Infected by code in index.php / index.html

DerFalk · Unread post by **DerFalk** » Thu Dec 23, 2010 6:33 pm

Today my Sites were hacked

the infected all index.php / index.htm / index.html files with this crap:

Same as here: http://pastebin.com/E2NqcC0w

Someone seen this or can help what app this can cause?
Joomla? WP? proftp?

Unread post by **mikeshinn** » Thu Dec 23, 2010 6:49 pm

Generally what you describe occurs via a compromised users password, which the badguys then use to upload the appended code via either FTP or SSH (usually FTP) via that stolen password. You may want to read this article:

https://www.atomicorp.com/wiki/index.ph ... ystem:_FTP

Appended code to index files is always an upload attack using a stolen password.

DerFalk · Unread post by **DerFalk** » Thu Dec 23, 2010 7:00 pm

Ok, after restore a backup, i will change all my passwords...

Unread post by **mikeshinn** » Thu Dec 23, 2010 8:02 pm

Check your desktops for malware too, if they stole your password 99.99999% of the time it from your desktop/laptop/etc. via a trojan. Also, if you use any tools that save your passwords make sure you dont save them anymore unless you rebuild your desktops from known trusted sources (and even then, dont save your passwords).

Atomicorp

Infected by code in index.php / index.html

Infected by code in index.php / index.html

Re: Infected by code in index.php / index.html

Re: Infected by code in index.php / index.html

Re: Infected by code in index.php / index.html