTP nothing can stop it, but you can right a script to run checks periodically and remove that string from the index or infected file.

Posted by tickedon, 01-03-2010, 09:28 AM
You need to fix the cause of the problem, not the effects. You are either being hosted on an insecure server or running an insecure server. You either need to fix the cause of the problem or hire someone to fix it for you

Posted by TomNet, 01-03-2010, 09:55 AM
Looks like there is a virus or something running on your server. You need to find the exploit and then remove the code from your pages like tickedon suggested.

Posted by sitefever, 01-03-2010, 10:59 AM
this site hosted at hostgator =O i will contact hostgator . tks for replys.

Posted by TomNet, 01-03-2010, 11:48 AM
You should also change all of your passwords and check scripts for injection points that could cause them to be compromised.

Posted by Dr:linux, 01-13-2010, 05:06 AM
Some files are infected and you need to run a script to sort out the infected. This can be done by writing a PHP script that connects through FTP. It searches through every files and every directory for all php files. When it points out a PHP file in FTP it downloads and analyze for any infected files. Now we can manually check and delete the unwanted files. >> Since FTP connections are not so reliable and can break at any time, we need to include loops for the scripts such that it continues even after a failed attempt.

Posted by jordanriane, 01-13-2010, 06:19 AM
That won't make a difference if that's not in the source file itself (on the server.) What you see browser side isn't what you might see server side. There's always a chance that they were able to access the httpd.conf file to add in the following: It's best to contact HostGator (I think that's what I saw when he mentioned who his host was.) Although it doesn't hurt to check your access logs to see if someone had access to your FTP and manually added that IF the source exists in the serverside file.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
openvpn questions (Views: 268)
IPMI security (Views: 311)