Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy. This forum is not for asking programming related questions.
I haven't run across this problem before, but seemingly randomly, something keeps modifying my index.php file. Whatever is doing it removes my onload event from the body tag (this is what clued me into a change being made) and then it appends a javascript at the bottom of the page.
I understand that this is likely malicious, but what is modifying my page? The entire site is PHP and there is only 1 user entry form to send us an email. The rest of my code appears intact. Should I be going through all my code with a fine tooth comb or would you suspect a problem on my web hosts end? There are no public folders and this site has been online for almost 4 years with no problems until now. It also appears its ONLY the index.php file being changed, the rest of the site seems untouched.
Last edited by flying_circus on Mon Jul 06, 2009 6:42 pm, edited 1 time in total.
I've seen stat tracking code appended before on other sites, but I'm weary of this one.
I've created a simple php template for the site, so basically it includes a PHP header and footer, and menu system. It also links to my css file, and a jscript file as well.
I had something similar to this happen to two of my websites (both on Network Solutions). Despite removing the injected code repeatedly, it would always recur (except with different code each time). Changing FTP passwords didn't help.
Finally I went through every file and folder on the server and discovered some scripts that I had not placed there. I recall that they were placed deep within "images" folders. After I deleted them, the problems ceased.
So I would search your own directories for malicious scripts.
Until I found this, I kept a backup of each page that had been hacked. Every time the page was loaded, it compared it to the backup -- if there was any difference, it restored the backup, made a new backup, and emailed me. It worked, but obviously was just a bandaid.